Relay Type Link Fabrication Attack in SDN: A Review

Abstract

Software-defined Networking (SDN) is an innovative network architecture tailored to address the modern demands of network virtualization and cloud computing, which require features such as programmability, flexibility, agility, and openness to foster innovation. However, this architecture also brings forth new security challenges, particularly due to the separation of the data plane from the control plane. Our investigation centers on a specific vulnerability termed link fabrication, which can lead to topology poisoning. A compromised network topology can cause substantial disruptions across the entire network infrastructure. Through a systematic survey, we identified that significant research efforts have been directed towards mitigating link fabrication attacks. We classified the existing studies into six categories of vulnerabilities: Host-based, port amnesia, invisible assailant attack, topology freezing, switch-based link fabrication, and link latency. Furthermore, our survey highlights several open challenges in areas such as Programmable dataplane, dedicated attack trees and threat models, active defense and mitigation strategies, as well as controller awareness and machine learning. To address the vulnerabilities identified, we propose the implementation of a distance-bounding protocol concept at the control plane as a potential solution.