Fingerprinting OpenFlow Controllers: The First Step to Attack an SDN Control Plane

Software-Defined Networking (SDN) controllers are considered as Network Operating Systems (NOSs) and often viewed as a single point of failure. Detecting which SDN controller is managing a target network is a big step for an attacker to launch specific/effective attacks against it. In this paper, we demonstrate the feasibility of fingerpirinting SDN controllers. We propose techniques allowing an attacker placed in the data plane, which is supposed to be physically separate from the control plane, to detect which controller is managing the network. To the best of our knowledge, this is the first work on fingerprinting SDN controllers, with as primary goal to emphasize the necessity to highly secure the controller. We focus on OpenFlow-based SDN networks since OpenFlow is currently the most deployed SDN technology by hardware and software vendors.

[1]  David Erickson,et al.  The beacon openflow controller , 2013, HotSDN '13.

[2]  Ananth Balashankar,et al.  Software Defined Networking , 2019, 2019 19th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA).

[3]  Keith Kirkpatrick,et al.  Software-defined networking , 2013, CACM.

[4]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[5]  Ghassan O. Karame,et al.  On the Fingerprinting of Software-Defined Networks , 2016, IEEE Transactions on Information Forensics and Security.

[6]  Kim-Kwang Raymond Choo,et al.  Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[7]  Chengchen Hu,et al.  An Inference Attack Model for Flow Table Capacity and Usage: Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network , 2015, ArXiv.

[8]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[9]  Sakir Sezer,et al.  A Survey of Security in Software Defined Networks , 2016, IEEE Communications Surveys & Tutorials.

[10]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.