nach oben

Erschienen in:

2022 | OriginalPaper | Buchkapitel

13. Stealthy Verification Mechanism to Defend SDN Against Topology Poisoning

verfasst von : Bakht Zamin Khan, Anwar Ghani, Imran Khan, Muazzam Ali Khan, Muhammad Bilal

Erschienen in: Software Defined Internet of Everything

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Software-defined network (SDN) is an emerging networking paradigm that segregates functionalities of control and data plane to reduce their complexity and provides more control, scalability, and centralized management. OpenFlow (OF) is a widely used protocol that builds a global and shared view of the network. Therefore, for SDN applications, the correctness of the topology view has a critical impact on the flow-based communication and provision of services. However, recently identified vulnerabilities in Open Flow Discovery Protocol (OFDP) reveal that malicious hosts or data plane switches can poison the global view of the network, and an intruder can launch man-in-the-middle or denial of service attacks. Existing passive approach-based solutions work well for known attacks. Some solutions use an active approach to identify the fake links or malicious hosts by sending Stealthy Probing Verification (SPV) packets. However, due to the use of probing mechanism, it faces scalability and bandwidth consumption issues in the case of large data centers networks and resource limited networks. The proposed technique is based on the SPV mechanism, however, to counter the scalability and bandwidth issues, the probing packets are only initiated when triggered updates of a new link or network node are received by the SDN controller. The probing traffic has been reduced by 40%. Hence consume less bandwidth and identifies a malicious host in less than 90 ms. The results indicate that the Enhance Stealthy Probing Verification (ESPV) is a more scalable and suitable solution to detect and identify fake links or malicious hosts in large data center networks and resource limited networks such as Wireless Sensor Networks (WSNs).

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Trusted Mechanism Using Artificial Neural Networks in Healthcare Software-Defined Networks

Nächstes Kapitel Implementation of Protection Protocols for Security Threats in SDN

Al-Fares, M., Loukissas, A., & Vahdat, A. (2008). A scalable, commodity data center network architecture. ACM SIGCOMM Computer Communication Review, 38(4), 63–74.CrossRef

Alharbi, T., Portmann, T., & Pakzad, F. (2015). The (in) security of topology discovery in software defined networks, in 2015 IEEE 40th Conference on Local Computer Networks (LCN) (pp. 502–505). Piscataway: IEEE.CrossRef

Alimohammadifar, A., Majumdar, S., Madi, T., Jarraya, Y., Pourzandi, M., Wang, L., & Debbabi, M. (2018). Stealthy probing-based verification (SPV): An active approach to defending software defined networks against topology poisoning attacks, in European Symposium on Research in Computer Security (pp. 463–484). Berlin: Springer.CrossRef

Aryan, R., Yazidi, R., Engelstad, P. E., & Kure, Ø. (2017). A general formalism for defining and detecting openflow rule anomalies, in 2017 IEEE 42nd Conference on Local Networks (LCN) (pp. 426–434). Piscataway: IEEE.CrossRef

Aujla, G. S., Chaudhary, R., Kumar, N., Kumar, R., & Rodrigues, J. J. P. C. (2018). An ensembled scheme for QoS-aware traffic flow management in software defined networks, in 2018 IEEE International Conference on Communications (ICC) (pp. 1–7). Piscataway: IEEE.

Aujla, G. S., & Kumar, N. (2018). SDN-based energy management scheme for sustainability of data centers: An analysis on renewable energy sources and electric vehicles participation. Journal of Parallel and Distributed Computing, 117, 228–245.CrossRef

Aujla, G. S. S., Kumar, N., Garg, S., Kaur, K., & Ranjan, R. (2019). EDCSuS: Sustainable edge data centers as a service in SDN-enabled vehicular environment. IEEE Transactions on Sustainable Computing, IEEE. https://doi.org/10.1109/TSUSC.2019.2907110

Aujla, G. Singh, S., M., Bose, A., Kumar, N., Han, G., & Buyya, R. (2020). BlockSDN: Blockchain-as-a-service for software defined networking in smart city applications. IEEE Network, 34(2), 83–91.

Aujla, G. S., Singh, A., & Kumar, A. (2019). Adaptflow: Adaptive flow forwarding scheme for software-defined industrial networks. IEEE Internet of Things Journal, 7(7), 5843–5851.CrossRef

10.

Aujla, G. S., Singh, A., Singh, M., Sharma, S., Kumar, N., & Choo, K.-K. R. (2020). Blocked: Blockchain-based secure data processing framework in edge envisioned v2x environment. IEEE Transactions on Vehicular Technology, 69(6), 5850–5863.CrossRef

11.

Azzouni, A., Trang, N. T. M., Boutaba, R., & Pujolle, G. (2017). Limitations of openflow topology discovery protocol, in 2017 16th Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net) (pp. 1–3). Piscataway: IEEE.

12.

Badotra, S., & Singh, J. (2017). Open daylight as a controller for software defined networking. International Journal of Advanced Research in Computer Science, 8(5), 1105–1111.

13.

Dhawan, M., Poddar, R., Mahajan, K., & Mann, K. (2015). Sphinx: Detecting security attacks in software-defined networks, in Network and Distributed System Security (NDSS) (vol. 15, pp. 8–11).

14.

Fei, Y., Zhu, H., Wu, X., Fang, H., & Qin, S. (2018). Comparative modelling and verification of pthreads and dthreads. Journal of Software: Evolution and Process, 30(3), e1919.

15.

Gude, N., Koponen, T., Pettit, T., Pfaff, B., Casado, M., McKeown, N., & Shenker, S. (2008). NOX: Towards an operating system for networks. ACM SIGCOMM Computer Communication Review, 38(3), 105–110.CrossRef

16.

Hong, S., Xu, L., Wang, L., & Gu, G. (2015). Poisoning network visibility in software-defined networks: New attacks and countermeasures, in Network and Distributed System Security (NDSS) (vol. 15, pp. 8–11).

17.

Huang, X., Shi, P., Liu, Y., & Xu, Y. (2020). Towards trusted and efficient SDN topology discovery: A lightweight topology verification scheme. Computer Networks, 170, 107119.CrossRef

18.

Jarraya, Y., Madi, Y., & Debbabi, M. (2014). A survey and a layered taxonomy of software-defined networking. IEEE Communications Surveys & Tutorials, 16(4), 1955–1980.CrossRef

19.

Jindal, A., Aujla, G. S., Kumar, N., & Villari, M. (2019). Guardian: Blockchain-based secure demand response management in smart grid system. IEEE Transactions on Services Computing, 13(4), 613–624.CrossRef

20.

Khan, S., Gani, A., Wahab, A. W. A., Guizani, M., & Khan, M. K. (2016). Topology discovery in software defined networks: Threats, taxonomy, and state-of-the-art. IEEE Communications Surveys & Tutorials, 19(1), 303–324.CrossRef

21.

Kreutz, D., Ramos, F. M. V., Verissimo, P. E., Rothenberg, C. E., Azodolmolky, S., & Uhlig, S. (2014). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1), 14–76.CrossRef

22.

Lantz, B., Heller, B., & McKeown, N. (2010). A network in a laptop: Rapid prototyping for software-defined networks, in Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks (pp. 1–6).

23.

McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., & Turner, J. (2008). Openflow: Enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2), 69–74.CrossRef

24.

Medved, J., Varga, R., Tkacik, A., & Gray, K. (2014). Opendaylight: Towards a model-driven SDN controller architecture, in Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014 (pp. 1–6). Piscataway: IEEE.

25.

Open source software for creating private and public clouds (2017). http://www.openstack.org/

26.

Scapy: Packet manipulation program (2017). http://www.secdev.org/projects/scapy/

27.

Thanh Bui, T. (2015). ‘Analysis of topology poisoning attacks in software-defined networking’, KTH, School of Information and Communication Technology (ICT). Dissertation.

28.

ur Rasool, R., Wang, H., Ashraf, U., Ahmed, K., Anwar, Z., & Rafique, W. (2020). A survey of link flooding attacks in software defined network ecosystems. Journal of Network and Computer Applications, 172, 102803.

29.

Open vSwitch (2016). Production quality, multilayer open virtual switch. http://openvswitch.org/

30.

Xia, W., Wen, Y., Foh, C. H., Niyato, D., & Xie, H. (2014). A survey on software-defined networking. IEEE Communications Surveys & Tutorials, 17(1), 27–51.CrossRef

31.

Xia, W., Zhao, P., Wen, Y., & Xie, H. (2016). A survey on data center networking (DCN): Infrastructure and operations. IEEE Communications Surveys & Tutorials, 19(1), 640–656.CrossRef

Titel: Stealthy Verification Mechanism to Defend SDN Against Topology Poisoning
verfasst von: Bakht Zamin Khan
Anwar Ghani
Imran Khan
Muazzam Ali Khan
Muhammad Bilal
Verlag: Springer International Publishing
Buch: Software Defined Internet of Everything
Print ISBN: 978-3-030-89327-9

Electronic ISBN: 978-3-030-89328-6

Copyright-Jahr: 2022
DOI: https://doi.org/10.1007/978-3-030-89328-6_13

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"