A low-cost embedded IDS to monitor and prevent Man-in-the-Middle attacks on wired LAN environments

Author

Belenguer, Jorge ; Calafate, Carlos T.

Author_Institution

Polytech. Univ. of Valencia, Valencia

fYear

2007

fDate

14-20 Oct. 2007

Firstpage

122

Lastpage

127

Abstract

A man-in-the-middle (MitM) attack is, in the scope of a LAN, a technique where an attacker is able to redirect all traffic between two hosts of that same LAN for packet sniffing or data manipulation, without the end hosts being aware of it. Usually these attacks exploit security flaws in the implementation of the ARP protocol at hosts. Up to now, detecting such attacks required setting up a machine with special-purpose software for this task. As an additional problem, few intrusion detection systems (IDS) are able to prevent MitM attacks. In this work we present a low-cost embedded IDS which, when plugged into a switch or hub, is able to detect and/or prevent MitM attacks automatically and efficiently. Since our system is limited to a micro-controller and a network interface, it can be produced at a very low cost, which is attractive for large scale production and deployment.

Keywords

local area networks; security of data; telecommunication security; ARP protocol; LAN environments; MitM attacks; intrusion detection systems; man-in-the-middle attacks; Costs; Data security; Intrusion detection; Large-scale systems; Local area networks; Monitoring; Network interfaces; Production systems; Protocols; Switches;

fLanguage

English

Publisher

ieee

Conference_Titel

Emerging Security Information, Systems, and Technologies, 2007. SecureWare 2007. The International Conference on

Conference_Location

Valencia

Print_ISBN

978-0-7695-2989-9

Type

conf

DOI

10.1109/SECUREWARE.2007.4385321

Filename

4385321