1 research outputs found
Software-Defined Adversarial Trajectory Sampling
Today's routing protocols critically rely on the assumption that the
underlying hardware is trusted. Given the increasing number of attacks on
network devices, and recent reports on hardware backdoors this assumption has
become questionable. Indeed, with the critical role computer networks play
today, the contrast between our security assumptions and reality is
problematic.
This paper presents Software-Defined Adversarial Trajectory Sampling
(SoftATS), an OpenFlow-based mechanism to efficiently monitor packet
trajectories, also in the presence of non-cooperating or even adversarial
switches or routers, e.g., containing hardware backdoors. Our approach is based
on a secure, redundant and adaptive sample distribution scheme which allows us
to provably detect adversarial switches or routers trying to reroute, mirror,
drop, inject, or modify packets (i.e., header and/or payload). We evaluate the
effectiveness of our approach in different adversarial settings, report on a
proof-of-concept implementation, and provide a first evaluation of the
performance overheads of such a scheme.Comment: SDN Security, Trajectory Sampling, Forwarding Attacks, Malicious
Router, Malicious Data Plane, Compromised Data Plane, Data Plane Securit