软件定义网络中的定时旁信道攻击防范

2021 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE) Pub Date : 2021-12-08 DOI:10.1109/CSDE53843.2021.9718377

Faizan Shoaib, Yang-Wai Chow, Elena Vlahu-Gjorgievska

{"title":"软件定义网络中的定时旁信道攻击防范","authors":"Faizan Shoaib, Yang-Wai Chow, Elena Vlahu-Gjorgievska","doi":"10.1109/CSDE53843.2021.9718377","DOIUrl":null,"url":null,"abstract":"Software-defined networking (SDN) is a technology for programming and efficiently managing networks. SDNs are prone to numerous threats, such as Distributed Denial of Service (DDoS), Man-in-the-middle, ARP Spoofing, Side-channels, and several other attacks. Separation of the data plane from the control plane makes SDN vulnerable to timing side-channel attacks. By comparing the response time of probe queries, an adversary can infer a pattern of request, which can invoke the controller and eventually discover information about the network. An adversary can apply these attacks to extract flow tables, routes, controller type, ports, etc. In this paper, we propose a novel security solution ‘Netkasi’ (kaŝi means ‘hide’ in Esperanto), to counter timing side-channel attacks in SDN. This solution hides the original response time information from the attacker and provides random response timing. As this security solution is designed to integrate with SDN, its architecture ensures minimal impact on the network traffic and consumption of network resources. The current solutions are a massive overhead on the network, whereas ‘Netkasi’ is implemented as a peripheral solution having its resources without causing significant overhead on the traffic. Analysis of the overall design shows that our solution is effective for the prevention of timing side-channel attacks in SDN.","PeriodicalId":166950,"journal":{"name":"2021 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Preventing Timing Side-Channel Attacks in Software-Defined Networks\",\"authors\":\"Faizan Shoaib, Yang-Wai Chow, Elena Vlahu-Gjorgievska\",\"doi\":\"10.1109/CSDE53843.2021.9718377\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software-defined networking (SDN) is a technology for programming and efficiently managing networks. SDNs are prone to numerous threats, such as Distributed Denial of Service (DDoS), Man-in-the-middle, ARP Spoofing, Side-channels, and several other attacks. Separation of the data plane from the control plane makes SDN vulnerable to timing side-channel attacks. By comparing the response time of probe queries, an adversary can infer a pattern of request, which can invoke the controller and eventually discover information about the network. An adversary can apply these attacks to extract flow tables, routes, controller type, ports, etc. In this paper, we propose a novel security solution ‘Netkasi’ (kaŝi means ‘hide’ in Esperanto), to counter timing side-channel attacks in SDN. This solution hides the original response time information from the attacker and provides random response timing. As this security solution is designed to integrate with SDN, its architecture ensures minimal impact on the network traffic and consumption of network resources. The current solutions are a massive overhead on the network, whereas ‘Netkasi’ is implemented as a peripheral solution having its resources without causing significant overhead on the traffic. Analysis of the overall design shows that our solution is effective for the prevention of timing side-channel attacks in SDN.\",\"PeriodicalId\":166950,\"journal\":{\"name\":\"2021 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE)\",\"volume\":\"68 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSDE53843.2021.9718377\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSDE53843.2021.9718377","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

软件定义网络(SDN)是一种用于网络编程和有效管理的技术。sdn容易受到多种威胁，例如DDoS (Distributed Denial of Service)、中间人攻击(Man-in-the-middle)、ARP欺骗、侧信道攻击等。数据平面与控制平面的分离使得SDN容易受到定时侧信道攻击。通过比较探测查询的响应时间，攻击者可以推断出请求的模式，该模式可以调用控制器并最终发现有关网络的信息。攻击者可以应用这些攻击来提取流表、路由、控制器类型、端口等。在本文中，我们提出了一种新的安全解决方案“Netkasi”(kaŝi在世界语中的意思是“隐藏”)，以对抗SDN中的定时侧信道攻击。该解决方案对攻击者隐藏了原始响应时间信息，并提供随机响应时间。由于该安全解决方案是与SDN集成设计的，因此其架构可以确保对网络流量和网络资源消耗的影响最小。当前的解决方案在网络上的开销很大，而“Netkasi”是作为一个外围解决方案实现的，它拥有自己的资源，而不会对流量造成很大的开销。通过对总体设计的分析，我们的方案能够有效地防止SDN中的时序侧信道攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Preventing Timing Side-Channel Attacks in Software-Defined Networks

Software-defined networking (SDN) is a technology for programming and efficiently managing networks. SDNs are prone to numerous threats, such as Distributed Denial of Service (DDoS), Man-in-the-middle, ARP Spoofing, Side-channels, and several other attacks. Separation of the data plane from the control plane makes SDN vulnerable to timing side-channel attacks. By comparing the response time of probe queries, an adversary can infer a pattern of request, which can invoke the controller and eventually discover information about the network. An adversary can apply these attacks to extract flow tables, routes, controller type, ports, etc. In this paper, we propose a novel security solution ‘Netkasi’ (kaŝi means ‘hide’ in Esperanto), to counter timing side-channel attacks in SDN. This solution hides the original response time information from the attacker and provides random response timing. As this security solution is designed to integrate with SDN, its architecture ensures minimal impact on the network traffic and consumption of network resources. The current solutions are a massive overhead on the network, whereas ‘Netkasi’ is implemented as a peripheral solution having its resources without causing significant overhead on the traffic. Analysis of the overall design shows that our solution is effective for the prevention of timing side-channel attacks in SDN.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE)

自引率

0.00%

发文量