Abstract—Software-Defined Networking (SDN) is a new networking
paradigm that grants a controller and its applications
an omnipotent power to have holistic network visibility and
flexible network programmability, thus enabling new innovations
in network protocols and applications. One of the core advantages
of SDN is its logically centralized control plane to provide the
entire network visibility, on which many SDN applications rely.
For the first time in the literature, we propose new attack vectors
unique to SDN that seriously challenge this foundation. Our new
attacks are somewhat similar in spirit to spoofing attacks in legacy
networks (e.g., ARP poisoning attack), however with significant
differences in exploiting unique vulnerabilities how current SDN
operates differently from legacy networks. The successful attacks
can effectively poison the network topology information,
a fundamental building block for core SDN components and
topology-aware SDN applications. With the poisoned network
visibility, the upper-layer OpenFlow controller services/apps may
be totally misled, leading to serious hijacking, denial of service
or man-in-the-middle attacks. According to our study, all current
major SDN controllers we find in the market (e.g., Floodlight,
OpenDaylight, Beacon, and POX) are affected, i.e., they are
subject to the Network Topology Poisoning Attacks. We then
investigate the mitigation methods against the Network Topology
Poisoning Attacks and present TopoGuard, a new security extension
to SDN controllers, which provides automatic and real-time
detection of Network Topology Poisoning Attacks. Our evaluation
on a prototype implementation of TopoGuard in the Floodlight
controller shows that the defense solution can effectively secure
network topology while introducing only a minor impact on
normal operations of OpenFlow controllers.
more here.........http://www.internetsociety.org/sites/default/files/10_4_2.pdf
paradigm that grants a controller and its applications
an omnipotent power to have holistic network visibility and
flexible network programmability, thus enabling new innovations
in network protocols and applications. One of the core advantages
of SDN is its logically centralized control plane to provide the
entire network visibility, on which many SDN applications rely.
For the first time in the literature, we propose new attack vectors
unique to SDN that seriously challenge this foundation. Our new
attacks are somewhat similar in spirit to spoofing attacks in legacy
networks (e.g., ARP poisoning attack), however with significant
differences in exploiting unique vulnerabilities how current SDN
operates differently from legacy networks. The successful attacks
can effectively poison the network topology information,
a fundamental building block for core SDN components and
topology-aware SDN applications. With the poisoned network
visibility, the upper-layer OpenFlow controller services/apps may
be totally misled, leading to serious hijacking, denial of service
or man-in-the-middle attacks. According to our study, all current
major SDN controllers we find in the market (e.g., Floodlight,
OpenDaylight, Beacon, and POX) are affected, i.e., they are
subject to the Network Topology Poisoning Attacks. We then
investigate the mitigation methods against the Network Topology
Poisoning Attacks and present TopoGuard, a new security extension
to SDN controllers, which provides automatic and real-time
detection of Network Topology Poisoning Attacks. Our evaluation
on a prototype implementation of TopoGuard in the Floodlight
controller shows that the defense solution can effectively secure
network topology while introducing only a minor impact on
normal operations of OpenFlow controllers.
more here.........http://www.internetsociety.org/sites/default/files/10_4_2.pdf