Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks &Amp; Network Function Virtualizati 2016
DOI: 10.1145/2876019.2876030
|View full text |Cite
|
Sign up to set email alerts
|

Timing SDN Control Planes to Infer Network Configurations

Abstract: In this paper, we study information leakage by control planes of Software Defined Networks. We find that the response time of an OpenFlow control plane depends on its workload, and we develop an inference attack that an adversary with control of a single host could use to learn about network configurations without needing to compromise any network infrastructure (i.e. switches or controller servers). We also demonstrate that our inference attack works on real OpenFlow hardware. To our knowledge, no previous wo… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
17
0
4

Year Published

2018
2018
2023
2023

Publication Types

Select...
5
1
1

Relationship

0
7

Authors

Journals

citations
Cited by 21 publications
(21 citation statements)
references
References 2 publications
0
17
0
4
Order By: Relevance
“…erefore, the controller type can be identified by recording the average processing time and comparing it to the constructed controller response time database. Sonchack et al [12] used specially constructed probe packets and test packets to identify key flow rules in the flow table. Zhang et al [13] conducted research on how to identify the flow matching domain information of SDN switches.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…erefore, the controller type can be identified by recording the average processing time and comparing it to the constructed controller response time database. Sonchack et al [12] used specially constructed probe packets and test packets to identify key flow rules in the flow table. Zhang et al [13] conducted research on how to identify the flow matching domain information of SDN switches.…”
Section: Related Workmentioning
confidence: 99%
“…en, we construct the full-factor SDN fingerprint attack chain based on the classification results of the existing researches. It is worth noting that although the specific technologies in the SDN fingerprint attack chain are based on the existing researches [9,11,12], the concept of the fingerprint attack chain is first proposed by us in this paper, so this is also one of the contributions of our paper.…”
Section: Motivationmentioning
confidence: 99%
“…If the changed field triggers a flow rule installation, controller is probably sensitive to this header field. Further, [41] uses two streams, the timing packet stream and test packet stream, that cooperate with each other to infer the values of the matching fields. To improve the detection accuracy, [42] developed an explicit inference algorithm to detect the cache size, policy and state of the target flow table in a more fine-grained way and implement intelligent DoS attacks according to the inferred parameters, causing greater damage with less cost.…”
Section: Network Flow Rule Probingmentioning
confidence: 99%
“…DoS attacks to SDN usually originate from the data plane and affect the availability of controllers by populating the switch flow table or filling the southbound channel between the controller and data plane [36,41,44]. A DoS attack against an SDN controller is a serious security threat, which may cause the controller to be unavailable and jeopardize network stability.…”
Section: Packet_in Message Flooding Attackmentioning
confidence: 99%
“…[26] creates a python script to probe packets between OpenFlow switches and controller to dissect fractions of the control layer latency. [27] studies the effect of varying the load of the control plane on it is latency using background control probe packets and ping utility on the Pica8 physical switch. At last, High-Fidelity Switch Models for SDN Emulation [3] is the most related work to this paper.…”
Section: Evaluation Of Sdnmentioning
confidence: 99%