Investigation of Network Topology

Poisoning Attacks in Software Defined

Networks

- Garuda Suma Pranavi

(under the guidance of Prof. Ma Maode at NTU,
Singapore)
January o Literature Survey on SDN and OpenFlow

February o Continued Survey on SDN and OpenFlow

o Survey on security issues (network topology poisoning attacks in SDN)

March o Identification of an attack and exploiting one possible countermeasure (such as a

security shortcoming or overhead reduction) against the chosen attack.
o Learning how to use BAN (Burrows Abadhi Needham Logic-descriptive
mathematical language) for employing security in SDN.

April 2017 o Proposing a solution in the form of an algorithm.

o Developing the proposed algorithm in BAN Logic. (a mathematical language which
uses postulates for designing protocols)

May 2017 o Verifying the algorithm for no logical errors.

o Formal verification done on Scyther (tool for automated analysis of security
protocols).
June 2017 o Correcting errors and making the algorithm more efficient.
o If time permits, the time taken by the algorithm will be calculated on MATLAB and
optimized.
 DoS (Denial Of Service) Attacks

Control Channel Congestion/ exhausting the control plane

bandwidth
Controller Resource Saturation
Flow Table OverFlow/Switch TCAM memory saturation attack
 Control channel congestion/ Exhausting control plane
bandwidth

Floodlight
Additive Increase Multiplicative Decrease
Resource Management of switches and controller though trust
values.
Single Layer Fair Queuing
Multi Layer Fair Queuing
 Controller Resource Saturation

Avant Guard
LineSwitch
FloodGuard
Controller Protection Protocol
Flow Ranger
 Flow Table overflow/ Switch TCAM
memory saturation attack

Peer support strategy

Classifying clients as UDP flooders through pre-evaluated
thresholds
Traffic percentage triggers
Amplification Rate Triggers
FLIP
 DoS attack mitigation

Switch Software Overloading

SDN security Plane
SDN-Guard
PATMOS
OpenFlow SIA
Switch Software Overloading
Secure multi party SDN updates (history based approach)
 Port Knocking as a basis for
Firewall applications

Advanced Port Knocking Authentication scheme with QRC

using AES
Covert Communication using Port Knocking
Port Knocking against TCP Replay and Port Scanning
Secure Port Knock Tunneling
Port Hopping DoS mitigation
 Stateful Failure Recovery

Re-routing using MPLS tags

Backup Resource based failure recovery ( through importance
level of links)
Multi Topology Routing based IP Fast Re-route
Failure Recovery using VLAN Tagging
Software based failure recovery in load balanced data center
networks
 Miscellaneous Proposals

Detecting Packet Forwarding Anomalies: FADE

DNS tunneling Stateful detection
Host tracking service (Port manager, host probing, host checker)
NetCo: Reliable Routing with unreliable routers
Moving Target Defense (Network Randomization for TCP/UDP ports, IP
addresses, network paths)
Path Hopping based SDN network defense
Fingerprinting of SDN networks
SPHINX
Malicious Application Mitigation

AuthFlow
FRESCO
Rosemary
LegoSDN
FortNOX
 Security Proposals

Policy Conflict Resolution to avoid network logic manipulations.

Mutual Authentication (between network components)
Control Plane isolation via slicing: Partitioning resources on a
per application basis/ containerizing applications
Logging/Forensics for IDS/IPS
Rate limiting, Flow aggregation and short timeouts
State Consistency checks
 FortNOX (efficient detection and reconciliation of
potentially conflicting flow rules imposed by dynamic
OpenFlow applications)
Role based source authentication module
Conflict Analyzer (through alias reduced roles)
Flow rule timeout callback interface
IPC proxy
if there is any Si, satisfying SCi,j FCi,j and
SAi FAi; for all j; then Fi is conflicted with Si
Security directive translator
 Limitations of FortNOX
Determination of appropriate security authorization level to
applications and hosts (basis of assigning access levels)
through AuthFlow
The conflict resolution scheme has a minimal overhead, it is
in the worst case linear with respect to the number of rules,
however FortNOX also digitally signs each of these flow
rules and this overhead is not been taken into account.
Legitimate security applications that rely on dynamic
modification of flows within the network will not operate
properly in the presence of admin-created hard coded rules.
A permission based mechanism to allow certain dynamic
 AuthFlow (authentication and access control
mechanism based on host credentials)

Host authentication just above the MAC layer for low overhead and fine
grained access control (IEEE 802.1X and EAP)
Authentication method used: MS-CHAP v2 , here virtual routers/hosts
are authenticated against a database using username and password as
credentials (LDAP). LDAP also stores other parameters that define
privileges for network access.
Credential based authentication that uses mapping of host identity into
new flow field to define forwarding rules.
Different levels of access to network resources according to credentials
(containerizing applications)
 Limitations of AuthFlow
Current implementation uses RADIUS authentication against a LDAP
database. It was proposed to extend to methods such as EAP-TLS
(based on certificate exchanging for accessing credentials).
EAP is weak in the realm of authentication (even EAP-TLS). The keys
exchanged are heard by everyone and an attack can be easily
performed by sniffing the protocol communication and then inject
misleading messages or fake error messages which decreases the
probability of the client connecting to the router.
Certain mechanisms such as EAP queuing enhancement have been
proposed to overcome certain attacks. However, to make AuthFlow
more secure we have to come up with innovative solutions.
 Future Work
Overcome the shortcomings in AuthFlow. (EAP
mechanism)
Try to incorporate AuthFlow in FortNOX for determination
of appropriate security authorization levels.
Or employ LegoSDN as first line defense to identify a
failing application and then combine it with FortNOX.
Developing an algorithm in BAN for the enhanced EAP
mechanism
Formal verification of the same through Scyther.
Thank You