Software Defined Networking (SDN) is a widely-adopted network architecture that provides high flexibility through the separation of the network logic from the forwarding functions. Researchers thoroughly analyzed SDN vulnerabilities and improved its security. However, we believe important security aspects of SDN are still left uninvestigated. In this paper, we raise the concern of the possibility for an attacker to obtain detailed knowledge about an SDN network. In particular, we introduce a novel attack, named Know Your Enemy (KYE),bymeansof which an attacker can gather vital information about the configuration of the network. This information ranges from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that an attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk of being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks.
Know your enemy: Stealth configuration-information gathering in SDN / Conti, Mauro; De Gaspari, Fabio; Mancini, Luigi V.. - ELETTRONICO. - 10232:(2017), pp. 386-401. (Intervento presentato al convegno 12th International Conference on Green, Pervasive and Cloud Computing, GPC 2017 tenutosi a Cetara; Italy nel 2017) [10.1007/978-3-319-57186-7_29].
Know your enemy: Stealth configuration-information gathering in SDN
Conti, Mauro;De Gaspari, Fabio
;Mancini, Luigi V.
2017
Abstract
Software Defined Networking (SDN) is a widely-adopted network architecture that provides high flexibility through the separation of the network logic from the forwarding functions. Researchers thoroughly analyzed SDN vulnerabilities and improved its security. However, we believe important security aspects of SDN are still left uninvestigated. In this paper, we raise the concern of the possibility for an attacker to obtain detailed knowledge about an SDN network. In particular, we introduce a novel attack, named Know Your Enemy (KYE),bymeansof which an attacker can gather vital information about the configuration of the network. This information ranges from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that an attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk of being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks.| File | Dimensione | Formato | |
|---|---|---|---|
|
Conti_Know-your-Enemy_2017.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.4 MB
Formato
Adobe PDF
|
1.4 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
