Time Inference Attacks on Software Defined Networks: Challenges and Countermeasures
Title | Time Inference Attacks on Software Defined Networks: Challenges and Countermeasures |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Khorsandroo, Sajad, Tosun, Ali Saman |
Conference Name | 2018 IEEE 11th International Conference on Cloud Computing (CLOUD) |
ISBN Number | 978-1-5386-7235-8 |
Keywords | cloud computing, cloud data center testbed, Cloud Datacenter, Cloud Security, computer centres, computer network security, countermeasure, data centers, delays, flow state reconnaissance, flow-table size, Network reconnaissance, Probes, process control, pubcrawl, Reconnaissance, resilience, Resiliency, resource allocation, saturation attacks, Scalability, SDN, SDN controllers, SDN deployment, SDN resource-consumption, SDN security, Software, Software Defined Network, software defined networking, Software Defined Networks, switches flow-table size, time inference attacks |
Abstract | Through time inference attacks, adversaries fingerprint SDN controllers, estimate switches flow-table size, and perform flow state reconnaissance. In fact, timing a SDN and analyzing its results can expose information which later empowers SDN resource-consumption or saturation attacks. In the real world, however, launching such attacks is not easy. This is due to some challenges attackers may encounter while attacking an actual SDN deployment. These challenges, which are not addressed adequately in the related literature, are investigated in this paper. Accordingly, practical solutions to mitigate such attacks are also proposed. Discussed challenges are clarified by means of conducting extensive experiments on an actual cloud data center testbed. Moreover, mitigation schemes have been implemented and examined in details. Experimental results show that proposed countermeasures effectively block time inference attacks. |
URL | https://ieeexplore.ieee.org/document/8457818 |
DOI | 10.1109/CLOUD.2018.00050 |
Citation Key | khorsandroo_time_2018 |
- resilience
- time inference attacks
- switches flow-table size
- Software Defined Networks
- software defined networking
- Software Defined Network
- Software
- SDN security
- SDN resource-consumption
- SDN deployment
- SDN controllers
- SDN
- Scalability
- saturation attacks
- resource allocation
- Resiliency
- Cloud Computing
- Reconnaissance
- pubcrawl
- process control
- Probes
- Network reconnaissance
- flow-table size
- flow state reconnaissance
- delays
- data centers
- countermeasure
- computer network security
- computer centres
- Cloud Security
- Cloud Datacenter
- cloud data center testbed