Visible to the public Time Inference Attacks on Software Defined Networks: Challenges and Countermeasures

TitleTime Inference Attacks on Software Defined Networks: Challenges and Countermeasures
Publication TypeConference Paper
Year of Publication2018
AuthorsKhorsandroo, Sajad, Tosun, Ali Saman
Conference Name2018 IEEE 11th International Conference on Cloud Computing (CLOUD)
ISBN Number978-1-5386-7235-8
Keywordscloud computing, cloud data center testbed, Cloud Datacenter, Cloud Security, computer centres, computer network security, countermeasure, data centers, delays, flow state reconnaissance, flow-table size, Network reconnaissance, Probes, process control, pubcrawl, Reconnaissance, resilience, Resiliency, resource allocation, saturation attacks, Scalability, SDN, SDN controllers, SDN deployment, SDN resource-consumption, SDN security, Software, Software Defined Network, software defined networking, Software Defined Networks, switches flow-table size, time inference attacks
Abstract

Through time inference attacks, adversaries fingerprint SDN controllers, estimate switches flow-table size, and perform flow state reconnaissance. In fact, timing a SDN and analyzing its results can expose information which later empowers SDN resource-consumption or saturation attacks. In the real world, however, launching such attacks is not easy. This is due to some challenges attackers may encounter while attacking an actual SDN deployment. These challenges, which are not addressed adequately in the related literature, are investigated in this paper. Accordingly, practical solutions to mitigate such attacks are also proposed. Discussed challenges are clarified by means of conducting extensive experiments on an actual cloud data center testbed. Moreover, mitigation schemes have been implemented and examined in details. Experimental results show that proposed countermeasures effectively block time inference attacks.

URLhttps://ieeexplore.ieee.org/document/8457818
DOI10.1109/CLOUD.2018.00050
Citation Keykhorsandroo_time_2018