Fine-Grained Fingerprinting Threats to Software-Defined Networks

Thanks to its flexibility and programmable features, Software-Defined Networking (SDN) has been attracting more and more attention from the academia and the industry. Unfortunately, the fundamental characteristic of SDN that decouples control plane from data plane becomes a potential attack surface as well, which enables adversaries to fingerprint and attack the SDNs. Existing work showed the possibility of fingerprinting an SDN with time-based features. However, they are coarse grained. This paper proposes a fine-grained fingerprinting approach and reveals the much more severe threats to SDN Security. By analyzing network packets, the approach digs out match fields of SDN flow rules innovatively. Being sensitive and control-related information in SDN, the match fields of flow rules can be used to infer the type of an SDN controller and the security policy of the network. With these sensitive configuration information, adversaries can launch more targeted and destructive attacks against an SDN. We implement our approach in both simulative and physical environments. Furthermore, we conduct experiments with different kinds of SDN controllers to verify the effectiveness of our concept. Experiment results demonstrate the feasibility to obtain highly sensitive, fine-grained information in SDN, and hence reveal the high risk of information disclosure in SDN and severe threats of attacks against SDN.

[1]  Adam J. Aviv,et al.  Timing SDN Control Planes to Infer Network Configurations , 2016, SDN-NFV@CODASPY.

[2]  Dianxiang Xu,et al.  Security of Software Defined Networks: A survey , 2015, Comput. Secur..

[3]  Kim-Kwang Raymond Choo,et al.  Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[4]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[5]  Adam J. Aviv,et al.  Timing-based reconnaissance and defense in software-defined networks , 2016, ACSAC.

[6]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[7]  Ghassan O. Karame,et al.  On the Fingerprinting of Software-Defined Networks , 2016, IEEE Transactions on Information Forensics and Security.

[8]  Paul Smith,et al.  OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[9]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[10]  Guy Pujolle,et al.  Fingerprinting OpenFlow Controllers: The First Step to Attack an SDN Control Plane , 2016, 2016 IEEE Global Communications Conference (GLOBECOM).

[11]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[12]  Zachary J Zeitlin Fingerprinting Software Defined Networks and Controllers , 2015 .

[13]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[14]  Patrick E. McKnight,et al.  Mann‐Whitney U Test , 2010 .