Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks

Shrivastava, Pragati and Kataoka, Kotaro (2022) Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks. IEEE Transactions on Network and Service Management, 19 (1). pp. 510-523. ISSN 2373-7379

[img] Text
IEEE_Transactions_on_Network_and_Service_Management.pdf - Published Version
Restricted to Registered users only

Download (3MB) | Request a copy

Abstract

The hybrid software-defined networks (SDN) architectures are beneficial for a smooth transition and less costly SDN deployment. However, legacy switches and SDN switches coexistence brings new challenges of deployment inconsistency management and security. Security is not well studied for hybrid SDN architecture. In this paper, we study the topology poisoning attacks in hybrid SDN for the first time. We propose new attack vectors for link fabrication in hybrid SDN. The new attack is named 'multi-hop link fabrication,' in which an adversary successfully injects a fake multi-hop link (MHL) by exploiting the link discovery protocols. We presented the Hybrid-Shield, a link verification framework for hybrid SDN link discovery. Hybrid-Shield introduces a novel verification technique that includes: i) monitoring legacy switch and host generated traffic at MHL and ii) validating the existence of legacy switches contained in an MHL. This paper presents the prototype implementation of Hybrid-Shield over a real SDN controller. The experimental evaluation is performed with the mininet virtual network emulation. Our evaluation shows that Hybrid-Shield is capable of detecting MHL fabrication attacks in real-time with high accuracy. Hybrid-Shield's performance evaluation shows that it is lightweight at the controller as it causes less overhead and requires no additional functionalities at the SDN controller for deployment. © 2022 IEEE.

[error in script]
IITH Creators:
IITH CreatorsORCiD
Kataoka, Kotarohttps://orcid.org/0000-0003-0545-3415
Item Type: Article
Uncontrolled Keywords: Hybrid software-defined network; Link Discovery; Multi-hop links; Openflow; Poisoning attacks; Smooth transitions; Software-defined network; Software-defined networks; Topology poisoning
Subjects: Computer science
Divisions: Department of Computer Science & Engineering
Depositing User: . LibTrainee 2021
Date Deposited: 22 Jul 2022 06:14
Last Modified: 22 Jul 2022 06:14
URI: http://raiithold.iith.ac.in/id/eprint/9579
Publisher URL: http://doi.org/10.1109/TNSM.2021.3109099
OA policy: https://v2.sherpa.ac.uk/id/publication/3530
Related URLs:

Actions (login required)

View Item View Item
Statistics for RAIITH ePrint 9579 Statistics for this ePrint Item