Analysis of Topology Poisoning Attacks in Software-Defined Networking

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorAntikainen, Markku
dc.contributor.authorBui, Thanh
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorAura, Tuomas
dc.date.accessioned2015-12-16T07:33:18Z
dc.date.available2015-12-16T07:33:18Z
dc.date.issued2015-08-24
dc.description.abstractSoftware-defined networking (SDN) is an emerging architecture with a great potential to foster the development of modern networks. By separating the control plane from the network devices and centralizing it at a software-based controller, SDN provides network-wide visibility and flexible programmability to network administrators. However, the security aspects of SDN are not yet fully understood. For example, while SDN is resistant to some topology poisoning attacks in which the attacker misleads the routing algorithm about the network structure, similar attacks by compromised hosts and switches are still known to be possible. The goal of this thesis is to thoroughly analyze the topology poisoning attacks initiated by compromised switches and to identify whether they are a threat to SDN. We identify three base cases of the topology poisoning attack, in which the attack that requires a single compromised switch is a new variant of topology poisoning. We develop proof-of-concept implementations for these attacks in emulated networks based on OpenFlow, the most popular framework for SDN. We also evaluate the attacks in simulated networks by measuring how much additional traffic the attacker can divert to the compromised switches. A wide range of network topologies and routing algorithms are used in the simulations. The simulation results show that the discovered attacks are severe in many cases. Furthermore, the seriousness of the attacks increases according to the number of tunnels that the attacker can fabricate and also depends on the distance between the tunnel endpoints. The simulations indicate that network design can help to mitigate the attacks by, for example, shortening the paths between switches in the network, randomizing regular network structure, or increasing the load-balancing capability of the routing strategy.en
dc.format.extent75+4
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/19042
dc.identifier.urnURN:NBN:fi:aalto-201512165560
dc.language.isoenen
dc.programmeMaster's Degree Programme in Security and Mobile Computing (NordSecMob)fi
dc.programme.majorSecurity and Mobile Computingfi
dc.programme.mcodeT3011fi
dc.rights.accesslevelopenAccess
dc.subject.keywordsoftware-defined networkingen
dc.subject.keywordOpenFlowen
dc.subject.keywordtopology poisoning attacken
dc.subject.keywordsecurityen
dc.titleAnalysis of Topology Poisoning Attacks in Software-Defined Networkingen
dc.typeG2 Pro gradu, diplomityöen
dc.type.okmG2 Pro gradu, diplomityö
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
dc.type.publicationmasterThesis
local.aalto.idinssi52685
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Bui_Thanh_2015.pdf
Size:
1.6 MB
Format:
Adobe Portable Document Format