Analysis of topology poisoning attacks in software-defined networking

Thanh Bui; Markku Antikainen; Tuomas Aura

doi:10.1007/978-3-030-35055-0_6

Analysis of topology poisoning attacks in software-defined networking

Thanh Bui^*, Markku Antikainen, Tuomas Aura

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

Abstract

In software-defined networking (SDN), routing decisions are made by a trusted network controller, which communicates with each forwarding device over a secure control channel. While this architecture avoids many security issues of distributed routing protocols, SDN remains vulnerable to topology poisoning attacks during topology discovery. Faked link information can cause wrong routing decisions by the controller and, thus, enable the attacker to reroute some traffic flows to compromised nodes. This paper provides both qualitative and quantitative analysis of topology poisoning attacks in SDN. We classify the attacks including new variants and analyze how their impact depends on the network topology, routing policy, and attacker location. While most of the literature emphasizes the security of the SDN controller and control channels, we assume them to be secure and aim to understand the ability of a small number of compromised switches to divert traffic flows. This is important because the low-cost, heterogeneous network equipment available for SDN may not be entirely trusted and because targeted attacks often start from the compromise of a single device.

Original language	English
Title of host publication	Secure IT Systems - 24th Nordic Conference, NordSec 2019, Proceedings
Editors	Aslan Askarov, René Rydhof Hansen, Willard Rafnsson
Publisher	Springer
Pages	87-102
Number of pages	16
ISBN (Print)	9783030350543
DOIs	https://doi.org/10.1007/978-3-030-35055-0_6
Publication status	Published - 13 Nov 2019
MoE publication type	A4 Conference publication
Event	Nordic Conference on Secure IT Systems - Aalborg, Denmark Duration: 18 Nov 2019 → 20 Nov 2019 Conference number: 24 https://nordsec2019.cs.aau.dk/

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11875 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Nordic Conference on Secure IT Systems
Abbreviated title	NordSec
Country/Territory	Denmark
City	Aalborg
Period	18/11/2019 → 20/11/2019
Internet address	https://nordsec2019.cs.aau.dk/

Access to Document

10.1007/978-3-030-35055-0_6

OpenUrl availability

Full text

Cite this

Bui, T., Antikainen, M., & Aura, T. (2019). Analysis of topology poisoning attacks in software-defined networking. In A. Askarov, R. R. Hansen, & W. Rafnsson (Eds.), Secure IT Systems - 24th Nordic Conference, NordSec 2019, Proceedings (pp. 87-102). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11875 LNCS). Springer. https://doi.org/10.1007/978-3-030-35055-0_6

Bui, Thanh ; Antikainen, Markku ; Aura, Tuomas. / Analysis of topology poisoning attacks in software-defined networking. Secure IT Systems - 24th Nordic Conference, NordSec 2019, Proceedings. editor / Aslan Askarov ; René Rydhof Hansen ; Willard Rafnsson. Springer, 2019. pp. 87-102 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{9040eeeee4cd442889c46139f0c4a014,

title = "Analysis of topology poisoning attacks in software-defined networking",

abstract = "In software-defined networking (SDN), routing decisions are made by a trusted network controller, which communicates with each forwarding device over a secure control channel. While this architecture avoids many security issues of distributed routing protocols, SDN remains vulnerable to topology poisoning attacks during topology discovery. Faked link information can cause wrong routing decisions by the controller and, thus, enable the attacker to reroute some traffic flows to compromised nodes. This paper provides both qualitative and quantitative analysis of topology poisoning attacks in SDN. We classify the attacks including new variants and analyze how their impact depends on the network topology, routing policy, and attacker location. While most of the literature emphasizes the security of the SDN controller and control channels, we assume them to be secure and aim to understand the ability of a small number of compromised switches to divert traffic flows. This is important because the low-cost, heterogeneous network equipment available for SDN may not be entirely trusted and because targeted attacks often start from the compromise of a single device.",

author = "Thanh Bui and Markku Antikainen and Tuomas Aura",

year = "2019",

month = nov,

day = "13",

doi = "10.1007/978-3-030-35055-0_6",

language = "English",

isbn = "9783030350543",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "87--102",

editor = "Aslan Askarov and Hansen, {Ren{\'e} Rydhof} and Willard Rafnsson",

booktitle = "Secure IT Systems - 24th Nordic Conference, NordSec 2019, Proceedings",

address = "Germany",

note = "Nordic Conference on Secure IT Systems, NordSec ; Conference date: 18-11-2019 Through 20-11-2019",

url = "https://nordsec2019.cs.aau.dk/",

}

Bui, T, Antikainen, M & Aura, T 2019, Analysis of topology poisoning attacks in software-defined networking. in A Askarov, RR Hansen & W Rafnsson (eds), Secure IT Systems - 24th Nordic Conference, NordSec 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11875 LNCS, Springer, pp. 87-102, Nordic Conference on Secure IT Systems, Aalborg, Denmark, 18/11/2019. https://doi.org/10.1007/978-3-030-35055-0_6

Analysis of topology poisoning attacks in software-defined networking. / Bui, Thanh; Antikainen, Markku ; Aura, Tuomas.
Secure IT Systems - 24th Nordic Conference, NordSec 2019, Proceedings. ed. / Aslan Askarov; René Rydhof Hansen; Willard Rafnsson. Springer, 2019. p. 87-102 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11875 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Analysis of topology poisoning attacks in software-defined networking

AU - Bui, Thanh

AU - Antikainen, Markku

AU - Aura, Tuomas

N1 - Conference code: 24

PY - 2019/11/13

Y1 - 2019/11/13

N2 - In software-defined networking (SDN), routing decisions are made by a trusted network controller, which communicates with each forwarding device over a secure control channel. While this architecture avoids many security issues of distributed routing protocols, SDN remains vulnerable to topology poisoning attacks during topology discovery. Faked link information can cause wrong routing decisions by the controller and, thus, enable the attacker to reroute some traffic flows to compromised nodes. This paper provides both qualitative and quantitative analysis of topology poisoning attacks in SDN. We classify the attacks including new variants and analyze how their impact depends on the network topology, routing policy, and attacker location. While most of the literature emphasizes the security of the SDN controller and control channels, we assume them to be secure and aim to understand the ability of a small number of compromised switches to divert traffic flows. This is important because the low-cost, heterogeneous network equipment available for SDN may not be entirely trusted and because targeted attacks often start from the compromise of a single device.

AB - In software-defined networking (SDN), routing decisions are made by a trusted network controller, which communicates with each forwarding device over a secure control channel. While this architecture avoids many security issues of distributed routing protocols, SDN remains vulnerable to topology poisoning attacks during topology discovery. Faked link information can cause wrong routing decisions by the controller and, thus, enable the attacker to reroute some traffic flows to compromised nodes. This paper provides both qualitative and quantitative analysis of topology poisoning attacks in SDN. We classify the attacks including new variants and analyze how their impact depends on the network topology, routing policy, and attacker location. While most of the literature emphasizes the security of the SDN controller and control channels, we assume them to be secure and aim to understand the ability of a small number of compromised switches to divert traffic flows. This is important because the low-cost, heterogeneous network equipment available for SDN may not be entirely trusted and because targeted attacks often start from the compromise of a single device.

UR - http://www.scopus.com/inward/record.url?scp=85076324708&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-35055-0_6

DO - 10.1007/978-3-030-35055-0_6

M3 - Conference contribution

AN - SCOPUS:85076324708

SN - 9783030350543

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 87

EP - 102

BT - Secure IT Systems - 24th Nordic Conference, NordSec 2019, Proceedings

A2 - Askarov, Aslan

A2 - Hansen, René Rydhof

A2 - Rafnsson, Willard

PB - Springer

T2 - Nordic Conference on Secure IT Systems

Y2 - 18 November 2019 through 20 November 2019

ER -

Bui T, Antikainen M , Aura T. Analysis of topology poisoning attacks in software-defined networking. In Askarov A, Hansen RR, Rafnsson W, editors, Secure IT Systems - 24th Nordic Conference, NordSec 2019, Proceedings. Springer. 2019. p. 87-102. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-35055-0_6

Analysis of topology poisoning attacks in software-defined networking

Abstract

Publication series

Conference

Access to Document

OpenUrl availability

Other files and links

Fingerprint

Security Failures in Modern Software

Cite this

Analysis of topology poisoning attacks in software-defined networking

Abstract

Publication series

Conference

Access to Document

OpenUrl availability

Other files and links

Fingerprint

Press/Media

Security Failures in Modern Software

Cite this