Improved Secure Address Resolution Protocol

In this paper, an improved secure address resolution protocol is presented where ARP spoofing attack is prevented. The proposed methodology is a centralised methodology for preventing ARP spoofing attack. In the proposed model there is a central server on a network or subnet which prevents ARP spoofing attack.

💡 Research Summary

The paper proposes a centralized approach to securing the Address Resolution Protocol (ARP) against spoofing attacks. Traditional ARP operates on a trust‑less basis; any host can broadcast an ARP reply, allowing an attacker to associate a false MAC address with a victim’s IP address. Existing mitigations—static ARP tables, port security, DHCP‑snooping, dynamic ARP inspection—reduce risk but suffer from management complexity, limited scalability, and sensitivity to topology changes.

To address these shortcomings, the authors introduce a “Secure ARP” architecture that places a single authoritative server within a subnet or entire network. This server maintains a real‑time database of all legitimate IP‑MAC bindings. Instead of sending broadcast ARP requests, each host runs a lightweight client agent that forwards ARP queries to the central server over a protected channel (e.g., TLS). The server authenticates the request, signs the current binding using either a symmetric HMAC or an asymmetric digital signature, and returns the signed mapping. The client verifies the signature before updating its ARP cache. Because the mapping is cryptographically bound to the server’s identity, any forged ARP reply injected by an attacker will fail verification and be discarded.

The design comprises three logical components: (1) the central server module, which includes the binding database, authentication/signature engine, and policy manager; (2) the client agent, responsible for intercepting local ARP operations and handling secure communication; and (3) the underlying network layer, which remains compatible with existing switches and routers, optionally using VLANs to isolate server traffic. The server also logs all binding changes, enabling real‑time detection of abnormal MAC address churn and integration with intrusion detection systems for automated response.

While the paper outlines the protocol flow, message formats, and high‑level security considerations, it lacks concrete implementation details. Critical aspects such as key distribution, token lifetime, replay protection, and server load‑balancing strategies are only superficially addressed. Performance evaluation is limited to a simulated environment that measures added latency and throughput reduction; no real‑world testbed results are presented. Consequently, the actual impact on latency-sensitive applications and the scalability of a single‑point‑of‑failure architecture remain uncertain.

The proposed system offers several advantages: (a) centralized policy enforcement ensures consistent binding information across the network; (b) cryptographic verification eliminates the need for manual static ARP entries; (c) comprehensive logging facilitates forensic analysis and proactive threat hunting. However, the central server introduces a potential single point of failure and becomes a bottleneck as the number of ARP queries grows. High‑availability designs—such as server clustering, active‑passive failover, or hierarchical regional servers—are necessary for production deployment, especially in large enterprise or data‑center environments. Moreover, the added processing overhead for each ARP transaction may increase round‑trip times, which could affect latency‑critical services.

In conclusion, the paper presents a conceptually sound framework for mitigating ARP spoofing by shifting trust to a dedicated, authenticated authority. To move from theory to practice, future work should focus on robust server redundancy, detailed key management protocols, performance benchmarking on real hardware, and extending the model to IPv6 Neighbor Discovery, where similar spoofing threats exist. By addressing these gaps, the centralized Secure ARP solution could become a viable complement to existing network hardening techniques.