Fingerprinting OpenFlow Controllers: The First Step to Attack an SDN Control Plane

Azzouni, Abdelhadi; Braham, Othmen; Nguyen, Thi Mai Trang; Pujolle, Guy; Boutaba, Raouf

doi:10.1109/glocom.2016.7841843

Cited by 33 publications

(29 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…3 We found that ONOS contains 95 network event listeners across 45 apps' event listeners. 4 Popular event kinds handled were DeviceEvent (25 instances), NetworkConfigEvent (22 instances), and HostEvent (18 instances). Overall, we found 45 event types among 11 (network) event kinds.…”

Section: B Event Use Resultsmentioning

confidence: 99%

“…Attackers can infer whether the network is non-SDN or SDN and which controller is being used in an SDN setting [4], [71]. Defenses to date, such as control plane causality tracking [59], [62], trusted data plane identities [26], and timingbased link fabrication prevention [57], are useful in preventing specific classes of attacks but are not designed for vulnerability discovery because they track specific execution traces as they occur rather than all possible execution traces prior to runtime.…”

Section: B Sdn Security Challengesmentioning

confidence: 99%

See 1 more Smart Citation

Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking

Ujcich¹,

Jero²,

Skowyra³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Software-defined networking (SDN) achieves a programmable control plane through the use of logically centralized, event-driven controllers and through network applications (apps) that extend the controllers' functionality. As control plane decisions are often based on the data plane, it is possible for carefully crafted malicious data plane inputs to direct the control plane towards unwanted states that bypass network security restrictions (i.e., cross-plane attacks). Unfortunately, because of the complex interplay among controllers, apps, and data plane inputs, at present it is difficult to systematically identify and analyze these cross-plane vulnerabilities. We present EVENTSCOPE, a vulnerability detection tool that automatically analyzes SDN control plane event usage, discovers candidate vulnerabilities based on missing event-handling routines, and validates vulnerabilities based on data plane effects. To accurately detect missing event handlers without ground truth or developer aid, we cluster apps according to similar event usage and mark inconsistencies as candidates. We create an event flow graph to observe a global view of events and control flows within the control plane and use it to validate vulnerabilities that affect the data plane. We applied EVENTSCOPE to the ONOS SDN controller and uncovered 14 new vulnerabilities. 1 An SDN controller service or app often consists of multiple functional units, which we call components. A functional unit ends at an API boundary or event dispatch.

show abstract

Section: B Event Use Resultsmentioning

confidence: 99%

Section: B Sdn Security Challengesmentioning

confidence: 99%

Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking

Ujcich¹,

Jero²,

Skowyra³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…The proposed random mapping may suffer from performance degradation. A model to collect SDN Controller information was presented in [17]. The attack model proposed in this paper assumed that attacker is connected in Data plane of SDN.…”

Section: Related Workmentioning

confidence: 99%

Distributed Shadow Controllers based Moving Target Defense Framework for Control Plane Security

Hyder¹,

Ismail²

2019

IJACSA

View full text Add to dashboard Cite

Moving Target Defense (MTD) has drawn substantial attention of research community in recent past for designing secure networks. MTD significantly reduced the asymmetric advantage of attackers by constantly changing the attack surface. In this paper Software Defined Networking (SDN) based MTD framework SMTSC (SDN based MTD framework using Shadow Controllers) has been proposed. Although the previous work in SDN based MTD targets the Data plane security, we exploit MTD for the protection of Control plane of SDN. The proposed solution uses the concept of Shadow Controllers for producing dynamism in order to provide security at the Control plane of SDN environment. We proposed the concepts of Shadow Controllers for throttling the reconnaissance attacks targeting Controllers. The advantage of our approach is multifold. First it exploits the mechanism of MTD for providing security in the Control plane. The other advantage is that the multi-controller approach provides higher availability in the SDN network. Another critical gain is the lower computational overhead of SMTSC. Mininet and ONOS Controller are used to implement the proposed framework. The effectiveness and overheads of the framework is evaluated in terms of attacker's effort, defender cost and complexity introduced in the network. Results demonstrated promising trends for the protection of Control plan of SDN environment.

show abstract

“…Controller fingerprinting. As we explained in a previous work [11], the LLDP content is different from one controller to another which allows fingerprinting attacks on SDN controllers. An adversary (h1 in figure 5) matches the LLDP content he receives from s1 (LLDP packets originate from the controller) against a controller signature database to detect which controller is managing the network.…”

Section: A Ofdp Is Not Securementioning

confidence: 99%

Limitations of openflow topology discovery protocol

Azzouni

Trang

Boutaba

et al. 2017

2017 16th Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net)

Self Cite

View full text Add to dashboard Cite

Abstract-OpenFlow Discovery Protocol (OFDP) is the defacto protocol used by OpenFlow controllers to discover the underlying topology. In this paper, we show that OFDP has some serious security, efficiency and functionality limitations that make it non suitable for production deployments. Instead, we briefly introduce sOFTD, a new discovery protocol with a built-in security characteristics and which is more efficient than traditional OFDP.

show abstract

Fingerprinting OpenFlow Controllers: The First Step to Attack an SDN Control Plane

Cited by 33 publications

References 8 publications

Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking

Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking

Distributed Shadow Controllers based Moving Target Defense Framework for Control Plane Security

Limitations of openflow topology discovery protocol

Contact Info

Product

Resources

About