Preventing Timing Side-Channel Attacks in Software-Defined Networks

Shoaib, Faizan; Chow, Yang-Wai; Vlahu‐Gjorgievska, Elena

doi:10.1109/csde53843.2021.9718377

Cited by 4 publications

(4 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Timing-based side-channel attacks are becoming increasingly prevalent in SDNs, owing to the separation of control and data planes [22]. In a previous study [23], we proposed the use of random delay to prevent timing side-channel attacks. Yoon et al [24] published an in-depth study on the risks posed by SDN.…”

Section: Related Workmentioning

confidence: 99%

“…The emphasis has predominantly been on modifying the network architecture to prevent such attacks rather than devising remedies to combat them. To detect timing-side channel attack activity, a machine learning-based approach was proposed as an initial effort [47]. This study represents a continuation of these efforts, providing a detailed comparison of machine learning classification techniques with the algorithm, as well as a comprehensive response solution.…”

Section: Related Workmentioning

confidence: 99%

“…This identified activity is then relayed to the data collection module of the response mechanism to generate an appropriate countermeasure against potential adversaries. Algorithm 1 Classification algorithm for attack packets [47] N The data collection module collects and stores historical data on the network traffic and previously detected adversaries. This module is implemented using various data collection tools such as network traffic analysers, listener API, and sFlow [53].…”

Section: Monitoring Modulementioning

confidence: 99%

“…This validated the proposed classification algorithm and methodology. False positives and negatives for each attack attempt are summarised in Figure 7 [47]. The x axis represents the number of attacks in a sequence.…”

Section: Recall =mentioning

confidence: 99%

See 3 more Smart Citations

Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response

Shoaib,

Chow,

Vlahu-Gjorgievska

et al. 2023

Telecom

Self Cite

View full text Add to dashboard Cite

Software-defined networking (SDN) is an innovative technology that has the potential to enhance the scalability, flexibility, and security of telecommunications networks. The emergence and development of SDNs have introduced new opportunities and challenges in the telecommunications industry. One of the major challenges encountered by SDNs is the timing side-channel attacks. These attacks exploit timing information to expose sensitive data, including flow tables, routes, controller types, and ports, which pose a significant threat to communication networks. Existing techniques for mitigating timing side-channel attacks primarily focus on limiting them via network architectural changes. This significantly increases the overhead of SDNs and makes it difficult to identify the origin of the attack. To secure resilient integration of SDN in telecommunications networks, it is necessary to conduct comprehensive research that not only identifies the attack activity, but also formulates an adequate response. In this paper, we propose a detection and response solution for timing side-channel attacks in SDN. We used a machine learning-based approach to detect the probing activity and identify the source. To address the identified timing side-channel attack queries, we propose a response mechanism. This entails devising a feedback-oriented response to counter the identified source, such as blocking or diverting it, while minimising any adverse effects on legitimate network traffic. This methodology is characterised by an automated data-driven approach that enables prompt and effective responses. The architecture of this security solution ensures that it has a minimal impact on network traffic and resource usage as it is designed to be used in conjunction with SDN. The overall design findings show that our detection approach is 94% precise in identifying timing side-channel attacks in SDN when compared with traditional mitigation strategies. Additionally, the response mechanism employed by this approach yielded highly customised and precise responses, resulting in an impressive accuracy score of 97.6%.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%