An Investigation of Topology Poisoning Attacks in Software Defined Networks Through Exploiting Link Layer Discovery Protocol

Year 2021, Volume: 26 Issue: 2, 589 - 608, 31.08.2021

M.serkan Tok Mehmet Demirci

https://doi.org/10.17482/uumfd.769939

Abstract

In software defined networks (SDNs), data plane and control plane on the conventional network devices are separated and packet forwarding decisions are taken by the controller in charge of the entire network. The necessity of managing all the network operations not only facilitates control for the controller but also causes some security vulnerabilities and new attack surfaces in SDNs. In this study, Link Layer Discovery Protocol (LLDP), which forms the basis of OpenFlow Discovery Protocol (OFDP) for topology discovery in SDNs, is exploited to poison the topology by adding fabricated links to the controller. Fake LLDP Injection and LLDP replay techniques are used to create fake links on the controller and network access status of end devices are evaluated during attacks. Our findings demonstrate that the Floodlight controller is vulnerable to attacks based on LLDP exploitation and it is possible to create fake links on the controller. Due to the fake links, it is determined that invalid routes are created on controller and despite having other active links, end devices subject to invalid routes lost their access to network. Thus, attacks on the data link layer affect the performance of the network negatively. 

Keywords

Software Defined Network, Link Layer Discovery Protocol, LLDP, OpenFlow, Floodlight, Cyber Security.

YAZILIM TANIMLI AĞLARDA BAĞLANTI KATMANI KEŞİF PROTOKOLÜNÜN İSTİSMARINA DAYALI TOPOLOJİ ZEHİRLEME SALDIRILARININ İNCELENMESİ

Abstract

Yazılım tanımlı ağlar, geleneksel ağ mimarilerindeki ağ cihazları üzerinde bulunan veri düzlemi ve kontrol düzleminin ayrıldığı ve ağın tamamına hâkim merkezi kontrolcüler tarafından paket iletim kararlarının alındığı bir ağ teknolojisidir. Kontrolcünün ağın bütün işleyişini yönetme zorunluluğu kontrol kolaylığı sağladığı gibi güvenlik açıklıkları da yaratabilmektedir. Bu çalışmada, ele geçirilen uç cihazlar üzerinden kontrolcünün yazılım tanımlı ağ topolojisini keşfetmede kullandığı OpenFlow Keşif Protokolünün (OFDP – OpenFlow Discovery Protocol) temelini oluşturan bağlantı katmanı keşif protokolünün (LLDP- Link Layer Discovery Protocol) kötüye kullanımı vasıtasıyla LLDP Enjeksiyonu ve LLDP yeniden gönderim saldırıları gerçekleştirilmiş, saldırı sonrasında kontrolcü üzerinde tutulan topoloji ve ağdaki uç cihazların bağlantı durumları tespit edilmiştir. Yapılan saldırı testleri sonucunda Floodlight kontrolcünün LLDP istismarını temel alan saldırılara karşı savunmasız olduğu ve kontrolcü üzerinde sahte bağlantı kayıtları oluşturulmasının mümkün olduğu görülmüştür. Ayrıca, kontrolcünün saldırı neticesinde kayıtlanmış sahte linkleri dikkate alarak geçersiz rotalar hesapladığı, bu rotaları kullanması ön görülen uç cihazların erişiminin kesildiği ve ağın genel başarımında azalma olduğu gözlemlenmiştir.

Keywords

Siber GÜvenlik, Yazılım Tanımlı Ağ, Bağlantı Katmanı Keşif Protokolü, LLDP, OpenFlow, Floodlight

References

• Abazari, F., Esposito, F., Takabi, H., Hosseinvand, H., Pecorella, T. (2019). Teaching software-defined network security through malicious tenant detection. Internet Technology Letters, 2(6). doi: 10.1002/itl2.131.
• Alharbi, T., Portmann, M., Pakzad, F. (2015). The (in)security of Topology Discovery in Software Defined Networks. 2015 IEEE 40th Conference on Local Computer Networks (LCN). doi:10.1109/lcn.2015.7366363.
• Alimohammadifar, A., Majumdar, S., Madi, T., Jarraya, Y., Pourzandi, M., Wang, L., Debbabi, M. (2018). Stealthy Probing-Based Verification (SPV): An Active Approach to Defending Software Defined Networks Against Topology Poisoning Attacks. Computer Security Lecture Notes in Computer Science, 463–484. doi: 10.1007/978-3-319-98989-1_23
• Azzouni, A., Trang, N. T. M., Boutaba, R., Pujolle, G. (2017). Limitations of openflow topology discovery protocol. 2017 16th Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net). doi: 10.1109/medhocnet.2017.8001642.
• Baidya, S. S., Hewett, R. (2020). Link discovery attacks in software-defined networks: Topology poisoning and impact analysis. Journal of Communications, 596-606. doi:10.12720/jcm.15.8.596-606
• Bierman, A., & Jones, K. (2000). Physical topology mib. Retrieved March 20, 2021, from https://tools.ietf.org/html/rfc2922
• Bui, T., Antikainen, M., & Aura, T. (2019). Analysis of topology poisoning attacks in software-defined networking. Secure IT Systems, 87-102. doi:10.1007/978-3-030-35055-0_6
• Chou, L., Liu, C., Lai, M., Chiu, K., Tu, H., Su, S., . . . Tsai, W. (2020). Behavior anomaly detection in sdn control plane: A case study of topology discovery attacks. Wireless Communications and Mobile Computing, 2020, 1-16. doi:10.1155/2020/8898949
• Cisco Systems. (2006, June 29). LLDP-MED and cisco discovery Protocol [IP telephony/voice over IP (VoIP)]. Retrieved March 20, 2021, from https://www.cisco.com/en/US/technologies/tk652/tk701/technologies_white_paper0900aecd804cd46d.html
• Combe, T., Mallouli, W., Cholez, T., Mathieu, B., & Oca, E. (2018). An SDN and NFV Use Case: NDN Implementation and Security Monitoring. In Zhu, S. Scott-Hayward, L. Jacquin, R. Hill (Eds.), Guide to Securıty in SDN and NFV: Challenges, opportunities, and applications. SPRINGER INTERNATIONAL PU.
• Congdon, P. (2002). Link layer discovery protocol and MIB. V1. 0 May, 20(2002), 1-20. doi: 10.1.1.564.3010.
• Demirci, S., Yurekten, O., Demirci, M. (2019). Yazılım Tanımlı Ağlar ve Siber Güvenlik. In S. Sagiroglu (Ed.), Siber Güvenlik ve Savunma: Standartlar ve Uygulamalar (pp. 123–144). Bilgi Güvenliği Derneği, Ankara.
• Duan, Q., Al-Shaer, E., Jafarian, H. (2013). Efficient random route mutation considering flow and network constraints. 2013 IEEE Conference on Communications and Network Security (CNS). doi:10.1109/cns.2013.6682715
• Feamster, N., Rexford, J., Zegura, E. (2014). The road to sdn: An intellectual history of programmable networks. ACM SIGCOMM Computer Communication Review, 44(2), 87-98. doi:10.1145/2602204.2602219
• Göransson Paul, Black, C., & Culver, T. (2017). Software defined networks: a comprehensive approach, Amsterdam, Elsevier.
• Hakiri, A., Gokhale, A., Berthou, P., Schmidt, D. C., & Gayraud, T. (2014). Software-defined networking: Challenges and research opportunities for future internet. Computer Networks, 75, 453-471.
• Hong, S., Xu, L., Wang, H., Gu, G. (2015). Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures. Proceedings 2015 Network and Distributed System Security Symposium. doi: 10.14722/ndss.2015.23283.
• Hu, F., Hao, Q., & Bao, K. (2014). A survey on software-defined network and openFlow: from concept to implementation. IEEE Communications Surveys & Tutorials, 16(4), 2181-2206.
• Kaur, N., Singh, A. K., Kumar, N., Srivastava, S. (2017). Performance impact of topology poisoning attack in SDN and its countermeasure. Proceedings of the 10th International Conference on Security of Information and Networks - SIN '17. doi:10.1145/3136825.3136881.
• Krawczyk, H., Bellare, M., & Canetti, R. (1997). HMAC: Keyed-Hashing for message authentication. doi:10.17487/rfc2104
• Marin, E., Bucciol, N., & Conti, M. (2019). An in-depth look into sdn topology discovery mechanisms. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. doi:10.1145/3319535.3354194
• Mininet, (2018). Mininet. Erişim Adresi: https://mininet.org (Erişim Tarihi: 15.06.2020).
• Nehra, A., Tripathi, M., Gaur, M. S. (2017). 'Global view' in SDN: Existing implementation, vulnerabilities & threats. Proceedings of the 10th International Conference on Security of Information and Networks - SIN '17. doi:10.1145/3136825.3136862.
• Nehra, A. (2019). Archıtectural Improvements For Secure Sdn Topology Dıscovery (Yayınlanmamış doktora tezi). India / Malaviya National Institute of Technology Jaıpur. http://idr.mnit.ac.in/bitstream/handle/123456789/941/2014RCP9553-Ajay%20Nehra.pdf?sequence=1&isAllowed=y (Erişim Tarihi: 23 Mart 2021)
• Ochoa-Aday, L., Cervelló-Pastor, C.,Fernández-Fernández, Adriana. (2015). Current Trends of Topology Discovery in OpenFlow-based Software Defined Networks. doi: 10.13140/RG.2.2.12222.89929.
• Odom, W. (2020). CCNA 200-301 Official Cert Guide, Volume 2. Hoboken, NJ: Cisco Press.
• Pakzad, F., Portmann, M., Tan, W. L., & Indulska, J. (2016). Efficient topology discovery in openflow-based software defined networks. Computer Communications, 77, 52-61. doi:10.1016/j.comcom.2015.09.013
• Smyth, D., Mcsweeney, S., Oshea, D., Cionca, V. (2017). Detecting Link Fabrication Attacks in Software-Defined Networks. 2017 26th International Conference on Computer Communication and Networks (ICCCN). doi: 10.1109/icccn.2017.803843.
• Tok, M.S., Demirci, M. (2021). Security analysis of SDN controller-based DHCP services and attack mitigation with DHCPguard, Computers & Security, 109, 102394, doi:10.1016/j.cose.2021.102394.
• Vyncke, E., Paggen, C. (2008). LAN switch security: What hackers know about your switches. Indianapolis, Cisco Press.
• Wang, J., Tan, Y., Liu, J., Zhang, Y. (2020). Topology Poisoning Attack in SDN-enabled Vehicular Edge Network. IEEE Internet of Things Journal, 1–1. doi: 10.1109/jiot.2020.2984088.
• Wang X., Gao N., Zhang L., Liu Z., Wang L. (2016) Novel MITM Attacks on Security Protocols in SDN: A Feasibility Study. 2016 International Conference on Information and Communications Security. doi: 10.1007/978-3-319-50011-9_35.