No One In The Middle

Enabling network access control via transparent attribution


Presented at AsiaCCS 2018

Demo:

(No Audio)

Abstract:

Commodity small networks typically rely on NAT as a perimeter defense, but are susceptible to a variety of well-known intra-network attacks, such as ARP spoofing. With the increased prevalence of oft-compromised Internet-of-Things (IoT) devices now taking up residence in homes and small businesses, the potential for abuse has never been higher. In this work, we present a novel mechanism for strongly attributing local network traffic to its originating principal, fully-compatible with existing legacy devices. We eliminate Man-in-the-Middle attacks at both the link and service discovery layers, and enable users to identify and block malicious devices from direct attacks against other endpoints. Despite the prevalence of prior work with similar goals, previous solutions have either been unsuited to non-Enterprise environments or have broken compatibility with existing network devices and therefore failed to be adopted. Our prototype imposes negligible performance overhead, runs on an inexpensive commodity router, and retains full compatibility with modern and legacy devices.

Links:

Paper:

Slides:

Source Code

https://github.com/jericks-umich/dreamcatcher

Citation:

Jeremy Erickson, Qi Alfred Chen, Xiaochen Yu, Erinjen Lin, Robert Levy, and Z. Morley Mao. 2018. No One In The Middle: Enabling Network Access Control Via Transparent Attribution. In Proceedings of the 2018 Asia Conference on Computer and Communications Security (ASIACCS ’18). ACM, New York, NY, USA, 651–658. https://doi.org/10.1145/3196494.3196498

Bibtex:

@inproceedings{Erickson:2018:NOM:3196494.3196498, 
	author = {Erickson, Jeremy and Chen, Qi Alfred and Yu, Xiaochen and Lin, Erinjen and Levy, Robert and Mao, Z. Morley}, 
	title = {No One In The Middle: Enabling Network Access Control Via Transparent Attribution}, 
	booktitle = {Proceedings of the 2018 Asia Conference on Computer and Communications Security}, 
	series = {ASIACCS '18}, 
	year = {2018}, 
	isbn = {978-1-4503-5576-6}, 
	location = {Incheon, Republic of Korea}, 
	pages = {651--658}, 
	numpages = {8}, 
	url = {http://doi.acm.org/10.1145/3196494.3196498}, 
	doi = {10.1145/3196494.3196498}, 
	acmid = {3196498}, 
	publisher = {ACM}, 
	address = {New York, NY, USA}, 
	keywords = {arp spoofing, checkpoint, dreamcatcher, name poisoning, vnic, wpa},
}