Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures

Software-Defined Networking (SDN) is a new networking paradigm that grants a controller and its applications an omnipotent power to have holistic network visibility and flexible network programmability, thus enabling new innovations in network protocols and applications. One of the core advantages of SDN is its logically centralized control plane to provide the entire network visibility, on which many SDN applications rely. For the first time in the literature, we propose new attack vectors unique to SDN that seriously challenge this foundation. Our new attacks are somewhat similar in spirit to spoofing attacks in legacy networks (e.g., ARP poisoning attack), however with significant differences in exploiting unique vulnerabilities how current SDN operates differently from legacy networks. The successful attacks can effectively poison the network topology information, a fundamental building block for core SDN components and topology-aware SDN applications. With the poisoned network visibility, the upper-layer OpenFlow controller services/apps may be totally misled, leading to serious hijacking, denial of service or man-in-the-middle attacks. According to our study, all current major SDN controllers we find in the market (e.g., Floodlight, OpenDaylight, Beacon, and POX) are affected, i.e., they are subject to the Network Topology Poisoning Attacks. We then investigate the mitigation methods against the Network Topology Poisoning Attacks and present TopoGuard, a new security extension to SDN controllers, which provides automatic and real-time detection of Network Topology Poisoning Attacks. Our evaluation on a prototype implementation of TopoGuard in the Floodlight controller shows that the defense solution can effectively secure network topology while introducing only a minor impact on normal operations of OpenFlow controllers.

[1]  David Walker,et al.  A compiler and run-time system for network programming languages , 2012, POPL '12.

[2]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[3]  Marco Canini,et al.  A SOFT way for openflow switch interoperability testing , 2012, CoNEXT '12.

[4]  C. Adjih,et al.  Attacks Against OLSR : Distributed Key Management for Security , 2022 .

[5]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[6]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[7]  Roy T. Fielding,et al.  The Apache HTTP Server Project , 1997, IEEE Internet Comput..

[8]  George Varghese,et al.  Real Time Network Policy Checking Using Header Space Analysis , 2013, NSDI.

[9]  Sujata Banerjee,et al.  ElasticTree: Saving Energy in Data Center Networks , 2010, NSDI.

[10]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[11]  Rob Sherwood,et al.  Can the Production Network Be the Testbed? , 2010, OSDI.

[12]  Emanuele Jones,et al.  OSPF Security Vulnerabilities Analysis , 2006 .

[13]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[14]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[15]  Laszlo B. Kish PROTECTION AGAINST THE MAN-IN-THE-MIDDLE-ATTACK FOR THE KIRCHHOFF-LOOP-JOHNSON(-LIKE)-NOISE CIPHER AND EXPANSION BY VOLTAGE-BASED SECURITY , 2006 .

[16]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[17]  Gabi Nakibly,et al.  Persistent OSPF Attacks , 2012, NDSS.

[18]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[19]  Philippe Jacquet,et al.  Optimized Link State Routing Protocol (OLSR) , 2003, RFC.

[20]  Katerina J. Argyraki,et al.  Software dataplane verification , 2014, NSDI.

[21]  Anees Shaikh,et al.  CloudNaaS: a cloud networking platform for enterprise applications , 2011, SoCC.

[22]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[23]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.