Research Article
BibTex RIS Cite

An Investigation of Topology Poisoning Attacks in Software Defined Networks Through Exploiting Link Layer Discovery Protocol

Year 2021, Volume: 26 Issue: 2, 589 - 608, 31.08.2021
https://doi.org/10.17482/uumfd.769939

Abstract

In software defined networks (SDNs), data plane and control plane on the conventional network devices are separated and packet forwarding decisions are taken by the controller in charge of the entire network. The necessity of managing all the network operations not only facilitates control for the controller but also causes some security vulnerabilities and new attack surfaces in SDNs. In this study, Link Layer Discovery Protocol (LLDP), which forms the basis of OpenFlow Discovery Protocol (OFDP) for topology discovery in SDNs, is exploited to poison the topology by adding fabricated links to the controller. Fake LLDP Injection and LLDP replay techniques are used to create fake links on the controller and network access status of end devices are evaluated during attacks. Our findings demonstrate that the Floodlight controller is vulnerable to attacks based on LLDP exploitation and it is possible to create fake links on the controller. Due to the fake links, it is determined that invalid routes are created on controller and despite having other active links, end devices subject to invalid routes lost their access to network. Thus, attacks on the data link layer affect the performance of the network negatively. 

References

  • Abazari, F., Esposito, F., Takabi, H., Hosseinvand, H., Pecorella, T. (2019). Teaching software-defined network security through malicious tenant detection. Internet Technology Letters, 2(6). doi: 10.1002/itl2.131.
  • Alharbi, T., Portmann, M., Pakzad, F. (2015). The (in)security of Topology Discovery in Software Defined Networks. 2015 IEEE 40th Conference on Local Computer Networks (LCN). doi:10.1109/lcn.2015.7366363.
  • Alimohammadifar, A., Majumdar, S., Madi, T., Jarraya, Y., Pourzandi, M., Wang, L., Debbabi, M. (2018). Stealthy Probing-Based Verification (SPV): An Active Approach to Defending Software Defined Networks Against Topology Poisoning Attacks. Computer Security Lecture Notes in Computer Science, 463–484. doi: 10.1007/978-3-319-98989-1_23
  • Azzouni, A., Trang, N. T. M., Boutaba, R., Pujolle, G. (2017). Limitations of openflow topology discovery protocol. 2017 16th Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net). doi: 10.1109/medhocnet.2017.8001642.
  • Baidya, S. S., Hewett, R. (2020). Link discovery attacks in software-defined networks: Topology poisoning and impact analysis. Journal of Communications, 596-606. doi:10.12720/jcm.15.8.596-606
  • Bierman, A., & Jones, K. (2000). Physical topology mib. Retrieved March 20, 2021, from https://tools.ietf.org/html/rfc2922
  • Bui, T., Antikainen, M., & Aura, T. (2019). Analysis of topology poisoning attacks in software-defined networking. Secure IT Systems, 87-102. doi:10.1007/978-3-030-35055-0_6
  • Chou, L., Liu, C., Lai, M., Chiu, K., Tu, H., Su, S., . . . Tsai, W. (2020). Behavior anomaly detection in sdn control plane: A case study of topology discovery attacks. Wireless Communications and Mobile Computing, 2020, 1-16. doi:10.1155/2020/8898949
  • Cisco Systems. (2006, June 29). LLDP-MED and cisco discovery Protocol [IP telephony/voice over IP (VoIP)]. Retrieved March 20, 2021, from https://www.cisco.com/en/US/technologies/tk652/tk701/technologies_white_paper0900aecd804cd46d.html
  • Combe, T., Mallouli, W., Cholez, T., Mathieu, B., & Oca, E. (2018). An SDN and NFV Use Case: NDN Implementation and Security Monitoring. In Zhu, S. Scott-Hayward, L. Jacquin, R. Hill (Eds.), Guide to Securıty in SDN and NFV: Challenges, opportunities, and applications. SPRINGER INTERNATIONAL PU.
  • Congdon, P. (2002). Link layer discovery protocol and MIB. V1. 0 May, 20(2002), 1-20. doi: 10.1.1.564.3010.
  • Demirci, S., Yurekten, O., Demirci, M. (2019). Yazılım Tanımlı Ağlar ve Siber Güvenlik. In S. Sagiroglu (Ed.), Siber Güvenlik ve Savunma: Standartlar ve Uygulamalar (pp. 123–144). Bilgi Güvenliği Derneği, Ankara.
  • Duan, Q., Al-Shaer, E., Jafarian, H. (2013). Efficient random route mutation considering flow and network constraints. 2013 IEEE Conference on Communications and Network Security (CNS). doi:10.1109/cns.2013.6682715
  • Feamster, N., Rexford, J., Zegura, E. (2014). The road to sdn: An intellectual history of programmable networks. ACM SIGCOMM Computer Communication Review, 44(2), 87-98. doi:10.1145/2602204.2602219
  • Göransson Paul, Black, C., & Culver, T. (2017). Software defined networks: a comprehensive approach, Amsterdam, Elsevier.
  • Hakiri, A., Gokhale, A., Berthou, P., Schmidt, D. C., & Gayraud, T. (2014). Software-defined networking: Challenges and research opportunities for future internet. Computer Networks, 75, 453-471.
  • Hong, S., Xu, L., Wang, H., Gu, G. (2015). Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures. Proceedings 2015 Network and Distributed System Security Symposium. doi: 10.14722/ndss.2015.23283.
  • Hu, F., Hao, Q., & Bao, K. (2014). A survey on software-defined network and openFlow: from concept to implementation. IEEE Communications Surveys & Tutorials, 16(4), 2181-2206.
  • Kaur, N., Singh, A. K., Kumar, N., Srivastava, S. (2017). Performance impact of topology poisoning attack in SDN and its countermeasure. Proceedings of the 10th International Conference on Security of Information and Networks - SIN '17. doi:10.1145/3136825.3136881.
  • Krawczyk, H., Bellare, M., & Canetti, R. (1997). HMAC: Keyed-Hashing for message authentication. doi:10.17487/rfc2104
  • Marin, E., Bucciol, N., & Conti, M. (2019). An in-depth look into sdn topology discovery mechanisms. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. doi:10.1145/3319535.3354194
  • Mininet, (2018). Mininet. Erişim Adresi: https://mininet.org (Erişim Tarihi: 15.06.2020).
  • Nehra, A., Tripathi, M., Gaur, M. S. (2017). 'Global view' in SDN: Existing implementation, vulnerabilities & threats. Proceedings of the 10th International Conference on Security of Information and Networks - SIN '17. doi:10.1145/3136825.3136862.
  • Nehra, A. (2019). Archıtectural Improvements For Secure Sdn Topology Dıscovery (Yayınlanmamış doktora tezi). India / Malaviya National Institute of Technology Jaıpur. http://idr.mnit.ac.in/bitstream/handle/123456789/941/2014RCP9553-Ajay%20Nehra.pdf?sequence=1&isAllowed=y (Erişim Tarihi: 23 Mart 2021)
  • Ochoa-Aday, L., Cervelló-Pastor, C.,Fernández-Fernández, Adriana. (2015). Current Trends of Topology Discovery in OpenFlow-based Software Defined Networks. doi: 10.13140/RG.2.2.12222.89929.
  • Odom, W. (2020). CCNA 200-301 Official Cert Guide, Volume 2. Hoboken, NJ: Cisco Press.
  • Pakzad, F., Portmann, M., Tan, W. L., & Indulska, J. (2016). Efficient topology discovery in openflow-based software defined networks. Computer Communications, 77, 52-61. doi:10.1016/j.comcom.2015.09.013
  • Smyth, D., Mcsweeney, S., Oshea, D., Cionca, V. (2017). Detecting Link Fabrication Attacks in Software-Defined Networks. 2017 26th International Conference on Computer Communication and Networks (ICCCN). doi: 10.1109/icccn.2017.803843.
  • Tok, M.S., Demirci, M. (2021). Security analysis of SDN controller-based DHCP services and attack mitigation with DHCPguard, Computers & Security, 109, 102394, doi:10.1016/j.cose.2021.102394.
  • Vyncke, E., Paggen, C. (2008). LAN switch security: What hackers know about your switches. Indianapolis, Cisco Press.
  • Wang, J., Tan, Y., Liu, J., Zhang, Y. (2020). Topology Poisoning Attack in SDN-enabled Vehicular Edge Network. IEEE Internet of Things Journal, 1–1. doi: 10.1109/jiot.2020.2984088.
  • Wang X., Gao N., Zhang L., Liu Z., Wang L. (2016) Novel MITM Attacks on Security Protocols in SDN: A Feasibility Study. 2016 International Conference on Information and Communications Security. doi: 10.1007/978-3-319-50011-9_35.

YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ

Year 2021, Volume: 26 Issue: 2, 589 - 608, 31.08.2021
https://doi.org/10.17482/uumfd.769939

Abstract

Yazılım tanımlı ağlar, geleneksel ağ mimarilerindeki ağ cihazları üzerinde bulunan veri düzlemi ve kontrol düzleminin ayrıldığı ve ağın tamamına hâkim merkezi kontrolcüler tarafından paket iletim kararlarının alındığı bir ağ teknolojisidir. Kontrolcünün ağın bütün işleyişini yönetme zorunluluğu kontrol kolaylığı sağladığı gibi güvenlik açıklıkları da yaratabilmektedir. Bu çalışmada, ele geçirilen uç cihazlar üzerinden kontrolcünün yazılım tanımlı ağ topolojisini keşfetmede kullandığı OpenFlow Keşif Protokolünün (OFDP – OpenFlow Discovery Protocol) temelini oluşturan bağlantı katmanı keşif protokolünün (LLDP- Link Layer Discovery Protocol) kötüye kullanımı vasıtasıyla LLDP Enjeksiyonu ve LLDP yeniden gönderim saldırıları gerçekleştirilmiş, saldırı sonrasında kontrolcü üzerinde tutulan topoloji ve ağdaki uç cihazların bağlantı durumları tespit edilmiştir. Yapılan saldırı testleri sonucunda Floodlight kontrolcünün LLDP istismarını temel alan saldırılara karşı savunmasız olduğu ve kontrolcü üzerinde sahte bağlantı kayıtları oluşturulmasının mümkün olduğu görülmüştür. Ayrıca, kontrolcünün saldırı neticesinde kayıtlanmış sahte linkleri dikkate alarak geçersiz rotalar hesapladığı, bu rotaları kullanması ön görülen uç cihazların erişiminin kesildiği ve ağın genel başarımında azalma olduğu gözlemlenmiştir.

References

  • Abazari, F., Esposito, F., Takabi, H., Hosseinvand, H., Pecorella, T. (2019). Teaching software-defined network security through malicious tenant detection. Internet Technology Letters, 2(6). doi: 10.1002/itl2.131.
  • Alharbi, T., Portmann, M., Pakzad, F. (2015). The (in)security of Topology Discovery in Software Defined Networks. 2015 IEEE 40th Conference on Local Computer Networks (LCN). doi:10.1109/lcn.2015.7366363.
  • Alimohammadifar, A., Majumdar, S., Madi, T., Jarraya, Y., Pourzandi, M., Wang, L., Debbabi, M. (2018). Stealthy Probing-Based Verification (SPV): An Active Approach to Defending Software Defined Networks Against Topology Poisoning Attacks. Computer Security Lecture Notes in Computer Science, 463–484. doi: 10.1007/978-3-319-98989-1_23
  • Azzouni, A., Trang, N. T. M., Boutaba, R., Pujolle, G. (2017). Limitations of openflow topology discovery protocol. 2017 16th Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net). doi: 10.1109/medhocnet.2017.8001642.
  • Baidya, S. S., Hewett, R. (2020). Link discovery attacks in software-defined networks: Topology poisoning and impact analysis. Journal of Communications, 596-606. doi:10.12720/jcm.15.8.596-606
  • Bierman, A., & Jones, K. (2000). Physical topology mib. Retrieved March 20, 2021, from https://tools.ietf.org/html/rfc2922
  • Bui, T., Antikainen, M., & Aura, T. (2019). Analysis of topology poisoning attacks in software-defined networking. Secure IT Systems, 87-102. doi:10.1007/978-3-030-35055-0_6
  • Chou, L., Liu, C., Lai, M., Chiu, K., Tu, H., Su, S., . . . Tsai, W. (2020). Behavior anomaly detection in sdn control plane: A case study of topology discovery attacks. Wireless Communications and Mobile Computing, 2020, 1-16. doi:10.1155/2020/8898949
  • Cisco Systems. (2006, June 29). LLDP-MED and cisco discovery Protocol [IP telephony/voice over IP (VoIP)]. Retrieved March 20, 2021, from https://www.cisco.com/en/US/technologies/tk652/tk701/technologies_white_paper0900aecd804cd46d.html
  • Combe, T., Mallouli, W., Cholez, T., Mathieu, B., & Oca, E. (2018). An SDN and NFV Use Case: NDN Implementation and Security Monitoring. In Zhu, S. Scott-Hayward, L. Jacquin, R. Hill (Eds.), Guide to Securıty in SDN and NFV: Challenges, opportunities, and applications. SPRINGER INTERNATIONAL PU.
  • Congdon, P. (2002). Link layer discovery protocol and MIB. V1. 0 May, 20(2002), 1-20. doi: 10.1.1.564.3010.
  • Demirci, S., Yurekten, O., Demirci, M. (2019). Yazılım Tanımlı Ağlar ve Siber Güvenlik. In S. Sagiroglu (Ed.), Siber Güvenlik ve Savunma: Standartlar ve Uygulamalar (pp. 123–144). Bilgi Güvenliği Derneği, Ankara.
  • Duan, Q., Al-Shaer, E., Jafarian, H. (2013). Efficient random route mutation considering flow and network constraints. 2013 IEEE Conference on Communications and Network Security (CNS). doi:10.1109/cns.2013.6682715
  • Feamster, N., Rexford, J., Zegura, E. (2014). The road to sdn: An intellectual history of programmable networks. ACM SIGCOMM Computer Communication Review, 44(2), 87-98. doi:10.1145/2602204.2602219
  • Göransson Paul, Black, C., & Culver, T. (2017). Software defined networks: a comprehensive approach, Amsterdam, Elsevier.
  • Hakiri, A., Gokhale, A., Berthou, P., Schmidt, D. C., & Gayraud, T. (2014). Software-defined networking: Challenges and research opportunities for future internet. Computer Networks, 75, 453-471.
  • Hong, S., Xu, L., Wang, H., Gu, G. (2015). Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures. Proceedings 2015 Network and Distributed System Security Symposium. doi: 10.14722/ndss.2015.23283.
  • Hu, F., Hao, Q., & Bao, K. (2014). A survey on software-defined network and openFlow: from concept to implementation. IEEE Communications Surveys & Tutorials, 16(4), 2181-2206.
  • Kaur, N., Singh, A. K., Kumar, N., Srivastava, S. (2017). Performance impact of topology poisoning attack in SDN and its countermeasure. Proceedings of the 10th International Conference on Security of Information and Networks - SIN '17. doi:10.1145/3136825.3136881.
  • Krawczyk, H., Bellare, M., & Canetti, R. (1997). HMAC: Keyed-Hashing for message authentication. doi:10.17487/rfc2104
  • Marin, E., Bucciol, N., & Conti, M. (2019). An in-depth look into sdn topology discovery mechanisms. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. doi:10.1145/3319535.3354194
  • Mininet, (2018). Mininet. Erişim Adresi: https://mininet.org (Erişim Tarihi: 15.06.2020).
  • Nehra, A., Tripathi, M., Gaur, M. S. (2017). 'Global view' in SDN: Existing implementation, vulnerabilities & threats. Proceedings of the 10th International Conference on Security of Information and Networks - SIN '17. doi:10.1145/3136825.3136862.
  • Nehra, A. (2019). Archıtectural Improvements For Secure Sdn Topology Dıscovery (Yayınlanmamış doktora tezi). India / Malaviya National Institute of Technology Jaıpur. http://idr.mnit.ac.in/bitstream/handle/123456789/941/2014RCP9553-Ajay%20Nehra.pdf?sequence=1&isAllowed=y (Erişim Tarihi: 23 Mart 2021)
  • Ochoa-Aday, L., Cervelló-Pastor, C.,Fernández-Fernández, Adriana. (2015). Current Trends of Topology Discovery in OpenFlow-based Software Defined Networks. doi: 10.13140/RG.2.2.12222.89929.
  • Odom, W. (2020). CCNA 200-301 Official Cert Guide, Volume 2. Hoboken, NJ: Cisco Press.
  • Pakzad, F., Portmann, M., Tan, W. L., & Indulska, J. (2016). Efficient topology discovery in openflow-based software defined networks. Computer Communications, 77, 52-61. doi:10.1016/j.comcom.2015.09.013
  • Smyth, D., Mcsweeney, S., Oshea, D., Cionca, V. (2017). Detecting Link Fabrication Attacks in Software-Defined Networks. 2017 26th International Conference on Computer Communication and Networks (ICCCN). doi: 10.1109/icccn.2017.803843.
  • Tok, M.S., Demirci, M. (2021). Security analysis of SDN controller-based DHCP services and attack mitigation with DHCPguard, Computers & Security, 109, 102394, doi:10.1016/j.cose.2021.102394.
  • Vyncke, E., Paggen, C. (2008). LAN switch security: What hackers know about your switches. Indianapolis, Cisco Press.
  • Wang, J., Tan, Y., Liu, J., Zhang, Y. (2020). Topology Poisoning Attack in SDN-enabled Vehicular Edge Network. IEEE Internet of Things Journal, 1–1. doi: 10.1109/jiot.2020.2984088.
  • Wang X., Gao N., Zhang L., Liu Z., Wang L. (2016) Novel MITM Attacks on Security Protocols in SDN: A Feasibility Study. 2016 International Conference on Information and Communications Security. doi: 10.1007/978-3-319-50011-9_35.
There are 32 citations in total.

Details

Primary Language Turkish
Subjects Computer Software
Journal Section Research Articles
Authors

M.serkan Tok 0000-0002-5048-8409

Mehmet Demirci 0000-0002-1088-5215

Publication Date August 31, 2021
Submission Date May 15, 2020
Acceptance Date May 24, 2021
Published in Issue Year 2021 Volume: 26 Issue: 2

Cite

APA Tok, M., & Demirci, M. (2021). YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ. Uludağ Üniversitesi Mühendislik Fakültesi Dergisi, 26(2), 589-608. https://doi.org/10.17482/uumfd.769939
AMA Tok M, Demirci M. YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ. UUJFE. August 2021;26(2):589-608. doi:10.17482/uumfd.769939
Chicago Tok, M.serkan, and Mehmet Demirci. “YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ”. Uludağ Üniversitesi Mühendislik Fakültesi Dergisi 26, no. 2 (August 2021): 589-608. https://doi.org/10.17482/uumfd.769939.
EndNote Tok M, Demirci M (August 1, 2021) YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ. Uludağ Üniversitesi Mühendislik Fakültesi Dergisi 26 2 589–608.
IEEE M. Tok and M. Demirci, “YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ”, UUJFE, vol. 26, no. 2, pp. 589–608, 2021, doi: 10.17482/uumfd.769939.
ISNAD Tok, M.serkan - Demirci, Mehmet. “YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ”. Uludağ Üniversitesi Mühendislik Fakültesi Dergisi 26/2 (August 2021), 589-608. https://doi.org/10.17482/uumfd.769939.
JAMA Tok M, Demirci M. YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ. UUJFE. 2021;26:589–608.
MLA Tok, M.serkan and Mehmet Demirci. “YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ”. Uludağ Üniversitesi Mühendislik Fakültesi Dergisi, vol. 26, no. 2, 2021, pp. 589-08, doi:10.17482/uumfd.769939.
Vancouver Tok M, Demirci M. YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ. UUJFE. 2021;26(2):589-608.

Announcements:

30.03.2021-Beginning with our April 2021 (26/1) issue, in accordance with the new criteria of TR-Dizin, the Declaration of Conflict of Interest and the Declaration of Author Contribution forms fulfilled and signed by all authors are required as well as the Copyright form during the initial submission of the manuscript. Furthermore two new sections, i.e. ‘Conflict of Interest’ and ‘Author Contribution’, should be added to the manuscript. Links of those forms that should be submitted with the initial manuscript can be found in our 'Author Guidelines' and 'Submission Procedure' pages. The manuscript template is also updated. For articles reviewed and accepted for publication in our 2021 and ongoing issues and for articles currently under review process, those forms should also be fulfilled, signed and uploaded to the system by authors.