{"title":"通过设备指纹识别增强SDN的安全性","authors":"N. Gray, T. Zinner, P. Tran-Gia","doi":"10.23919/INM.2017.7987393","DOIUrl":null,"url":null,"abstract":"Software-defined Networking (SDN) provides an increased flexibility and cost savings by separating the data from the control plane. Despite these benefits, this separation also results in a greater attack surface as new devices and protocols are deployed. OpenFlow is one of these protocols and enables the communication between the switch and the controller. Ideally this connection takes place over an encrypted TLS channel, but as this feature is marked optional, it is not supported by all devices. This allows an attacker to eavesdrop and alter the communication, hence resulting in a comprised network. In this work, we demonstrate a new approach for authentication based on device fingerprinting to enhance the security in scenarios, where cryptographic mechanisms are unavailable.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"Enhancing SDN security by device fingerprinting\",\"authors\":\"N. Gray, T. Zinner, P. Tran-Gia\",\"doi\":\"10.23919/INM.2017.7987393\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software-defined Networking (SDN) provides an increased flexibility and cost savings by separating the data from the control plane. Despite these benefits, this separation also results in a greater attack surface as new devices and protocols are deployed. OpenFlow is one of these protocols and enables the communication between the switch and the controller. Ideally this connection takes place over an encrypted TLS channel, but as this feature is marked optional, it is not supported by all devices. This allows an attacker to eavesdrop and alter the communication, hence resulting in a comprised network. In this work, we demonstrate a new approach for authentication based on device fingerprinting to enhance the security in scenarios, where cryptographic mechanisms are unavailable.\",\"PeriodicalId\":119633,\"journal\":{\"name\":\"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/INM.2017.7987393\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/INM.2017.7987393","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Software-defined Networking (SDN) provides an increased flexibility and cost savings by separating the data from the control plane. Despite these benefits, this separation also results in a greater attack surface as new devices and protocols are deployed. OpenFlow is one of these protocols and enables the communication between the switch and the controller. Ideally this connection takes place over an encrypted TLS channel, but as this feature is marked optional, it is not supported by all devices. This allows an attacker to eavesdrop and alter the communication, hence resulting in a comprised network. In this work, we demonstrate a new approach for authentication based on device fingerprinting to enhance the security in scenarios, where cryptographic mechanisms are unavailable.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
