Request Complexity of VNet Topology Extraction: Dictionary-Based Attacks

The network virtualization paradigm envisions an Internet where arbitrary virtual networks VNets can be specified and embedded over a shared substrate e.g., the physical infrastructure. As VNets can be requested at short notice and for a desired time period only, the paradigm enables a flexible service deployment and an efficient resource utilization. This paper investigates the security implications of such an architecture. We consider a simple model where an attacker seeks to extract secret information about the substrate topology, by issuing repeated VNet embedding requests. We present a general framework that exploits basic properties of the VNet embedding relation to infer the entire topology. Our framework is based on a graph motif dictionary applicable for various graph classes. Moreover, we provide upper bounds on the request complexity, the number of requests needed by the attacker to succeed.

[1]  Fangzhe Chang,et al.  Topology inference in the presence of anonymous routers , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[2]  Hrishikesh B. Acharya,et al.  On the Hardness of Topology Inference , 2011, ICDCN.

[3]  Kang-Won Lee,et al.  Minimum Congestion Mapping in a Cloud , 2015, SIAM J. Comput..

[4]  Bill Cheswick,et al.  Mapping and Visualizing the Internet , 2000, USENIX Annual Technical Conference, General Track.

[5]  Stefan Schmid,et al.  Misleading Stars: What Cannot Be Measured in the Internet? , 2011, DISC.

[6]  Stefan Schmid,et al.  Adversarial VNet embeddings: A threat for ISPs? , 2013, 2013 Proceedings IEEE INFOCOM.

[7]  Raouf Boutaba,et al.  A survey of network virtualization , 2010, Comput. Networks.

[8]  Jie Wu,et al.  An Opportunistic Resource Sharing and Topology-Aware mapping framework for virtual networks , 2012, 2012 Proceedings IEEE INFOCOM.

[9]  Mostafa H. Ammar,et al.  Dynamic Topology Configuration in Service Overlay Networks: A Study of Reconfiguration Policies , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[10]  Holger Karl,et al.  A virtual network mapping algorithm based on subgraph isomorphism detection , 2009, VISA '09.

[11]  Avinatan Hassidim,et al.  Topology discovery of sparse random graphs with few participants , 2011, SIGMETRICS '11.

[12]  Anja Feldmann,et al.  Optimizing Long-Lived CloudNets with Migrations , 2012, 2012 IEEE Fifth International Conference on Utility and Cloud Computing.

[13]  Djamal Zeghlache,et al.  A Distributed Virtual Network Mapping Algorithm , 2008, 2008 IEEE International Conference on Communications.