Learning Centre

Analysis of Topology Poisoning Attacks in Software-Defined Networking

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Antikainen, Markku
dc.contributor.author Bui, Thanh
dc.date.accessioned 2015-12-16T07:33:18Z
dc.date.available 2015-12-16T07:33:18Z
dc.date.issued 2015-08-24
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/19042
dc.description.abstract Software-defined networking (SDN) is an emerging architecture with a great potential to foster the development of modern networks. By separating the control plane from the network devices and centralizing it at a software-based controller, SDN provides network-wide visibility and flexible programmability to network administrators. However, the security aspects of SDN are not yet fully understood. For example, while SDN is resistant to some topology poisoning attacks in which the attacker misleads the routing algorithm about the network structure, similar attacks by compromised hosts and switches are still known to be possible. The goal of this thesis is to thoroughly analyze the topology poisoning attacks initiated by compromised switches and to identify whether they are a threat to SDN. We identify three base cases of the topology poisoning attack, in which the attack that requires a single compromised switch is a new variant of topology poisoning. We develop proof-of-concept implementations for these attacks in emulated networks based on OpenFlow, the most popular framework for SDN. We also evaluate the attacks in simulated networks by measuring how much additional traffic the attacker can divert to the compromised switches. A wide range of network topologies and routing algorithms are used in the simulations. The simulation results show that the discovered attacks are severe in many cases. Furthermore, the seriousness of the attacks increases according to the number of tunnels that the attacker can fabricate and also depends on the distance between the tunnel endpoints. The simulations indicate that network design can help to mitigate the attacks by, for example, shortening the paths between switches in the network, randomizing regular network structure, or increasing the load-balancing capability of the routing strategy. en
dc.format.extent 75+4
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.title Analysis of Topology Poisoning Attacks in Software-Defined Networking en
dc.type G2 Pro gradu, diplomityö en
dc.contributor.school Perustieteiden korkeakoulu fi
dc.subject.keyword software-defined networking en
dc.subject.keyword OpenFlow en
dc.subject.keyword topology poisoning attack en
dc.subject.keyword security en
dc.identifier.urn URN:NBN:fi:aalto-201512165560
dc.programme.major Security and Mobile Computing fi
dc.programme.mcode T3011 fi
dc.type.ontasot Master's thesis en
dc.type.ontasot Diplomityö fi
dc.contributor.supervisor Aura, Tuomas
dc.programme Master's Degree Programme in Security and Mobile Computing (NordSecMob) fi
local.aalto.openaccess yes
dc.rights.accesslevel openAccess
local.aalto.idinssi 52685
dc.type.publication masterThesis
dc.type.okm G2 Pro gradu, diplomityö

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication