An Active Defense Solution for ARP Spoofing in OpenFlow Network

XIA Jing; CAI Zhiping; HU Gang; XU Ming

doi:10.1049/cje.2017.12.002

Volume 28 Issue 1

Turn off MathJax

Article Contents

Article Navigation > Chinese Journal of Electronics > 2019 > 28(1): 172-178

XIA Jing, CAI Zhiping, HU Gang, et al., “An Active Defense Solution for ARP Spoofing in OpenFlow Network,” Chinese Journal of Electronics, vol. 28, no. 1, pp. 172-178, 2019, doi: 10.1049/cje.2017.12.002

Citation:

XIA Jing, CAI Zhiping, HU Gang, et al., “An Active Defense Solution for ARP Spoofing in OpenFlow Network,” Chinese Journal of Electronics, vol. 28, no. 1, pp. 172-178, 2019, doi: 10.1049/cje.2017.12.002

Citation:

PDF( 1182 KB)

An Active Defense Solution for ARP Spoofing in OpenFlow Network

doi: 10.1049/cje.2017.12.002

XIA Jing¹,
CAI Zhiping^{1,2
,},
HU Gang¹,
XU Ming¹

1.
College of Computer, National University of Defense Technology, Changsha 410073, China;
2.
School of Computer and Software, Nanjing University of Information Science & Technology, Nanjing 210044, China

Funds: This work is supported by the National Natural Science Foundation of China(No.61379145, No.61379144, No.61501482).

More Information

Corresponding author: CAI Zhiping (corresponding author) received the B.S., M.S., and Ph.D. degrees in computer science from NUDT, China, in 1996, 2002, and 2005, respectively. Now, he is a professor of College of Computer, NUDT. His current research interests include network security and big data. He is a senior member of CCF. (Email:zpcai@nudt.edu.cn)
Received Date: 2017-03-27
Rev Recd Date: 2017-06-05
Publish Date: 2019-01-10

Abstract

Abstract

As an emerging network technology, Software-defined network (SDN), has been rapidly developing for recent years due to its advantage in network management and updating. There are still a lot of open problems while applying this novel technology in reality, especially for meeting security demands. The Address resolution protocol (ARP) spoofing, a representative network attack in traditional networks is investigated. We implement the ARP spoofing in SDN network firstly and find that the threat of ARP attack still exists and has big impact on the network. We propose a novel mechanism as defense solution for ARP spoofing oriented to OpenFlow platform. Theoretical analyzation is given, and the mechanism is implemented as a module of POX controller. Experiment results and performance evaluations show that our solution can reduce the security threat of ARP spoofing remarkably on OpenFlow platform and related SDN platforms.
- Software-defined network (SDN),
- Address resolution protocol (ARP) spoofing,
- OpenFlow

FullText(HTML)

References(17)

References

Y.A. Shu, "Heterogeneous networking architecture based on SDN", Chinese Journal of Electronics, Vol.26, No.1, pp.166-171, 2017.

N. McKeown, T. Anderson, H. Balakrishnan, etal., "OpenFlow:Enabling innovation in campus networks", ACM SIGCOMM Computer Communication Review, Vol.38, No.2, pp.69-74, 2008.

Z.-P. Cai, Z.-J. Wang, K. Zheng, etal., "A distributed TCAM coprocessor architecture for integrated longest prefix matching, policy filtering, and content filtering", IEEE Transaction on Computers, Vol.62, No.3, pp.417-427, 2013.

W. Wang, W. He and J. Su, "Network intrusion detection and prevention middlebox management in SDN", 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), Nanjing, China, pp.1-8, 2015.

Open Networking Foundation, "OpenFlow Switch Specification-Version 1.4.0", available at https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.4.0.pdf,2013-10-14.

Y. Bhaiji, "Network security technologies and solutions", CCIE professional development series, 2008.

I. Teterin. "Antidote". available at http://online.securityfocus.com/archive/1/299929,2002-11-14.

R. Philip, "Securing wireless networks from arp cache poisoning", available at http://www.cs.sjsu.edu/faculty/stamp/students/Roney298report.pdf,2007-05.

D. Bruschi, A. Ornaghi and E. Rosti, "S-arp:A secure address resolution protocol", Proc. of the IEEE 19th Annual Computer Security Applications Conference, Las Vegas, NV, USA, pp.66-74, 2003.

W. Lootah, W. Enck and P. McDaniel, "Tarp:Ticket-based address resolution protocol", Computer Networks, Vol.51, No.15, pp.4322-4337, 2007.

S. Y. Nam, D. Kim, J. Kim, et al., "Enhanced arp:Preventing arp poisoning-based man-in-the-middle attacks", IEEE Communications Letters, Vol.14, No.2, pp.187-189, 2010.

S. Y. Nam, S. Djuraev and M. Park, "Collaborative approach to mitigating ARP poisoning-based Man-in-the-Middle attacks", Computer Networks, Vol.57, No.18, pp.3866-3884, 2013.

D. Kreutz, F. Ramos, P. Esteves Verissimo, et al., "Softwaredefined networking:A comprehensive survey", Proceedings of the IEEE, Vol.103, No.1, pp.14-16, 2015.

A. Crenshaw. "Security and software defined networking:Practical possibilities and potential pitfalls", available at http://www.irongeek.com/i.php?page=security/security-andsoftware-defined-networking-sdn-openflow,2013.

J.H. Cox, R.J. Clark and H.L. Owen, "Leveraging SDN for ARP security", SoutheastCon 2016, Norfolk, VA, USA, pp.1-8, 2016.

A. Nehra, M. Tripathi and M.S. Gaur, "FICUR:Employing SDN programmability to secure ARP", 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), Las Vega, NV, USA, pp.1-8, 2017.

S. Whalen. "An introduction to arp spoofing", available at https://www.security-audit.com/files/intro to arp spoofing.pdf, 2001.

Relative Articles

Supplements(0)

Cited By

Proportional views