4,042 research outputs found
Outsmarting Network Security with SDN Teleportation
Software-defined networking is considered a promising new paradigm, enabling
more reliable and formally verifiable communication networks. However, this
paper shows that the separation of the control plane from the data plane, which
lies at the heart of Software-Defined Networks (SDNs), introduces a new
vulnerability which we call \emph{teleportation}. An attacker (e.g., a
malicious switch in the data plane or a host connected to the network) can use
teleportation to transmit information via the control plane and bypass critical
network functions in the data plane (e.g., a firewall), and to violate security
policies as well as logical and even physical separations. This paper
characterizes the design space for teleportation attacks theoretically, and
then identifies four different teleportation techniques. We demonstrate and
discuss how these techniques can be exploited for different attacks (e.g.,
exfiltrating confidential data at high rates), and also initiate the discussion
of possible countermeasures. Generally, and given today's trend toward more
intent-based networking, we believe that our findings are relevant beyond the
use cases considered in this paper.Comment: Accepted in EuroSP'1
Will 5G See its Blind Side? Evolving 5G for Universal Internet Access
Internet has shown itself to be a catalyst for economic growth and social
equity but its potency is thwarted by the fact that the Internet is off limits
for the vast majority of human beings. Mobile phones---the fastest growing
technology in the world that now reaches around 80\% of humanity---can enable
universal Internet access if it can resolve coverage problems that have
historically plagued previous cellular architectures (2G, 3G, and 4G). These
conventional architectures have not been able to sustain universal service
provisioning since these architectures depend on having enough users per cell
for their economic viability and thus are not well suited to rural areas (which
are by definition sparsely populated). The new generation of mobile cellular
technology (5G), currently in a formative phase and expected to be finalized
around 2020, is aimed at orders of magnitude performance enhancement. 5G offers
a clean slate to network designers and can be molded into an architecture also
amenable to universal Internet provisioning. Keeping in mind the great social
benefits of democratizing Internet and connectivity, we believe that the time
is ripe for emphasizing universal Internet provisioning as an important goal on
the 5G research agenda. In this paper, we investigate the opportunities and
challenges in utilizing 5G for global access to the Internet for all (GAIA). We
have also identified the major technical issues involved in a 5G-based GAIA
solution and have set up a future research agenda by defining open research
problems
Know Your Enemy: Stealth Configuration-Information Gathering in SDN
Software Defined Networking (SDN) is a network architecture that aims at
providing high flexibility through the separation of the network logic from the
forwarding functions. The industry has already widely adopted SDN and
researchers thoroughly analyzed its vulnerabilities, proposing solutions to
improve its security. However, we believe important security aspects of SDN are
still left uninvestigated. In this paper, we raise the concern of the
possibility for an attacker to obtain knowledge about an SDN network. In
particular, we introduce a novel attack, named Know Your Enemy (KYE), by means
of which an attacker can gather vital information about the configuration of
the network. This information ranges from the configuration of security tools,
such as attack detection thresholds for network scanning, to general network
policies like QoS and network virtualization. Additionally, we show that an
attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk
of being detected. We underline that the vulnerability exploited by the KYE
attack is proper of SDN and is not present in legacy networks. To address the
KYE attack, we also propose an active defense countermeasure based on network
flows obfuscation, which considerably increases the complexity for a successful
attack. Our solution offers provable security guarantees that can be tailored
to the needs of the specific network under consideratio
Atomic-SDN: Is Synchronous Flooding the Solution to Software-Defined Networking in IoT?
The adoption of Software Defined Networking (SDN) within traditional networks
has provided operators the ability to manage diverse resources and easily
reconfigure networks as requirements change. Recent research has extended this
concept to IEEE 802.15.4 low-power wireless networks, which form a key
component of the Internet of Things (IoT). However, the multiple traffic
patterns necessary for SDN control makes it difficult to apply this approach to
these highly challenging environments. This paper presents Atomic-SDN, a highly
reliable and low-latency solution for SDN in low-power wireless. Atomic-SDN
introduces a novel Synchronous Flooding (SF) architecture capable of
dynamically configuring SF protocols to satisfy complex SDN control
requirements, and draws from the authors' previous experiences in the IEEE EWSN
Dependability Competition: where SF solutions have consistently outperformed
other entries. Using this approach, Atomic-SDN presents considerable
performance gains over other SDN implementations for low-power IoT networks. We
evaluate Atomic-SDN through simulation and experimentation, and show how
utilizing SF techniques provides latency and reliability guarantees to SDN
control operations as the local mesh scales. We compare Atomic-SDN against
other SDN implementations based on the IEEE 802.15.4 network stack, and
establish that Atomic-SDN improves SDN control by orders-of-magnitude across
latency, reliability, and energy-efficiency metrics
- …