Software Defined Networking (SDN) is an alternative networking paradigm that provides flexible network management through the separation between data plane and control plane functionalities. This separation results in extensive communication between control and data plane, which can result in a severe bottleneck for the whole network, under high traffic conditions. Moreover, researchers shown that an adversary can exploit this bottleneck to mount a powerful Denial of Service attack on the control plane, known as Control Plane Saturation Attack (CPSA). In this paper, we provide a thorough analysis of the CPSA, and in particular we show how it can be amplified by long forwarding paths in an SDN network. We prove the effectiveness of the attack through extensive testing using OpenFlow, the most widely adopted control-data plane communication protocol for SDN. Our evaluation shows that, when the forwarding path length in increased by 5 times, the attacker can leverage a 55% decrease in the attack rate required to incapacitate the network.
Amplified distributed denial of service attack in software defined networking / Ambrosin, Moreno; Conti, Mauro; DE GASPARI, Fabio; Devarajan, Nishanth. - (2016), pp. 1-4. (Intervento presentato al convegno 8th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2016 tenutosi a Larnaca; Cyprus) [10.1109/NTMS.2016.7792432].
Amplified distributed denial of service attack in software defined networking
CONTI, MAURO
;DE GASPARI, FABIO
;
2016
Abstract
Software Defined Networking (SDN) is an alternative networking paradigm that provides flexible network management through the separation between data plane and control plane functionalities. This separation results in extensive communication between control and data plane, which can result in a severe bottleneck for the whole network, under high traffic conditions. Moreover, researchers shown that an adversary can exploit this bottleneck to mount a powerful Denial of Service attack on the control plane, known as Control Plane Saturation Attack (CPSA). In this paper, we provide a thorough analysis of the CPSA, and in particular we show how it can be amplified by long forwarding paths in an SDN network. We prove the effectiveness of the attack through extensive testing using OpenFlow, the most widely adopted control-data plane communication protocol for SDN. Our evaluation shows that, when the forwarding path length in increased by 5 times, the attacker can leverage a 55% decrease in the attack rate required to incapacitate the network.| File | Dimensione | Formato | |
|---|---|---|---|
|
Ambrosin_Amplified-Distributed-Denial_2016.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
224.5 kB
Formato
Adobe PDF
|
224.5 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
