[e2e] Research on prevention of ARP spoofing

[stanislav shalunov]

"Sai Dattathrani" <saidatta at in.ibm.com> writes:

> http://www.ietf.org/internet-drafts/draft-dattathrani-tcp-ip-security-01.txt

That contains, in particular:

> A sublayer in the Data Link layer should be introduced.  This will be
> known as the Security sublayer.  The Security sublayer should be
> placed below the MAC sublayer in the Data Link layer.  This Security
> sublayer should be present physically on the NIC.  The security
> sublayer will have to perform a host of security checks.  The
> implementation of this sublayer will reside in the ROM of the NIC, so
> that the intruder does not manipulate this sublayer.

Relying on tamper-resistant hardware that needs to be manufactured by
hundreds of companies is perilous.  The NIC I am using right now (and
its driver) allows me to conveniently program any MAC address I'd
like.  I find occasional use for this feature (testing, etc.).  This
means that I'd consider paying a little extra for the functionality.
Are you saying companies need to make their hardware more complex (and
costly) and less functional at the same time?  Competition would work
against the solution.

What is the threat model anyway?  Are you trying to prevent disruption
of communication by machines on the same Ethernet or surreptitious
monitoring/modification?  I don't think the former has a clean
solution (especially if you take into accounts attacks like plugging
of the Ethernet data wires into the AC outlet to kill the switch).
The latter has to be solved by cryptographic means.

-- 
Stanislav Shalunov		http://www.internet2.edu/~shalunov/

Sex is the mathematics urge sublimated.                 -- M. C. Reed.