Architecture and Protocols for Secure LAN by Using a Software-Level Certificate and Cancellation of ARP Protocol

This research presents a design of "architecture and protocols" for the LAN security preventing the process of MAC Address spoofing, ARP Spoof and MITM. Each Network Card is designed to have a Certificate, a Private Key and a Public Key, all of which are issued by the product vendor. A certificate is in a form of software-data which may be available in the Card Network package, or can be downloaded from a vendor websites. A Certificate will certify MAC Address value. DHCP is re-designed to authenticate Network Cards before delivering IP Addresses. DHCP Server also assigned to be the "MAC-IP database center" which stores the data about matching between MAC Address and IP Address. When any Hosts want to request MAC Address value, (for interested IP Addresses) they must send "DHCP Request-MAC" to DHCP Server instead. Moreover, the designed system will not use ARP Protocol because the new DHCP (which co-works with Certificates) will cover all functions.