A NOVEL MAN-IN-THE-MIDDLE INTRUSION DETECTION SCHEME FOR SWITCHED LANs

Z. Trabelsi∗ and K. Shuaib∗

References

  1. [1] CERT: http://www.cert.org.
  2. [2] LBNL’s Network Research Group, Arpwatch: Ethernet monitorprogram, http://www-nrg.ee.lbl.gov.242
  3. [3] Snort: http://www.snort.org/.
  4. [4] D. Bruschi, A. Ornaghi, & E. Rosti, S-ARP: A secure addressresolution protocol, Proc. 19th Annual Computer SecurityApplications Conf. (ACSAC 2003), Las Vegas, NV, USA,December 8–12, 2003, 66–74.
  5. [5] P. Omkant, O-ARP: A secure and fast address resolution pro-tocol, http://www.itbhu.ac.in/departments/comp/crypto/o-arp.pdf.
  6. [6] M.G. Gouda & C.-T. Huang, A secure address resolution pro-tocol, The International Journal of Computer and Telecom-munications Networking, Computer Networks, 41 (1), January2003, 57–71.
  7. [7] W. Lootah, W. Enck, & P. McDaniel, TARP: ticket-basedaddress resolution protocol, 21st Annual Computer SecurityApplications Conf. (ACSAC 2005), Tucson, Arizona, USA,December 5–9, 2005.
  8. [8] V. Goyal, R. Tripathy, C. Boyd, & J.M. Gonz´alez, An efficientsolution to the ARP cache poisoning problem, Lecture Notes inComputer Science, Australasian Conf. on Information Securityand Privacy (ACISP), No. 10, Vol. 3574, Brisbane, Australia,July 4–6, 2005.
  9. [9] J. Etienne, ARPSec, an ARP security extension, 2000 LinuxSymposium, Ottawa, Canada, July 19–22, 2000.
  10. [10] S. Kent & R. Atkinson, Security architecture for the internetprotocol, RFC 2401, November 1998.
  11. [11] R. Oppliger, R. Hauser, & D. Basin, SSL/TLS session-awareuser authentication – Or how to effectively thwart the man-in-the-middle, Computer Communications, 29(12), August 2006,2238–2246.
  12. [12] R.L. Rivest & A. Shamir, How to expose an eavesdropper,Communications of the ACM, 27 (4), 1984, 393–395.
  13. [13] S.M. Bellovin & M. Merritt, An attack on the InterlockProtocol when used for Authentication, IEEE Transactions onInformation Theory, 40 (1), January 1994, 273–275.
  14. [14] M. Jakobsson & S. Myers, Stealth attacks and delayed pass-word disclosure, 2005, .
  15. [15] B. Kaliski & M. Nystr¨om, Authentication: risk vs. readiness,challenges and solutions, Presentation held at the BITS Protect-ing the Core Forum, October 6, 2004, .
  16. [16] N. Asokan, V. Niemi, & K. Nyberg, Man-in-the-middle in tun-neled authentication protocols, 11th International Workshopon Security Protocols, Cambridge, UK, April 2–4, 2003, 15–24.
  17. [17] Anatomy of an ARP poisoning attack, http://www.watchguard.com/infocenter/editorial/135324.asp.
  18. [18] Cisco Systems, Catalyst 4500 Series Switch Cisco IOS SoftwareConfiguration Guide, http://www.cisco.com.
  19. [19] D.C. Plummer, An ethernet address resolution protocol-converting network protocol to 48 bit ethernet address fortransmission on ethernet hardware, RFC-826, November 1982.

Important Links:

Go Back