The increased adoption of the Internet Protocol (IP) in ICSs has made these systems vulnerable to the same security risks that are present in traditional IT environments. The legacy nature of ICSs and their unique operational requirements make them vulnerable to security threats that are different from those in IT environments. In this paper, we describe a protocol, named ArpON, which is able to wipe out in quasi real time any ARP cache poisoning attempt, thus making it ineffective. Contrarily to solutions presented in the literature for contrasting ARP cache poisoning, ArpON incurs in low operational costs, is backward compatible, transparent to the ARP protocol and does not use any HW feature nor cryptography functionality. We also model and validate ArpON in the OMNET network simulator. The simulation results show that ArpON is effective in avoiding ARP poisoning, and its communication overhead is negligible with respect to classical ARP protocol.
A.M.Abdel Salam, W.S.Elkilani and K.M.Amin, An automated approach for preventing ARP spoofing attack using static ARP entries, International Journal of Advanced Computer Science and Applications(IJACSA)5(1) (2014).
2.
A.M.AbdelSalam, A.B.El-Sisi and V.Reddy, Mitigating ARP spoofing attacks in software-defined networks, in: 2015 25th International Conference on Computer Theory and Applications (ICCTA), IEEE, 2015, pp. 126–131. doi:10.1109/ICCTA37466.2015.9513433.
3.
N.Ahuja, G.Singal, D.Mukhopadhyay and A.Nehra, Ascertain the efficient machine learning approach to detect different ARP attacks, Computers and Electrical Engineering99 (2022), 107757, https://www.sciencedirect.com/science/article/pii/S0045790622000647. doi:10.1016/j.compeleceng.2022.107757.
4.
T.Ainsworth, J.Brake, P.Gonzalez, D.Toma and A.F.Browne, A comprehensive survey of industry 4.0, IIoT and areas of implementation, in: Proc. SoutheastCon, 2021, pp. 1–6, https://ieeexplore.ieee.org/abstract/document/9401860. doi:10.1109/SoutheastCon45413.2021.9401860.
5.
M.M.Alani, Guide to OSI and TCP/IP Models, Springer, 2014. doi:10.1007/978-3-319-05152-9.
6.
P.Arote and K.V.Arya, Detection and prevention against ARP poisoning attack using modified ICMP and voting, in: 2015 International Conference on Computational Intelligence and Networks, IEEE, 2015, pp. 136–141. doi:10.1109/CINE.2015.34.
D.J.Atul, R.Kamalraj, G.Ramesh, K.Sakthidasan Sankaran, S.Sharma and S.Khasim, A machine learning based IoT for providing an intrusion detection system for security, Microprocessors and Microsystems82 (2021), 103741, https://www.sciencedirect.com/science/article/pii/S0141933120308863. doi:10.1016/j.micpro.2020.103741.
D.Bruschi, A.Di Pasquale, S.Ghilardi, A.Lanzi and E.Pagani, Formal verification of ARP (address resolution protocol) through SMT-based model checking-a case study, in: International Conference on Integrated Formal Methods, Springer, 2017, pp. 391–406. doi:10.1007/978-3-319-66845-1_26.
11.
D.Bruschi, A.Di Pasquale, S.Ghilardi, A.Lanzi and E.Pagani, A formal verification of ARPON – a tool for avoiding Man-in-the-Middle attacks in ethernet networks, IEEE Transactions on Dependable and Secure Computing (2022). doi:10.1109/TDSC.2021.3118448.
12.
D.Bruschi, A.Ornaghi and E.Rosti, S-ARP: A secure address resolution protocol, in: Computer Security Applications Conference, 2003. Proceedings. 19th Annual, IEEE, 2003, pp. 66–74. doi:10.1109/CSAC.2003.1254311.
13.
J.Chaudhary and S.Prasad, IoT in healthcare sector – a comprehensive analysis of threats and privacy issues, 2022. doi:10.1063/5.0110596.
P.Danielis, J.Skodzik, V.Altmann, E.B.Schweissguth, F.Golatowski, D.Timmermann and J.Schacht, Survey on real-time communication via ethernet in industrial automation environments, in: Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA), 2014, pp. 1–8. doi:10.1109/ETFA.2014.7005074.
18.
D.Deb, S.R.Chakraborty, M.Lagineni and K.Singh, Security analysis of MITM attack on SCADA network, in: Machine Learning, Image Processing, Network Security and Data Sciences, Springer, 2020, pp. 501–512. ISBN 978-981-15-6318-8.
19.
S.Djiev, Industrial network for communication and control (Ch. 5), Academia, last visited: 7 May 2022, https://www.academia.edu/8865431/Industrial_Networks.
20.
Emerson Electric Co., PACSystems RSTi-EP quick start guide, 2021, Last visited: 12 Sep., 2023, https://emerson-mas.my.site.com/communities/en_US/Documentation/PACSystems-RSTi-EP-EPSCPE115-CPU-Quick-Start-Guide-GFK-3039.
21.
L.Erdődi, P.Kaliyar, S.H.Houmb, A.Akbarzadeh and A.J.Waltoft-Olsen, Attacking power grid substations: An experiment demonstrating how to attack the SCADA protocol IEC 60870-5-104, in: Proc. 17th Int. Conf. Availability, Reliability and Security (AReS), ACM, 2022. ISBN 9781450396707. doi:10.1145/3538969.3544475.
22.
S.Fuchs, H.-P.Schmidt and S.Witte, Test and on-line monitoring of real-time ethernet with mixed pysical layer for industry 4.0, in: 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA), IEEE, 2016, pp. 1–4.
23.
A.Ghaleb, S.Zhioua and A.Almulhem, On PLC network security, International Journal of Critical Infrastructure Protection22 (2018), 62–69. doi:10.1016/j.ijcip.2018.05.004.
24.
S.Ghilardi and S.Ranise, MCMT: A model checker modulo theories, in: Proc. Int. Joint Conf. Automat. Reasoning, 2010, pp. 22–29. doi:10.1007/978-3-642-14203-1_3.
25.
T.Girdler and V.G.Vassilakis, Implementing an intrusion detection and prevention system using software-defined networking: Defending against ARP spoofing attacks and blacklisted MAC addresses, Computers and Electrical Engineering J.90 (2021).
26.
H.Y.Ibrahim, P.M.Ismael, A.A.Albabawat and A.B.Al-Khalil, A secure mechanism to prevent ARP spoofing and ARP broadcasting in SDN, in: 2020 International Conference on Computer Science and Software Engineering (CSASE), IEEE, 2020, pp. 13–19. doi:10.1109/CSASE48920.2020.9142092.
27.
J.Jasperneite, J.Imtiaz, M.Schumacher and K.Weber, A proposal for a generic real-time ethernet system, IEEE Transactions on Industrial Informatics5(2) (2009), 75–85. doi:10.1109/TII.2009.2017259.
28.
B.Kang, P.Maynard, K.McLaughlin, S.Sezer, F.Andrén, C.Seitl, F.Kupzog and T.Strasser, Investigating cyber-physical attacks against IEC 61850 photovoltaic inverter installations, in: 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA), IEEE, 2015, pp. 1–8.
29.
N.M.Karie, N.M.Sahri and P.Haskell-Dowland, IoT threat detection advances, challenges and future directions, in: 2020 Workshop on Emerging Technologies for Security in IoT (ETSecIoT), 2020, pp. 22–29. doi:10.1109/ETSecIoT50046.2020.00009.
30.
J.Kaur, Wired LAN and wireless LAN attack detection using signature based and machine learning tools, in: Networking Communication and Data Knowledge Engineering, Springer, Singapore, 2018, pp. 15–24. ISBN 978-981-10-4585-1. doi:10.1007/978-981-10-4585-1_2.
31.
R.Kaur, E.G.Singh and S.Khurana, A security approach to prevent ARP poisoning and defensive tools, International Journal of Computer and Communication System Engineering (IJCCSE)2(3) (2015), 431–437.
32.
A.Kharitonov and A.Zimmermann, WiP: Distributed intrusion detection system for TCP/IP-based connections in industrial environments using self-organizing maps, in: Applied Cryptography and Network Security Workshops, Springer International Publishing, 2021, pp. 231–251. ISBN 978-3-030-81645-2. doi:10.1007/978-3-030-81645-2_14.
33.
K.V.V.N.L.S.Kiran, R.N.K.Devisetty, N.P.Kalyan, K.Mukundini and R.Karthi, Building a intrusion detection system for IoT environment using machine learning techniques, Procedia Computer Science171 (2020), 2372–2379, https://www.sciencedirect.com/science/article/pii/S1877050920312497. doi:10.1016/j.procs.2020.04.257.
34.
D.Kushner, The real story of Stuxnet, IEEE Spectrum (2013), https://spectrum.ieee.org/the-real-story-of-stuxnet.
35.
Lawrence Berkeley National Laboratory, ARPWATCH: ARP spoofing detector, ftp://ftp.ee.lbl.gov/ARPwatch.tar.gz.
36.
D.Lee, H.Kim, K.Kim and P.D.Yoo, Simulated attack on dnp3 protocol in scada system, in: Proceedings of the 31th Symposium on Cryptography and Information Security, Kagoshima, Japan, 2014, pp. 21–24.
S.M.Morsy and D.Nashat, D-ARP: An efficient scheme to detect and prevent ARP spoofing, IEEE Access10 (2022), 49142–49153. doi:10.1109/ACCESS.2022.3172329.
39.
S.Y.Nam, S.Djuraev and M.Park, Collaborative approach to mitigating ARP poisoning-based man-in-the-middle attacks, Comput. Netw.57(18) (2013), 3866–3884. doi:10.1016/j.comnet.2013.09.011.
40.
H.Neminath, S.Biswas, S.Roopa, R.Ratti, S.Nandi, F.A.Barbhuiya, A.Sur and V.Ramachandran, A DES approach to intrusion detection system for ARP spoofing attacks, in: Proc. 18th Mediterranean Conference on Control and Automation, 2010, pp. 695–700. doi:10.1109/MED.2010.5547790.
41.
M.Niedermaier, M.Striegel, F.Sauer, D.Merli and G.Sigl, Efficient intrusion detection on low-performance industrial IoT edge node devices, 2019. doi:10.48550/ARXIV.1908.03964.
42.
OpenPLC, OpenPLC documentation, 2022, Last visited: 5 July 2022, https://openplcproject.com/docs/openplc-overview/.
43.
A.P.Ortega, X.E.Marcos, L.D.Chiang and C.L.Abad, Preventing ARP cache poisoning attacks: A proof of concept using OpenWrt, in: Network Operations and Management Symposium, 2009. LANOMS 2009. Latin American, IEEE, 2009, pp. 1–9.
44.
R.P.Parameswarath, C.Y.Eugene, N.V.Abhishek, T.J.Lim and B.Sikdar, Detecting selective forwarding using sentinels in clustered IoT networks, in: GLOBECOM 2020 – 2020 IEEE Global Communications Conference, 2020, pp. 1–6. doi:10.1109/GLOBECOM42002.2020.9322295.
45.
D.C.Plummer, Ethernet address resolution protocol: Or converting network protocol addresses to 48.bit ethernet address for transmission on ethernet hardware, RFC 826, RFC Editor, 1982, https://rfc-editor.org/rfc/rfc826.txt. doi:10.17487/rfc826.
46.
P.Radoglou-Grammatikis, I.Siniosoglou, T.Liatifis, A.Kourouniadis, K.Rompolos and P.Sarigiannidis, Implementation and detection of Modbus cyberattacks, in: 2020 9th International Conference on Modern Circuits and Systems Technologies (MOCAST), 2020, pp. 1–4. doi:10.1109/MOCAST49295.2020.9200287.
47.
G.Rajendran, R.S.Ragul Nivash, P.P.Parthy and S.Balamurugan, Modern security threats in the Internet of Things (IoT): Attacks and countermeasures, in: 2019 International Carnahan Conference on Security Technology (ICCST), 2019, pp. 1–6. doi:10.1109/CCST.2019.8888399.
48.
M.Rash, Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort, No Starch Press, 2007.
49.
N.R.Rodofile, K.Radke and E.Foo, Extending the cyber-attack landscape for SCADA-based critical infrastructure, International Journal of Critical Infrastructure Protection25 (2019), 14–35. doi:10.1016/j.ijcip.2019.01.002.
50.
C.Schluting, Configure your Catalyst for a more secure layer 2, 2005, Last accessed: Nov. 9, 2022, https://www.enterprisenetworkingplanet.com/security/configure-your-catalyst-for-a-more-secure-layer-2/.
51.
N.Sharma, M.Shamkuwar and P.Ramdasi, Digital dimensions of industry 4.0: Opportunities for autonomic computing and applications, in: Autonomic Computing in Cloud Resource Management in Industry 4.0, T.Choudhury, B.K.Dewangan, R.Tomar, B.K.Singh, T.T.Toe and N.G.Nhu, eds, Springer International Publishing, 2021, pp. 347–383. ISBN 978-3-030-71756-8. doi:10.1007/978-3-030-71756-8_19.
52.
P.K.Sharma and S.Tyagi, Improving security through software defined networking (SDN): An SDN based model, IJRTE8 (2019), 295–300. doi:10.35940/ijrte.D6814.118419.
53.
C.N.Shivayogimath and N.Uma Reddy, Performance analysis of a software defined network using mininet, in: Artificial Intelligence and Evolutionary Computations in Engineering Systems: Proceedings of ICAIECES 2015, Springer, 2016, pp. 391–398. doi:10.1007/978-81-322-2656-7_35.
54.
Siemens, IWLAN – the wireless LAN for demanding industrial applications, Last visited: 5 Sep. 2023, https://www.siemens.com/global/en/products/automation/industrial-communication/industrial-wireless-lan.html.
StackExchange, Is there any point of arp spoofing on a wifi network?, Last visited: 5 Sep. 2023, https://security.stackexchange.com/questions/225985/is-there-any-point-of-arp-spoofing-on-a-wifi-network.
57.
StackExchange, ARP spoofing over WLAN, Last visited: 5 Sep. 2023, https://networkengineering.stackexchange.com/questions/60697/arp-spoofing-over-wlan.
58.
StackExchange, ARP poisoning between a wired and wireless network, Last visited: 5 Sep. 2023, https://security.stackexchange.com/questions/41961/arp-poisoning-between-a-wired-and-wireless-network.
59.
J.Stranahan, T.Soni, J.Carpenter and V.Heydari, SCADA testbed implementation, attacks, and security solutions, in: Advances in Information and Communication, Springer, 2021, pp. 736–755. ISBN 978-3-030-73100-7. doi:10.1007/978-3-030-73100-7_53.
J.D.Tian, K.R.B.Butler, P.D.McDaniel and P.Krishnaswamy, Securing ARP from the ground up, in: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY ’15, ACM, New York, NY, USA, 2015, pp. 305–312. ISBN 978-1-4503-3191-3. doi:10.1145/2699026.2699123.
62.
A.Tidrea, A.Korodi and I.Silea, Cryptographic considerations for automation and SCADA systems using trusted platform modules, MDPI Sensors19(19) (2019). doi:10.3390/s19194191.
63.
F.Tramarin and S.Vitturi, Strategies and services for energy efficiency in real-time ethernet networks, IEEE Transactions on Industrial Informatics11(3) (2015), 841–852. doi:10.1109/TII.2015.2426953.
64.
M.V.Tripunitara and P.Dutta, Middle approach to asynchronous and backward-compatible detection and prevention of ARP cache poisoning, Google Patents, 2004, Patent 6,771,649.
65.
A.Varga and R.Hornig, An overview of the OMNET++ simulation environment, in: Proc. 1st Intl. ICST Conf. SIMUTOOLS, 2010. doi:10.4108/ICST.SIMUTOOLS2008.3027.
66.
W.Voss, Industrial ethernet guide – network topologies, in: A Comprehensible Guide to Industrial Ethernet, Copperhill Technologies, 2019, Online book, last visited: 7 Sep. 2023, https://copperhilltech.com/blog/industrial-ethernet-guide-network-topologies/.
67.
W.Voss, Industrial ethernet guide – topology and communication features, in: A Comprehensible Guide to Industrial Ethernet, Copperhill Technologies, 2019, Online book, last visited: 7 Sep. 2023, https://copperhilltech.com/blog/industrial-ethernet-guide-topology-and-communication-features/.
