ABSTRACT
Over the past decade, Software-Defined Networking (SDN) has been a highly researched and popular field. One crucial aspect of any network, including SDNs, is the network discovery phase, also known as topology discovery. The security of the network is based on secure topology discovery, which includes protecting the hosts, switches, and associated links. This paper introduces a model called VADSec – Virtual Local Area Network (VLAN) and Active Directory (AD) based topology discovery, which aims to secure hosts and prevent host hijacking attacks. Our proposed technique utilizes VLANs to isolate traffic and identify any malicious or impersonating hosts. Furthermore, we use LDAP protocol to query Active Directory and verify the legitimacy of a specific MAC ID pertaining to a host. The results demonstrate that our approach can prevent impersonation/host-hijacking attacks and induce a secure topology discovery.
- Cerroni, Walter. "Network Softwarization Coming of Age: A Retrospective Look" IEEE International Conference on Network Softwarization, 27 June–1 July 2022, Milan, Italy.Google Scholar
- Nate Pleasant. Software-Defined Networking (SDN): Why your organization needs it. Retrieved April 6, 2023 from https://www.digi.com/blog/post/software-defined-networkingGoogle Scholar
- Shaji, Neena Susan, and Raja Muthalagu. "Survey on security aspects of distributed software-defined networking controllers in an enterprise SD-WLAN." Digital Communications and Networks (2023).Google Scholar
- Shirmarz, Alireza, and Ali Ghaffari. "Performance issues and solutions in SDN-based data center: a survey." The Journal of Supercomputing 76.10 (2020): 7545-7593.Google ScholarDigital Library
- Pfaff, Ben, "The design and implementation of open {vSwitch}." 12th USENIX symposium on networked systems design and implementation (NSDI 15). 2015.Google Scholar
- Timon Sloane. 2017. Overview. (June 2017). Retrieved September 6, 2022 from https://opennetworking.org/working-groups/overview/overview/Google Scholar
- Bui, Thanh, Markku Antikainen, and Tuomas Aura. "Analysis of topology poisoning attacks in software-defined networking." Secure IT Systems: 24th Nordic Conference, NordSec 2019, Aalborg, Denmark, November 18–20, 2019, Proceedings 24. Springer International Publishing, 2019.Google Scholar
- Attar, Vahida Z., and Piyush Chandwadkar. "Network discovery protocol lldp and lldp-med." International Journal of Computer Applications 1.9 (2010): 93-97.Google ScholarCross Ref
- Khan, Suleman, "Topology discovery in software defined networks: Threats, taxonomy, and state-of-the-art." IEEE Communications Surveys & Tutorials 19.1 (2016): 303-324.Google ScholarDigital Library
- Pakzad, Farzaneh, "Efficient topology discovery in software-defined networks." 2014 8th international conference on signal processing and communication systems (ICSPCS). IEEE, 2014.Google Scholar
- Azzouni, Abdelhadi, "sOFTDP: Secure and efficient topology discovery protocol for SDN." arXiv preprint arXiv:1705.04527 (2017).Google Scholar
- Hong, S., Xu, L., Wang, H., & Gu, G. (2015, February). Poisoning network visibility in software-defined networks: New attacks and countermeasures. In Ndss (Vol. 15, pp. 8-11).Google Scholar
- Alharbi, Talal. "The (in) security of topology discovery in open-flow-based software-defined network." International Journal of Network Security & Its Applications (IJNSA) Vol 10 (2018).Google Scholar
- Dhawan, Mohan, "Sphinx: detecting security attacks in software-defined networks." Ndss. Vol. 15. 2015.Google Scholar
- Skowyra, Richard, "Effective topology tampering attacks and defenses in software-defined networks." 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2018.Google Scholar
- Jero, Samuel, "Identifier Binding Attacks and Defenses in {Software-Defined} Networks." 26th USENIX Security Symposium (USENIX Security 17). 2017.Google Scholar
- Marin, Eduard, Nicola Bucciol, and Mauro Conti. "An in-depth look into SDN topology discovery mechanisms: Novel attacks and practical countermeasures." Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2019.Google Scholar
- Ruixuan, Pan, "Research on the network access authentication technology of SDN based on 802.1 X." 2020 12th International Conference on Measuring Technology and Mechatronics Automation (ICMTMA). IEEE, 2020.Google Scholar
- Mininet: An Instant Virtual Network on Your Laptop (or Other PC) - Mininet. Retrieved January 8, 2023 from http://mininet.org/Google Scholar
- Manipulate Data Packets Using Scapy!. Retrieved March 8, 2023 from https://www.opensourceforu.com/2021/03/manipulate-data-packets-using-scapy/Google Scholar
Index Terms
- VADSEC: A Lightweight Protection Scheme for Secure Topology Discovery in SDN
Recommendations
An In-depth Look Into SDN Topology Discovery Mechanisms: Novel Attacks and Practical Countermeasures
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecuritySoftware-Defined Networking (SDN) is a novel network approach that has revolutionised existent network architectures by decoupling the control plane from the data plane. Researchers have shown that SDN networks are highly vulnerable to security attacks. ...
Towards trusted and efficient SDN topology discovery: A lightweight topology verification scheme
AbstractDiscovering network topology is critical for Software-defined Networking (SDN) controllers to establish the centralized network visibility. However, during the process of SDN topology discovery, SDN controllers tend to suffer from the ...
'Global view' in SDN: existing implementation, vulnerabilities & threats
SIN '17: Proceedings of the 10th International Conference on Security of Information and NetworksSoftware Defined Network (SDN) provides a programmable and flexible network with separation in data and control plane. SDN has the capability to maintain a `Global View' at the cotroller which is the core of all SDN promises. A global view refers to the ...
Comments