Security analysis of forwarding strategies in network time measurements using Openflow

Reliable network time measurement tools are important to ensure that monitoring network systems work properly, but their development do not consider security as a concern and, for example, delay attacks could compromise those tools effectiveness. Indeed, nowadays the network time measurement is not always reliable. Some researches do propose to increase network time measurement reliability using Openflow. Nonetheless, those researches do not consider the impact of altering some of the Openflow controller algorithms in their analysis. On one hand, this paper investigates how the provided POX Openflow Controller packet forwarding strategies could be applied to compromise network time measurement reliability. On the other hand, this paper also shows that the way those strategies are applied could prevent against new attacks that need to trust on network time measurement. Therefore, some experiments were performed to show the impact of the POX packet forwarding algorithms on network time measurement, either to compromise or to help in protecting the network.

[1]  Ghassan O. Karame,et al.  Towards Trustworthy Network Measurements , 2013, TRUST.

[2]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[3]  Adam J. Aviv,et al.  Timing SDN Control Planes to Infer Network Configurations , 2016, SDN-NFV@CODASPY.

[4]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[5]  Sakir Sezer,et al.  Sdn Security: A Survey , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[6]  Ghassan O. Karame,et al.  On the Security of End-to-End Measurements Based on Packet-Pair Dispersions , 2013, IEEE Transactions on Information Forensics and Security.

[7]  Ailton Akira Shinoda,et al.  Using Mininet for emulation and prototyping Software-Defined Networks , 2014, 2014 IEEE Colombian Conference on Communications and Computing (COLCOM).

[8]  Marco Conti,et al.  Mesh networks: commodity multihop ad hoc networks , 2005, IEEE Communications Magazine.

[9]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[10]  Ghassan O. Karame,et al.  On the Security of Bottleneck Bandwidth Estimation Techniques , 2009, SecureComm.

[11]  Byrav Ramamurthy,et al.  Network Innovation using OpenFlow: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[12]  Qi Hao,et al.  A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation , 2014, IEEE Communications Surveys & Tutorials.

[13]  Anish Mathew Kurien,et al.  Active Throughput Estimation Using RTT of Differing ICMP Packet Sizes , 2008, 2008 Third International Conference on Broadband Communications, Information Technology & Biomedical Applications.

[14]  Rudra Dutta,et al.  Data-driven Study of Network Administration in the Evolving Landscape of Software Defined Networking , 2014, HCBDR '14.

[15]  S. Thamarai Selvi,et al.  DDoS detection and analysis in SDN-based environment using support vector machine classifier , 2014, 2014 Sixth International Conference on Advanced Computing (ICoAC).

[16]  Marti A. Hearst Trends & Controversies: Support Vector Machines , 1998, IEEE Intell. Syst..

[17]  Chung-Horng Lung,et al.  A Comparison of Data Forwarding Schemes for Network Resiliency in Software Defined Networking , 2014, FNC/MobiSPC.

[18]  Pakawat Pupatwibul,et al.  A Comparative Review: Accurate OpenFlow Simulation Tools for Prototyping , 2015, J. Networks.