Lightweight Automatic Discovery Protocol for OpenFlow-Based Software Defined Networking

Jia, Yongzhe; Xu, Lei; Yang, Yuwang

doi:10.1109/lcomm.2019.2956033

Cited by 18 publications

(8 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Link Discovery Protocols: All of the existing security frameworks against topology poisoning consider the OFDP. Researchers proposed some other link discovery protocols, OFDPv2 [33], softdp [34], SLDP [35], and LADP [36], to provide more efficient and secure link discovery in SDN. These discovery protocols explore security against link fabrication attacks and flooding attacks.…”

Section: Related Workmentioning

confidence: 99%

Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks

Shrivastava

Kataoka

2022

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

The hybrid software-defined networks (SDN) architectures are beneficial for a smooth transition and less costly SDN deployment. However, legacy switches and SDN switches coexistence brings new challenges of deployment inconsistency management and security. Security is not well studied for hybrid SDN architecture. In this paper, we study the topology poisoning attacks in hybrid SDN for the first time. We propose new attack vectors for link fabrication in hybrid SDN. The new attack is named "multi-hop link fabrication", in which an adversary successfully injects a fake multi-hop link (MHL) by exploiting the link discovery protocols. We presented the Hybrid-Shield, a link verification framework for hybrid SDN link discovery. Hybrid-Shield introduces a novel verification technique that includes: i) monitoring legacy switch and host generated traffic at MHL and ii) validating the existence of legacy switches contained in an MHL. This paper presents the prototype implementation of Hybrid-Shield over a real SDN controller. The experimental evaluation is performed with the mininet virtual network emulation. Our evaluation shows that Hybrid-Shield is capable of detecting MHL fabrication attacks in real-time with high accuracy. Hybrid-Shield's performance evaluation shows that it is lightweight at the controller as it causes less overhead and requires no additional functionalities at the SDN controller for deployment.

show abstract

Section: Related Workmentioning

confidence: 99%

Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks

Shrivastava

Kataoka

2022

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…This feature is covered for SDN-only networks by OFDP [3] or advanced solutions such as TEDP [4], eTDP [8]. Jia et al [9] focused on improving its scalability and performance, which is a key issue in the field [10]. In the case of hybrid SDN networks, in which SDN and other devices coexist, some works try to infer the existence and connectivity of legacy devices (devices before the definition of the SDN architecture with distributed functionalities).…”

Section: Related Workmentioning

confidence: 99%

ieHDDP: An Integrated Solution for Topology Discovery and Automatic In-Band Control Channel Establishment for Hybrid SDN Environments

et al. 2022

View full text Add to dashboard Cite

In-Band enhanced Hybrid Domain Discovery Protocol (ieHDDP) is a novel integral approach for hybrid Software-Defined Networking (SDN) environments that simultaneously provides a topology discovery service and an autonomous control channel configuration in the band. This contribution is particularly relevant since, to the best of our knowledge, it is the first all-in-one proposal for SDN capable of collecting the entire topology information (type of devices, links, etc.) and establishing in-band control channels at once in hybrid SDN environments (composed by SDN/no-SDN, wired/wireless devices), even with isolated SDN devices. ieHDDP facilitates the integration of heterogeneous networks, for example, in 5G/6G scenarios, and the deployment of SDN devices by using a simple exploration mechanism to gather all the required topological information and learn the necessary routes between the control and data planes at the same time. ieHDDP has been implemented in a well-known SDN software switch and evaluated in a comprehensive set of randomized topologies, acknowledging that ieHDDP is scalable in representative scenarios.

show abstract

“…Jia et al [37] introduced the Lightweight Automatic Discovery Protocol (LADP) to discover the network topology. The controller generates a random number added to the AUTH TLV of the LDAP frame, which is used for authorisation to pass the controller.…”

Section: Existing Solutions and Analysismentioning

confidence: 99%

LINK-GUARD: An Effective and Scalable Security Framework for Link Discovery in SDN Networks

Salti

Zhang

2022

IEEE Access

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is an emerging networking paradigm that creates new opportunities for future generations of networks. The main characteristic of SDN is its ability to centralise control through the decoupling of control decisions from the network switches to make the network more flexible, programmable, and scalable. As part of this centralised control management, the SDN controller maintains a holistic view of the underlying network. Therefore, topology discovery in SDN is an essential service for topology-aware applications, such as routing, load balancing, mobility, and tracking. However, during the SDN topology discovery process, the controllers, without proper protection, are vulnerable to topology poisoning attacks, most notably Link Fabrication Attacks (LFAs). LFAs may be mounted due to a leak of packet source authentication, the lack of packet integrity checks, or the reuse of static packets. In this paper, we describe an effective and scalable security framework, LINK-GUARD, used for facilitating secure link discoveries in an SDN network. LINK-GUARD is designed to detect and thwart LFAs, thus reducing the risks of network topology poisoning. The framework has been implemented and evaluated on a Mininet emulator with an RYU controller. The security analysis indicates that LINK-GUARD can effectively and efficiently secure topology discoveries against both host-based and switch-based link fabrication attacks. Performance evaluation results show that the legitimacy of new links can be verified nearly real-time, taking approximately 30 milliseconds, and fake links can be detected within as low as 6 milliseconds, with a negligible runtime overhead. These results show that LINK-GUARD is a scalable solution for dynamic and large SDN networks.INDEX TERMS Software-Defined Networking (SDN), topology discovery, OpenFlow protocol, topology poisoning, link fabrication attacks.

show abstract

Lightweight Automatic Discovery Protocol for OpenFlow-Based Software Defined Networking

Cited by 18 publications

References 7 publications

Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks

Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks

ieHDDP: An Integrated Solution for Topology Discovery and Automatic In-Band Control Channel Establishment for Hybrid SDN Environments

LINK-GUARD: An Effective and Scalable Security Framework for Link Discovery in SDN Networks

Contact Info

Product

Resources

About