1999 Linux Symposium



ARPSec, an ARP security extension

ARP (rfc0826) is a widely deployed protocol used to get the MAC address corresponding to a given IP address. Nevertheless, ARP has known security flaws which could potentially allow an attacker on the LAN to hijack a connection for a man-in-the-middle attack or to redirect the packets toward a black-hole as a Denial of Service.

ARPSec is an ARP security extension which intend to solve theses weaknesses. ARP is old (1982) and many things rely on its current behavior. Keeping this in mind ARPSec stays as close to ARP as possible. It provides an anti-replay protection and an authentication using a secret key shared only by the source and the destination of the packet computed by an authenticated diffie-hellman exchange.

This paper presents ARP outlining its security flaws, the design choices involved in ARPSec and their motivations. How it has been implemented and how you can use it.

Jerome Etienne

As a student Jerome studied image recognition. Between courses he implemented a minimal TCP stack, half of a SQL engine, an othello game and worked on various AI projects.

Currently he is interested in TCP/IP networks and routing. With a strong interest in cryptography too he sometimes works on network security. On the Linux-ha project he contributes to ODR, an On-line Disk Replicator designed to have a block device shared between multiple nodes.

© 2000 Linux Symposium.  All Rights Reserved.