Software Defined Networking (SDN) is a widely-adopted network architecture that provides high flexibility through the separation of the network logic from the forwarding functions. Researchers thoroughly analyzed SDN vulnerabilities and improved its security. However, we believe important security aspects of SDN are still left uninvestigated. In this paper, we raise the concern of the possibility for an attacker to obtain detailed knowledge about an SDN network. In particular, we introduce a novel attack, named Know Your Enemy (KYE),bymeansof which an attacker can gather vital information about the configuration of the network. This information ranges from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that an attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk of being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks.

Know your enemy: Stealth configuration-information gathering in SDN

Conti M.;
2017

Abstract

Software Defined Networking (SDN) is a widely-adopted network architecture that provides high flexibility through the separation of the network logic from the forwarding functions. Researchers thoroughly analyzed SDN vulnerabilities and improved its security. However, we believe important security aspects of SDN are still left uninvestigated. In this paper, we raise the concern of the possibility for an attacker to obtain detailed knowledge about an SDN network. In particular, we introduce a novel attack, named Know Your Enemy (KYE),bymeansof which an attacker can gather vital information about the configuration of the network. This information ranges from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that an attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk of being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks.
2017
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
12th International Conference on Green, Pervasive and Cloud Computing, GPC 2017
978-3-319-57185-0
978-3-319-57186-7
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11577/3506480
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? 5
  • OpenAlex ND
social impact