Visible to the public A Novel TCP/IP Header Hijacking Attack on SDN

TitleA Novel TCP/IP Header Hijacking Attack on SDN
Publication TypeConference Paper
Year of Publication2022
AuthorsMohammadi, Ali Akbar, Hussain, Rasheed, Oracevic, Alma, Kazmi, Syed Muhammad Ahsan Raza, Hussain, Fatima, Aloqaily, Moayad, Son, Junggab
Conference NameIEEE INFOCOM 2022 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)
Keywordscomputer security, Conferences, Middlebox Security, Middleboxes, pubcrawl, resilience, Resiliency, Scalability, SDN, SDN security, TCP/IP hijacking, TCPIP
AbstractMiddlebox is primarily used in Software-Defined Network (SDN) to enhance operational performance, policy compliance, and security operations. Therefore, security of the middlebox itself is essential because incorrect use of the middlebox can cause severe cybersecurity problems for SDN. Existing attacks against middleboxes in SDN (for instance, middleboxbypass attack) use methods such as cloned tags from the previous packets to justify that the middlebox has processed the injected packet. Flowcloak as the latest solution to defeat such an attack creates a defence using a tag by computing the hash of certain parts of the packet header. However, the security mechanisms proposed to mitigate these attacks are compromise-able since all parts of the packet header can be imitated, leaving the middleboxes insecure. To demonstrate our claim, we introduce a novel attack against SDN middleboxes by hijacking TCP/IP headers. The attack uses crafted TCP/IP headers to receive the tags and signatures and successfully bypasses the middleboxes.
DOI10.1109/INFOCOMWKSHPS54753.2022.9798234
Citation Keymohammadi_novel_2022