Novel MITM Attacks on Security Protocols in SDN: A Feasibility Study

Wang, Xin; Gao, Neng; Zhang, Lingchen; Liu, Zongbin; Wang, Lei

doi:10.1007/978-3-319-50011-9_35

Cited by 13 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…LLI measures the switch- internal link latency during all LLDP propagations and flags anomalies that could indicate a forged link. A similar approach was proposed by Wang et al [35]. However, in the study by [30], the author discovered an attack that allowed for the removal of genuine links between switches, taking advantage of how LLI works.…”

Section: Existing Solutions and Analysismentioning

confidence: 97%

LINK-GUARD: An Effective and Scalable Security Framework for Link Discovery in SDN Networks

Salti

Zhang

2022

IEEE Access

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is an emerging networking paradigm that creates new opportunities for future generations of networks. The main characteristic of SDN is its ability to centralise control through the decoupling of control decisions from the network switches to make the network more flexible, programmable, and scalable. As part of this centralised control management, the SDN controller maintains a holistic view of the underlying network. Therefore, topology discovery in SDN is an essential service for topology-aware applications, such as routing, load balancing, mobility, and tracking. However, during the SDN topology discovery process, the controllers, without proper protection, are vulnerable to topology poisoning attacks, most notably Link Fabrication Attacks (LFAs). LFAs may be mounted due to a leak of packet source authentication, the lack of packet integrity checks, or the reuse of static packets. In this paper, we describe an effective and scalable security framework, LINK-GUARD, used for facilitating secure link discoveries in an SDN network. LINK-GUARD is designed to detect and thwart LFAs, thus reducing the risks of network topology poisoning. The framework has been implemented and evaluated on a Mininet emulator with an RYU controller. The security analysis indicates that LINK-GUARD can effectively and efficiently secure topology discoveries against both host-based and switch-based link fabrication attacks. Performance evaluation results show that the legitimacy of new links can be verified nearly real-time, taking approximately 30 milliseconds, and fake links can be detected within as low as 6 milliseconds, with a negligible runtime overhead. These results show that LINK-GUARD is a scalable solution for dynamic and large SDN networks.INDEX TERMS Software-Defined Networking (SDN), topology discovery, OpenFlow protocol, topology poisoning, link fabrication attacks.

show abstract

Section: Existing Solutions and Analysismentioning

confidence: 97%

LINK-GUARD: An Effective and Scalable Security Framework for Link Discovery in SDN Networks

Salti

Zhang

2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…At the national level, some of the errors may be incorrect data entry. An attacker may make more elaborate attacks, such as an attack on communication channels [8,9], such as a MiTM (Man in the Middle) attack [10,11]. Attacks on the monitoring web, such as command injection [12], Distributed Denial of Service (DDoS) [13,14], Cross Site Scripting (XSS) [15,16].…”

Section: Possible Errors and Attacks On The Systemmentioning

confidence: 99%

KawalPilpres2019: a highly secured real count voting escort architecture

Purbo

Deograt²,

Satriyanto³

et al. 2019

TELKOMNIKA

View full text Add to dashboard Cite

This paper reports on the highly secured information security architecture used by the KawalPilpres 2019 to escort Voting Commission (KPU) data entry. For the first time, a voting escort implements ISO 27001 compliance information security. As of 15 May 2019, 9550 volunteers reported 482,602 voting data of 336,445 voting booths, both in the country and overseas, through the micro-apps KawalPilpres2019. PeSanKita is used as a secure communication channel and to run micro-apps KawalPilpres2019. Double Ratchet Algorithm secures the channel. Different from other voting escort initiatives, KawalPilpres2019 uses (1) primarily C1 Plano photo, (2) no upload limit per voting booth, (3) no web upload, rather via PeSanKita Secured Platform. Behind the scenes, the verification process is done twice before displaying data to the publicly accessible monitoring web. The result is a robust voting escort system, difficult to hack and guarantee data integrity. Guaranteed security, availability, and data integrity are the main requirements for future eVoting systems.

show abstract