research-article

Open access

Alleviating eavesdropping attacks in software-defined networking data plane

Authors:

Nuttapong Netjinda,

Rattikorn HewettAuthors Info & Claims

CISRC '17: Proceedings of the 12th Annual Conference on Cyber and Information Security Research

Article No.: 1, Pages 1 - 8

https://doi.org/10.1145/3064814.3064832

Published: 04 April 2017 Publication History

Abstract

Software-Defined Networking (SDN) is an emerging paradigm that introduces a concept of programmable networks to enhance the agility in networking management. By separating concerns of the data plane and the control plane, implementing network switching as packet forwarding, and using centralized software to logically control the entire networks, SDN makes it simpler to automate and configure the network to respond to high-level policy enforcement and dynamically changing network conditions. As SDN becomes more prevalent, its security issues are increasingly critical. Eaves-dropping attacks are one of the most common and important network attacks because they are relatively easy to implement and their effects can escalate to more severe attacks. This paper addresses the issue of how to cope with eavesdropping attacks in the SDN data plane by using multiple routing paths to reduce the severity of data leakage. While this existing approach appears to be considerably effective, our simple analysis uncovers that without a proper strategy of data communication, it can still lead to 100% of data exposure. The paper describes a remedy along with illustrations both analytically and experimentally. The results show that our proposed remedy can avoid such catastrophe and further reduces the percentage of risk from data exposure approximately by a factor of 1/n where n is the number of alternate disjoint paths.

References

[1]

Markku Antikainen, Tuomas Aura, and Mikko Särelä. 2014. Spook in your network: Attacking an sdn with a compromised openflow switch. In Nordic Conference on Secure IT Systems. Springer, 229--244.

[2]

Kevin Benton, L Jean Camp, and Chris Small. 2013. Openflow vulnerability assessment. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, 151--152.

Digital Library

[3]

Po-Wen Chi, Chien-Ting Kuo, Jing-Wei Guo, and Chin-Laung Lei. 2015. How to detect a compromised SDN switch. In Network Softwarization (NetSoft), 2015 1st IEEE Conference on. IEEE, 1--6.

[4]

Eduardo Germano da Silva, Luis Augusto Dias Knob, Juliano Araujo Wick-boldt, Luciano Paschoal Gaspary, Lisandro Zambenedetti Granville, and Alberto Schaeffer-Filho. 2015. Capitalizing on SDN-based SCADA systems: An anti-eavesdropping case-study. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on. IEEE, 165--173.

[5]

Mohan Dhawan, Rishabh Poddar, Kshiteej Mahajan, and Vijay Mann. 2015. SPHINX: Detecting Security Attacks in Software-Defined Networks. In NDSS.

[6]

Nick Feamster, Jennifer Rexford, and Ellen Zegura. 2014. The road to SDN: an intellectual history of programmable networks. ACM SIGCOMM Computer Communication Review 44, 2 (2014), 87--98.

Digital Library

[7]

Jafar Haadi Jafarian, Ehab Al-Shaer, and Qi Duan. 2012. Openflow random host mutation: transparent moving target defense using software defined networking. In Proceedings of the first workshop on Hot topics in software defined networks. ACM, 127--132.

Digital Library

[8]

Fan Jiang, Chen Song, Hao Xun, and Zhen Xu. 2016. Combat-Sniff: A Comprehensive Countermeasure to Resist Data Plane Eavesdropping in Software-Defined Networks. American Journal of Networks and Communications 2, 5 (2016), 27--34.

[9]

Panos Kampanakis, Harry Perros, and Tsegereda Beyene. 2014. SDN-based solutions for moving target defense network protection. In A World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2014 IEEE 15th International Symposium on. IEEE, 1--6.

[10]

Hyojoon Kim and Nick Feamster. 2013. Improving network management with software defined networking. IEEE Communications Magazine 51, 2 (2013), 114--119.

[11]

Teemu Koponen, Martin Casado, Natasha Gude, Jeremy Stribling, Leon Poutievski, Min Zhu, Rajiv Ramanathan, Yuichiro Iwata, Hiroaki Inoue, Takayuki Hama, and others. 2010. Onix: A distributed control platform for large-scale production networks. In OSDI, Vol. 10. 1--6.

Digital Library

[12]

Diego Kreutz, Fernando Ramos, and Paulo Verissimo. 2013. Towards secure and dependable software-defined networks. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, 55--60.

Digital Library

[13]

Diego Kreutz, Fernando MV Ramos, Paulo Esteves Verissimo, Christian Esteve Rothenberg, Siamak Azodolmolky, and Steve Uhlig. 2015. Software-defined networking: A comprehensive survey. Proc. IEEE 103, 1 (2015), 14--76.

[14]

Junyuan Leng, Yadong Zhou, Junjie Zhang, and Chengchen Hu. 2015. An inference attack model for flow table capacity and usage: Exploiting the vulnerability of flow table overflow in software-defined network. arXiv preprint arXiv:1504.03095 (2015).

[15]

Wenjing Lou and Yuguang Fang. 2001. A multipath routing approach for secure data delivery. In Military Communications Conference, 2001. MILCOM 2001. Communications for Network-Centric Operations: Creating the Information Force. IEEE, Vol. 2. IEEE, 1467--1473.

[16]

James McCauley and Apache License V2.0. 2012. POX Controller. (2012).

[17]

Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. 2008. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review 38, 2 (2008), 69--74.

Digital Library

[18]

Peter P Pham and Sylvie Perreau. 2003. Performance analysis of reactive shortest path and multipath routing mechanism with load balance. In INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies, Vol. 1. IEEE, 251--259.

[19]

Sandra Scott-Hayward, Gemma O'Callaghan, and Sakir Sezer. 2013. SDN security: A survey. In Future Networks and Services (SDN4FNS), 2013 IEEE SDN For. IEEE, 1--7.

[20]

OpenFlow Switch Specification. 2014. 1.5.1 (Protocol version 0x06), December, 2014. (2014).

[21]

Mininet Team. 2014. Mininet Emulator. (2014).

[22]

OPEN VSWITCH. 2013. Open vSwitch. (2013).

Cited By

Qian YXie HZhong JChen CBie Z(2025)Resource Allocation for Hybrid Quantum-Classical Communication Systems in Multiapplication-Enabled Power GridsIEEE Transactions on Industrial Informatics10.1109/TII.2024.345219721:1(267-276)Online publication date: Jan-2025
https://doi.org/10.1109/TII.2024.3452197
Liu YWang YFeng H(2024)A proactive defense method against eavesdropping attack in SDN-based storage environmentCybersecurity10.1186/s42400-024-00255-37:1Online publication date: 7-Nov-2024
https://doi.org/10.1186/s42400-024-00255-3
Sun RZhu YFei JChen X(2023)A Survey on Moving Target Defense: Intelligently Affordable, Optimized and Self-AdaptiveApplied Sciences10.3390/app1309536713:9(5367)Online publication date: 25-Apr-2023
https://doi.org/10.3390/app13095367
Show More Cited By

Index Terms

Alleviating eavesdropping attacks in software-defined networking data plane
1. Security and privacy
  1. Network security

Recommendations

Software-Defined Networking: On the Verge of a Breakthrough?

Many experts predict that software-defined networking, a technology that's been highly touted for several years, will soon finally begin gaining ground in the marketplace.
Survey on Software-Defined Networking
CloudCom-Asia 2015: Revised Selected Papers of the Second International Conference on Cloud Computing and Big Data - Volume 9106

Recently, both the academia and industry have initiated research directed toward the integration of software-defined networking SDN technologies into the next generation of networking. In this paradigm, SDN transfers the control function from the ...
A Novel OpenFlow-Based DDoS Flooding Attack Detection and Response Mechanism in Software-Defined Networking

Software-Defined Networking SDN and OpenFlow have brought a promising architecture for the future networks. However, there are still a lot of security challenges to SDN. To protect SDN from the Distributed denial-of-service DDoS flooding attack, this ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

CISRC '17: Proceedings of the 12th Annual Conference on Cyber and Information Security Research

April 2017

106 pages

ISBN:9781450348553

DOI:10.1145/3064814

General Chairs:
Joseph P. Trien
Oak Ridge National Laboratory
,
Stacy J. Prowell
Oak Ridge National Laboratory
,
John R. Goodall
Oak Ridge National Laboratory
,
Justin M. Beaver
Oak Ridge National Laboratory
,
Program Chair:
Robert A. Bridges
Oak Ridge National Laboratory

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CISRC'17

CISRC'17: Twelfth Annual Cyber and Information Security Research Conference

April 4 - 6, 2017

Tennessee, Oak Ridge, USA

Acceptance Rates

CISRC '17 Paper Acceptance Rate 8 of 22 submissions, 36%;

Overall Acceptance Rate 69 of 136 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
854
Total Downloads

Downloads (Last 12 months)110
Downloads (Last 6 weeks)15

Reflects downloads up to 13 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Qian YXie HZhong JChen CBie Z(2025)Resource Allocation for Hybrid Quantum-Classical Communication Systems in Multiapplication-Enabled Power GridsIEEE Transactions on Industrial Informatics10.1109/TII.2024.345219721:1(267-276)Online publication date: Jan-2025
https://doi.org/10.1109/TII.2024.3452197
Liu YWang YFeng H(2024)A proactive defense method against eavesdropping attack in SDN-based storage environmentCybersecurity10.1186/s42400-024-00255-37:1Online publication date: 7-Nov-2024
https://doi.org/10.1186/s42400-024-00255-3
Sun RZhu YFei JChen X(2023)A Survey on Moving Target Defense: Intelligently Affordable, Optimized and Self-AdaptiveApplied Sciences10.3390/app1309536713:9(5367)Online publication date: 25-Apr-2023
https://doi.org/10.3390/app13095367
Cavalli AMontes De Oca E(2023)Cybersecurity, Monitoring, Explainability and Resilience2023 Fourteenth International Conference on Mobile Computing and Ubiquitous Network (ICMU)10.23919/ICMU58504.2023.10412157(1-7)Online publication date: 29-Nov-2023
https://doi.org/10.23919/ICMU58504.2023.10412157
Bhuiyan ZIslam SIslam MUllah ANaz FRahman M(2023)On the (in)Security of the Control Plane of SDN Architecture: A SurveyIEEE Access10.1109/ACCESS.2023.330746711(91550-91582)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3307467
Maleh YQasmaoui YEl Gholami KSadqi YMounir S(2022)A comprehensive survey on SDN security: threats, mitigations, and future directionsJournal of Reliable Intelligent Environments10.1007/s40860-022-00171-89:2(201-239)Online publication date: 8-Feb-2022
https://doi.org/10.1007/s40860-022-00171-8
Hegazy AEl-Aasser M(2021)Network Security Challenges and Countermeasures in SDN Environments2021 Eighth International Conference on Software Defined Systems (SDS)10.1109/SDS54264.2021.9732104(1-8)Online publication date: 6-Dec-2021
https://doi.org/10.1109/SDS54264.2021.9732104
Xu CZhang TKuang XZhou ZYu S(2021)Context-Aware Adaptive Route Mutation Scheme: A Reinforcement Learning ApproachIEEE Internet of Things Journal10.1109/JIOT.2021.30656808:17(13528-13541)Online publication date: 1-Sep-2021
https://doi.org/10.1109/JIOT.2021.3065680
Zhang LThing V(2021)Three decades of deception techniques in active cyber defense - Retrospect and outlookComputers and Security10.1016/j.cose.2021.102288106:COnline publication date: 1-Jul-2021
https://dl.acm.org/doi/10.1016/j.cose.2021.102288
Zhang TXu CZhang BKuang XWang YYang SMuntean G(2020)DQ-RM: Deep Reinforcement Learning-based Route Mutation Scheme for Multimedia Services2020 International Wireless Communications and Mobile Computing (IWCMC)10.1109/IWCMC48107.2020.9148371(291-296)Online publication date: Jun-2020
https://doi.org/10.1109/IWCMC48107.2020.9148371
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten