Alleviating eavesdropping attacks in software-defined networking data plane

Ahmad Aseeri; Nuttapong Netjinda; Rattikorn Hewett

doi:10.1145/3064814.3064832

Alleviating eavesdropping attacks in software-defined networking data plane

Ahmad Aseeri, Nuttapong Netjinda, Rattikorn Hewett

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

13 Scopus citations

Abstract

Software-Defined Networking (SDN) is an emerging paradigm that introduces a concept of programmable networks to enhance the agility in networking management. By separating concerns of the data plane and the control plane, implementing network switching as packet forwarding, and using centralized software to logically control the entire networks, SDN makes it simpler to automate and configure the network to respond to high-level policy enforcement and dynamically changing network conditions. As SDN becomes more prevalent, its security issues are increasingly critical. Eavesdropping attacks are one of the most common and important network attacks because they are relatively easy to implement and their effects can escalate to more severe attacks. This paper addresses the issue of how to cope with eavesdropping attacks in the SDN data plane by using multiple routing paths to reduce the severity of data leakage. While this existing approach appears to be considerably effective, our simple analysis uncovers that without a proper strategy of data communication, it can still lead to 100% of data exposure. The paper describes a remedy along with illustrations both analytically and experimentally. The results show that our proposed remedy can avoid such catastrophe and further reduces the percentage of risk from data exposure approximately by a factor of 1/n where n is the number of alternate disjoint paths.

Original language	English
Title of host publication	Proceedings of the 12th Annual Cyber and Information Security Research Conference, CISRC 2017
Publisher	Association for Computing Machinery
ISBN (Electronic)	9781450348553
DOIs	https://doi.org/10.1145/3064814.3064832
State	Published - Apr 4 2017
Event	12th Annual Cyber and Information Security Research Conference, CISRC 2017 - Oak Ridge, United States Duration: Apr 4 2017 → Apr 6 2017

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	12th Annual Cyber and Information Security Research Conference, CISRC 2017
Country/Territory	United States
City	Oak Ridge
Period	04/4/17 → 04/6/17

Keywords

Anti-Eavesdropping
Multipath routing
OpenFlow
SDN

Access to Document

10.1145/3064814.3064832

Cite this

@inproceedings{78eb59b68f8347e98c6e13abde3defa4,

title = "Alleviating eavesdropping attacks in software-defined networking data plane",

abstract = "Software-Defined Networking (SDN) is an emerging paradigm that introduces a concept of programmable networks to enhance the agility in networking management. By separating concerns of the data plane and the control plane, implementing network switching as packet forwarding, and using centralized software to logically control the entire networks, SDN makes it simpler to automate and configure the network to respond to high-level policy enforcement and dynamically changing network conditions. As SDN becomes more prevalent, its security issues are increasingly critical. Eavesdropping attacks are one of the most common and important network attacks because they are relatively easy to implement and their effects can escalate to more severe attacks. This paper addresses the issue of how to cope with eavesdropping attacks in the SDN data plane by using multiple routing paths to reduce the severity of data leakage. While this existing approach appears to be considerably effective, our simple analysis uncovers that without a proper strategy of data communication, it can still lead to 100% of data exposure. The paper describes a remedy along with illustrations both analytically and experimentally. The results show that our proposed remedy can avoid such catastrophe and further reduces the percentage of risk from data exposure approximately by a factor of 1/n where n is the number of alternate disjoint paths.",

keywords = "Anti-Eavesdropping, Multipath routing, OpenFlow, SDN",

author = "Ahmad Aseeri and Nuttapong Netjinda and Rattikorn Hewett",

note = "Publisher Copyright: {\textcopyright} 2017 ACM.; null ; Conference date: 04-04-2017 Through 06-04-2017",

year = "2017",

month = apr,

day = "4",

doi = "10.1145/3064814.3064832",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

booktitle = "Proceedings of the 12th Annual Cyber and Information Security Research Conference, CISRC 2017",

}

Aseeri, A, Netjinda, N & Hewett, R 2017, Alleviating eavesdropping attacks in software-defined networking data plane. in Proceedings of the 12th Annual Cyber and Information Security Research Conference, CISRC 2017., a1, ACM International Conference Proceeding Series, Association for Computing Machinery, 12th Annual Cyber and Information Security Research Conference, CISRC 2017, Oak Ridge, United States, 04/4/17. https://doi.org/10.1145/3064814.3064832

Alleviating eavesdropping attacks in software-defined networking data plane. / Aseeri, Ahmad; Netjinda, Nuttapong; Hewett, Rattikorn.

Proceedings of the 12th Annual Cyber and Information Security Research Conference, CISRC 2017. Association for Computing Machinery, 2017. a1 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Alleviating eavesdropping attacks in software-defined networking data plane

AU - Aseeri, Ahmad

AU - Netjinda, Nuttapong

AU - Hewett, Rattikorn

PY - 2017/4/4

Y1 - 2017/4/4

N2 - Software-Defined Networking (SDN) is an emerging paradigm that introduces a concept of programmable networks to enhance the agility in networking management. By separating concerns of the data plane and the control plane, implementing network switching as packet forwarding, and using centralized software to logically control the entire networks, SDN makes it simpler to automate and configure the network to respond to high-level policy enforcement and dynamically changing network conditions. As SDN becomes more prevalent, its security issues are increasingly critical. Eavesdropping attacks are one of the most common and important network attacks because they are relatively easy to implement and their effects can escalate to more severe attacks. This paper addresses the issue of how to cope with eavesdropping attacks in the SDN data plane by using multiple routing paths to reduce the severity of data leakage. While this existing approach appears to be considerably effective, our simple analysis uncovers that without a proper strategy of data communication, it can still lead to 100% of data exposure. The paper describes a remedy along with illustrations both analytically and experimentally. The results show that our proposed remedy can avoid such catastrophe and further reduces the percentage of risk from data exposure approximately by a factor of 1/n where n is the number of alternate disjoint paths.

AB - Software-Defined Networking (SDN) is an emerging paradigm that introduces a concept of programmable networks to enhance the agility in networking management. By separating concerns of the data plane and the control plane, implementing network switching as packet forwarding, and using centralized software to logically control the entire networks, SDN makes it simpler to automate and configure the network to respond to high-level policy enforcement and dynamically changing network conditions. As SDN becomes more prevalent, its security issues are increasingly critical. Eavesdropping attacks are one of the most common and important network attacks because they are relatively easy to implement and their effects can escalate to more severe attacks. This paper addresses the issue of how to cope with eavesdropping attacks in the SDN data plane by using multiple routing paths to reduce the severity of data leakage. While this existing approach appears to be considerably effective, our simple analysis uncovers that without a proper strategy of data communication, it can still lead to 100% of data exposure. The paper describes a remedy along with illustrations both analytically and experimentally. The results show that our proposed remedy can avoid such catastrophe and further reduces the percentage of risk from data exposure approximately by a factor of 1/n where n is the number of alternate disjoint paths.

KW - Anti-Eavesdropping

KW - Multipath routing

KW - OpenFlow

KW - SDN

UR - http://www.scopus.com/inward/record.url?scp=85018327647&partnerID=8YFLogxK

U2 - 10.1145/3064814.3064832

DO - 10.1145/3064814.3064832

M3 - Conference contribution

AN - SCOPUS:85018327647

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the 12th Annual Cyber and Information Security Research Conference, CISRC 2017

PB - Association for Computing Machinery

Y2 - 4 April 2017 through 6 April 2017

ER -

Alleviating eavesdropping attacks in software-defined networking data plane

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this