Outsmarting Network Security with SDN Teleportation

Software-defined networking is considered a promising new paradigm, enabling more reliable and formally verifiable communication networks. However, this paper shows that the separation of the control plane from the data plane, which lies at the heart of Software-Defined Networks (SDNs), introduces a new vulnerability which we call teleportation. An attacker (e.g., a malicious switch in the data plane or a host connected to the network) can use teleportation to transmit information via the control plane and bypass critical network functions in the data plane (e.g., a firewall), and to violate security policies as well as logical and even physical separations. This paper characterizes the design space for teleportation attacks theoretically, and then identifies four different teleportation techniques. We demonstrate and discuss how these techniques can be exploited for different attacks (e.g., exfiltrating confidential data at high rates), and also initiate the discussion of possible countermeasures. Generally, and given today's trend toward more intent-based networking, we believe that our findings are relevant beyond the use cases considered in this paper.

[1]  Petr Kuznetsov,et al.  A distributed and robust SDN control plane for transactional network updates , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[2]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[3]  David Walker,et al.  Consistent updates for software-defined networks: change you can believe in! , 2011, HotNets-X.

[4]  Jeffrey C. Mogul,et al.  NetLord: a scalable multi-tenant network architecture for virtualized datacenters , 2011, SIGCOMM.

[5]  Maciej Kuźniar,et al.  What You Need to Know About SDN Flow Tables , 2015, PAM.

[6]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[7]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[8]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[9]  Vinod Yegneswaran,et al.  Securing the Software Defined Network Control Layer , 2015, NDSS.

[10]  Vijay Mann,et al.  SPHINX: Detecting Security Attacks in Software-Defined Networks , 2015, NDSS.

[11]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[12]  Neil Immerman,et al.  Decentralizing SDN Policies , 2015, POPL.

[13]  David Walker,et al.  Optimizing the "one big switch" abstraction in software-defined networks , 2013, CoNEXT.

[14]  Tuomas Aura,et al.  Spook in Your Network: Attacking an SDN with a Compromised OpenFlow Switch , 2014, NordSec.

[15]  Rob Sherwood,et al.  FlowVisor: A Network Virtualization Layer , 2009 .

[16]  Scott Shenker,et al.  Overcoming the Internet impasse through virtualization , 2005, Computer.

[17]  Paul Smith,et al.  OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[18]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[19]  Cisco IOS Router Exploitation , 2009 .

[20]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[21]  Syed Ali Khayam,et al.  Revisiting Traffic Anomaly Detection Using Software Defined Networking , 2011, RAID.

[22]  Security Advisories , 1998, Science.

[23]  Hyong S. Kim,et al.  Secure Split Assignment Trajectory Sampling: A Malicious Router Detection System , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[24]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[25]  Harry G. Perros,et al.  SDN-based solutions for Moving Target Defense network protection , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[26]  Phuoc Tran-Gia,et al.  OFCProbe: A platform-independent tool for OpenFlow controller analysis , 2014, 2014 IEEE Fifth International Conference on Communications and Electronics (ICCE).

[27]  Anja Feldmann,et al.  Reins to the Cloud: Compromising Cloud Systems via the Data Plane , 2016, 1610.08717.

[28]  Xin Jin,et al.  CoVisor: A Compositional Hypervisor for Software-Defined Networks , 2015, NSDI.

[29]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[30]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[31]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.

[32]  Brighten Godfrey,et al.  Enforcing Customizable Consistency Properties in Software-Defined Networks , 2015, NSDI.

[33]  Teri A. Crosby,et al.  How to Detect and Handle Outliers , 1993 .