After the ARP protocol was drafted, a subtle weakness in the protocol was discovered. In fact, ARP provides no means to establish the authenticity of the source of incoming ARP packets. That's why any host of a LAN network can forge an ARP message containing malicious information to poison the ARP caches of target hosts. This lack of authentication mechanisms has made ARP vulnerable to a raft of IP-based impersonation, Man-in-the-Middle (MiM) and DoS attacks. In this paper we discuss a security solution to solve the ARP vulnerabilities and authenticity issues. For that purpose, a novel secure extended ARP protocol is proposed. In addition, the LAN switch has been enhanced to assume the role of "Trusted Authority" and assure the hosts authentication while exchanging ARP messages.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	LBNL's Network Research Group, "Arpwatch: Ethernet Monitor Program", http://wwwnrg.ee.lbl.gov.pht.com/antisniff/.
	2	Snort: http://www.snort.org/.
	3	D. Bruschi , A. Ornaghi , E. Rosti, S-ARP: a Secure Address Resolution Protocol, Proceedings of the 19th Annual Computer Security Applications Conference, p.66, December 08-12, 2003
	4	Mohamed G. Gouda , Chin-Tser Huang, A secure address resolution protocol, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.41 n.1, p.57-71, 15 January 2003  [doi>10.1016/S1389-1286(02)00326-2]
	5	K. Seo, C. Lynn, and S. Kent. Public-Key Infrastructure for the Secure Border Gateway Protocol (S-BGP). In Proceedings of DARPA Information Survivability Conference and Exposition II. IEEE, June 2001.
	6	D. Song. dsniff: a collection of tools for network auditing and penetration testing. http://www.monkey.org/dugsong/dsniff, accessed May 2005.
	7	T. Demuth and A. Leitner. ARP spoofing and poisoning: Traffic tricks. Linux Magazine, 56:26--31, July 2005.
	8	C. Schluting. Configure your Catalyst for a more secure layer 2, Jan. 2005. <http://www.enterprisenetworkingplanet.com/netsecur/article.php/3462211>. (Last accessed April 17, 2006).
	9	Mahesh V. Tripunitara , Partha Dutta, A Middleware Approach to Asynchronous and Backward Compatible Detection and Prevention of ARP Cache Poisoning, Proceedings of the 15th Annual Computer Security Applications Conference, p.303, December 06-10, 1999
	10	D. C. Plummer, Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware, RFC Editor, 1982
	11	S. M. Bellovin, Security problems in the TCP/IP protocol suite, ACM SIGCOMM Computer Communication Review, v.19 n.2, p.32-48, April 1, 1989  [doi>10.1145/378444.378449]
	12	Steven M. Bellovin, A Look Back at "Security Problems in the TCP/IP Protocol Suite", Proceedings of the 20th Annual Computer Security Applications Conference, p.229-249, December 06-10, 2004  [doi>10.1109/CSAC.2004.3]
	13	M. Farahmand , A. Azarfar , A. Jafari , V. Zargari, A Multivariate Adaptive Method for Detecting ARP Anomaly in Local Area Networks, Proceedings of the International Conference on Systems and Networks Communication, p.53, October 29-November 03, 2006  [doi>10.1109/ICSNC.2006.5]