Assessment of connectivity-based resilience to attacks against multiple nodes in SDNs

In Software Defined Networks (SDNs), the control plane of a network is decoupled from its data plane. For scalability and robustness, the logically centralized control plane is implemented by physically placing different controllers throughout the network. The determination of the number and placement of controllers is known as the Controller Placement Problem (CPP). In the regular (i.e., failure-free) state, the control plane must guarantee a given maximum delay between every switch and its primary controller and a given maximum delay between every pair of controllers. In general, these delay bounds allow multiple solutions and, so, other goals can be used to determine the best CPP solution. In this paper, we assess the connectivity-based resilience to malicious attacks against multiple network nodes of the CPP solutions obtained with three different aims: the regular state delay optimization without any concern about attacks, the regular state delay optimization taking into consideration the worst-case attacks and the resilience optimization to attacks against multiple nodes. We assess the CPP solutions considering attacks of targeted nature (when the attacker has complete knowledge of the data plane) and attacks of non-targeted nature (i.e., random and epidemic attacks). We present computational results providing an analysis of the CPP solutions to the different types of attacks. The main conclusion is that the connectivity-based resilience between the different CPP solutions strongly depends on the network topology, the regular state delay bounds and the type of attacks. Finally, we provide insights on how SDN operators can consider the conducted assessment when deciding the controller placements in their networks.publishe

Combined control and data plane robustness of SDN networks against malicious node attacks

In the context of software-defined networking (SDN), we address a variant of the controller placement problem (CPP), which takes into account the network robustness at both control and data plane layers. For given maximum values of switch-controller and controller-controller delays at the regular state (i.e., when the network is fully operational), the aim is to maximize the network robustness against a set of failure states, each state defined as a possible malicious attack to multiple network nodes. We assume that the attacker knows the data plane topology and, therefore, can adopt either one of three commonly considered node centrality attacks (based on the node degree, closeness or betweenness centralities), or an attack to the nodes which are the optimal solution of the critical node detection (CND) problem. We propose a set of robustness metrics which are used to obtain the optimal solutions for the robust CPP variant. We present a set of computational results comparing the average delays and robustness values of the robust CPP solutions against those minimizing only the average switch-controller and controller-controller delays. Moreover, the impact of using the CND based attack in the robustness evaluation of CPP solutions is also assessed in the computational results.publishe

Defense by Deception against Stealthy Attacks in Power Grids

Cyber-physical Systems (CPSs) and the Internet of Things (IoT) are converging towards a hybrid platform that is becoming ubiquitous in all modern infrastructures. The integration of the complex and heterogeneous systems creates enormous space for the adversaries to get into the network and inject cleverly crafted false data into measurements, misleading the control center to make erroneous decisions. Besides, the attacker can make a critical part of the system unavailable by compromising the sensor data availability. To obfuscate and mislead the attackers, we propose DDAF, a deceptive data acquisition framework for CPSs\u27 hierarchical communication network. Each switch in the hierarchical communication network generates a random pattern of addresses/IDs by shuffling the original sensor IDs reported through it. During the data acquisition from remotely located sensors to the central controller, the switches craft the network packets by replacing a few sensors\u27 associated addresses/IDs with the generated deceptive IDs and by adding decoy data for the rest. While misleading the attackers, the control center must retrieve the actual data to operate the system correctly. We propose three remapping mechanisms (e.g., seed-based, prediction-based, and hybrid) and compare their robustness against different stealthy attacks. Due to the deception, artfully altered measurements turn into random data injections, making it easy to remove them as outliers. As the outliers and the estimated residuals contain the potential attack vectors, DDAF can detect and localize the attack points and the targeted sensors by analyzing this information. DDAF is generic and scalable to be implemented in any hierarchical CPSs network. Experimental results on the standard IEEE 14, 57, and 300 bus power systems show that DDAF can detect, mitigate, and localize up-to 100% of the stealthy cyberattacks. To the best of our knowledge, this is the first framework that implements complete randomization in the data acquisition of the hierarchical CPSs

The minimum cost D-geodiverse anycast routing with optimal selection of anycast nodes

Consider a geographical network with associated link costs. In anycast routing, network nodes are partitioned into two sets - the source nodes and the anycast (destination) nodes - and the traffic of each source node is routed towards the anycast node providing the minimum routing cost path. By considering a given geographical distance parameter D, we define an anycast routing solution as D-geodiverse when for each source node there are two routing paths, each one towards a different anycast node, such that the geographical distance between the two paths is at least D. Such a solution has the property that any disaster with a coverage diameter below D affecting one routing path (but without involving neither the source node nor its entire set of outgoing links) cannot affect the other path, enhancing in this way the network robustness to natural disasters. The selection of the anycast nodes has an impact both on the feasibility and cost of a D- geodiverse anycast routing solution. Therefore, for a desired number of anycast nodes R, we define the minimum cost D- geodiverse anycast problem (MCD-GAP) aiming to identify a set of R anycast nodes that obtain a minimum cost routing solution. The problem is defined based on integer linear programming and is extended to consider the existence of vulnerability regions in the network, i.e., by imposing the geographical distance D only between network elements belonging to the same region. We present computational results showing the tradeoff between D and R in the optimal solutions obtained with and without vulnerability regions.This paper is based upon work from COST Action CA15127 ("Resilient communication services protecting end user applications from disaster-based failures ‒ RECODIS") supported by COST Association. The work was financially supported by FCT, Portugal, under the projects CENTRO- 01-0145-FEDER-029312 and UID/EEA/50008/2013 and through the postdoc grant SFRH/BPD/ 111503/2015.publishe

Context-based security function orchestration for the network edge

Over the last few years the number of interconnected devices has increased dramatically, generating zettabytes of traffic each year. In order to cater to the requirements of end-users, operators have deployed network services to enhance their infrastructure. Nowadays, telecommunications service providers are making use of virtualised, flexible, and cost-effective network-wide services, under what is known as Network Function Virtualisation (NFV). Future network and application requirements necessitate services to be delivered at the edge of the network, in close proximity to end-users, which has the potential to reduce end-to-end latency and minimise the utilisation of the core infrastructure while providing flexible allocation of resources. One class of functionality that NFV facilitates is the rapid deployment of network security services. However, the urgency for assuring connectivity to an ever increasing number of devices as well as their resource-constrained nature, has led to neglecting security principles and best practices. These low-cost devices are often exploited for malicious purposes in targeting the network infrastructure, with recent volumetric Distributed Denial of Service (DDoS) attacks often surpassing 1 terabyte per second of network traffic. The work presented in this thesis aims to identify the unique requirements of security modules implemented as Virtual Network Functions (VNFs), and the associated challenges in providing management and orchestration of complex chains consisting of multiple VNFs The work presented here focuses on deployment, placement, and lifecycle management of microservice-based security VNFs in resource-constrained environments using contextual information on device behaviour. Furthermore, the thesis presents a formulation of the latency-optimal placement of service chains at the network edge, provides an optimal solution using Integer Linear Programming, and an associated near-optimal heuristic solution that is able to solve larger-size problems in reduced time, which can be used in conjunction with context-based security paradigms. The results of this work demonstrate that lightweight security VNFs can be tailored for, and hosted on, a variety of devices, including commodity resource-constrained systems found in edge networks. Furthermore, using a context-based implementation of the management and orchestration of lightweight services enables the deployment of real-world complex security service chains tailored towards the user’s performance demands from the network. Finally, the results of this work show that on-path placement of service chains reduces the end-to-end latency and minimise the number of service-level agreement violations, therefore enabling secure use of latency-critical networks

Security Features in a Hybrid Software-Defined Network

The paper presents a novel paradigm of software-defined network that is significantly different from previous traditional networks and enables new opportunities in the architecture and implementation of security solutions. The analysis of network environments will compare traditional networks and software-defined networks and emphasize significant differences. A survey of the existing research includes vector attacks and troubleshooting using the capabilities of SDN with an emphasis on access control, detection, and prevention of attacks. This paper uses previous research and results to obtain information that will be used in improving critical system network protection and compares it with the existing conventional approach as well as implements it through a hybrid software-defined network