Control Channel Vulnerability in Software Defined Network
Open Access
Author:
Sukheja, Himanshu
Graduate Program:
Electrical Engineering
Degree:
Master of Science
Document Type:
Master Thesis
Date of Defense:
May 08, 2019
Committee Members:
Mark P Mahon, Thesis Advisor/Co-Advisor Thomas F La Porta, Thesis Advisor/Co-Advisor Jing Yang, Committee Member
Keywords:
Software defined Networks Security Control Channel Networks
Abstract:
Software defined networking (SDN) and OpenFlow as one of its key technologies has received a lot of attention from the networking community. While SDN permits complex network applications and easier network management, the model change comes along with new security threats. In this thesis, we analyze attacks against a software defined network architecture in a scenario where the attacker has been capable of compromising the control channel between the switch and the controller.
We identify that such an attacker can in suitable environments perform a broad range of attacks, including man-in-the-middle and denial of service attacks against control-plane traffic, by using only the standard OpenFlow capability of the switch. The simulation results show that the discovered attacks are severe in many cases. Furthermore, the seriousness of the attacks increases according to the number of switches that the attacker can attack. We conclude that while the existing security mechanisms, such as TLS, offer protection against many of the presented attacks, the threats should not be overlooked when moving to SDN and OpenFlow.