Collaborative approach to mitigating ARP poisoning-based Man-in-the-Middle attacks

Abstract

In this paper, we propose a new mechanism for counteracting ARP (Address Resolution Protocol) poisoning-based Man-in-the-Middle (MITM) attacks in a subnet, where wired and wireless nodes can coexist. The key idea is that even a new node can be protected from an ARP cache poisoning attack if the mapping between an IP and the corresponding MAC addresses is resolved through fair voting among neighbor nodes under the condition that the number of good nodes is larger than that of malicious nodes. Providing fairness in voting among the nodes that are heterogeneous in terms of the processing capability and access medium is quite a challenge. We attempt to achieve fairness in voting using the uniform transmission capability of Ethernet LAN cards and smaller medium access delays of Ethernet than for wireless LAN. Although there is another scheme that resolves the same issue based on voting, i.e. MR-ARP, the voting fairness is improved further by filtering the voting reply messages from the too-early responding nodes, and the voting-related key parameters are determined analytically considering the fairness in voting. This paper shows that fairness in voting can be achieved using the proposed approach, overcoming the limitations of other voting-based schemes, and ARP poisoning-based MITM attacks can be mitigated in a more generalized environment through experiments.