Lightweight Authentication Mechanism for Software Defined Network Using Information Hiding

Software defined network (SDN) is an emerging network architecture which offloads the control logic of the network from the underlying forwarding devices to a centralized controller. This centralized control intelligence software defines the behavior of the network. However, the programmability and centralization of the SDN architecture introduce potential security concerns. In this paper, we first investigate the threats of denial of service (DoS) attacks on the SDN control channel. Then, we evaluate the impact of DoS by simulating a DoS attack against the network controller. Our results show that it is possible to exhaust the controller resources in the absence of an authentication mechanism. Finally, we propose a lightweight information hiding authentication mechanism to prevent DoS attacks in the SDN control channel.

[1]  Jun Bi,et al.  On the cascading failures of multi-controllers in Software Defined Networks , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[2]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[3]  Martín Casado,et al.  Rethinking enterprise network control , 2009, TNET.

[4]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[5]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[6]  Ehab Al-Shaer,et al.  Taxonomy of conflicts in network security policies , 2006, IEEE Communications Magazine.

[7]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[8]  Kim-Kwang Raymond Choo,et al.  Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[9]  Huaiqing Wang,et al.  Cyber warfare: steganography vs. steganalysis , 2004, CACM.

[10]  Maxim Raya,et al.  Securing vehicular ad hoc networks , 2007, J. Comput. Secur..

[11]  KokSheik Wong,et al.  AIPISteg: An active IP identification based steganographic method , 2016, J. Netw. Comput. Appl..

[12]  Rob Sherwood,et al.  On Controller Performance in Software-Defined Networks , 2012, Hot-ICE.

[13]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[14]  Steven J. Vaughan-Nichols,et al.  OpenFlow: The Next Generation of the Network? , 2011, Computer.