Misreporting attacks in software-defined networking

Quinn Burke; Patrick McDaniel; Thomas La Porta; Mingli Yu; Ting He

doi:10.1007/978-3-030-63086-7_16

Misreporting attacks in software-defined networking

Quinn Burke, Patrick McDaniel, Thomas La Porta, Mingli Yu, Ting He

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Load balancers enable efficient use of network resources by distributing traffic fairly across them. In software-defined networking (SDN), load balancing is most often realized by a controller application that solicits traffic load reports from network switches and enforces load balancing decisions through flow rules. This separation between the control and data planes in SDNs creates an opportunity for an adversary at a compromised switch to misreport traffic loads to influence load balancing. In this paper, we evaluate the ability of such an adversary to control the volume of traffic flowing through a compromised switch by misreporting traffic loads. We use a queuing theoretic approach to model the attack and develop algorithms for misreporting that allow an adversary to tune attack parameters toward specific adversarial goals. We validate the algorithms with a virtual network testbed, finding that through misreporting the adversary can draw nearly all of the load in the subnetwork (+750%, or 85% of the load in the system), or an adversary-desired amount of load (a target load, e.g., +200%) to within 12% error of that target. This is yet another example of how depending on untrustworthy reporting in making control decisions can lead to fundamental security failures.

Original language	English (US)
Title of host publication	Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings
Editors	Noseong Park, Kun Sun, Sara Foresti, Kevin Butler, Nitesh Saxena
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	276-296
Number of pages	21
ISBN (Print)	9783030630850
DOIs	https://doi.org/10.1007/978-3-030-63086-7_16
State	Published - 2020
Event	16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020 - Washington, United States Duration: Oct 21 2020 → Oct 23 2020

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	335
ISSN (Print)	1867-8211

Conference

Conference	16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020
Country	United States
City	Washington
Period	10/21/20 → 10/23/20

All Science Journal Classification (ASJC) codes

Computer Networks and Communications

Access to Document

10.1007/978-3-030-63086-7_16

Fingerprint Dive into the research topics of 'Misreporting attacks in software-defined networking'. Together they form a unique fingerprint.

Cite this

Burke, Q., McDaniel, P., Porta, T. L., Yu, M., & He, T. (2020). Misreporting attacks in software-defined networking. In N. Park, K. Sun, S. Foresti, K. Butler, & N. Saxena (Eds.), Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings (pp. 276-296). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 335). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-63086-7_16

Burke, Quinn ; McDaniel, Patrick ; Porta, Thomas La ; Yu, Mingli ; He, Ting. / Misreporting attacks in software-defined networking. Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. editor / Noseong Park ; Kun Sun ; Sara Foresti ; Kevin Butler ; Nitesh Saxena. Springer Science and Business Media Deutschland GmbH, 2020. pp. 276-296 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{ed4da3196d5049f18648c1e2a8bd0e05,

title = "Misreporting attacks in software-defined networking",

abstract = "Load balancers enable efficient use of network resources by distributing traffic fairly across them. In software-defined networking (SDN), load balancing is most often realized by a controller application that solicits traffic load reports from network switches and enforces load balancing decisions through flow rules. This separation between the control and data planes in SDNs creates an opportunity for an adversary at a compromised switch to misreport traffic loads to influence load balancing. In this paper, we evaluate the ability of such an adversary to control the volume of traffic flowing through a compromised switch by misreporting traffic loads. We use a queuing theoretic approach to model the attack and develop algorithms for misreporting that allow an adversary to tune attack parameters toward specific adversarial goals. We validate the algorithms with a virtual network testbed, finding that through misreporting the adversary can draw nearly all of the load in the subnetwork (+750%, or 85% of the load in the system), or an adversary-desired amount of load (a target load, e.g., +200%) to within 12% error of that target. This is yet another example of how depending on untrustworthy reporting in making control decisions can lead to fundamental security failures.",

author = "Quinn Burke and Patrick McDaniel and Porta, {Thomas La} and Mingli Yu and Ting He",

note = "Funding Information: Acknowledgements. This research was sponsored by the U.S. Army Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on. This work was also supported in part by the National Science Foundation under award CNS-1946022.; 16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020 ; Conference date: 21-10-2020 Through 23-10-2020",

year = "2020",

doi = "10.1007/978-3-030-63086-7_16",

language = "English (US)",

isbn = "9783030630850",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "276--296",

editor = "Noseong Park and Kun Sun and Sara Foresti and Kevin Butler and Nitesh Saxena",

booktitle = "Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings",

address = "Germany",

}

Burke, Q, McDaniel, P, Porta, TL, Yu, M & He, T 2020, Misreporting attacks in software-defined networking. in N Park, K Sun, S Foresti, K Butler & N Saxena (eds), Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 335, Springer Science and Business Media Deutschland GmbH, pp. 276-296, 16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020, Washington, United States, 10/21/20. https://doi.org/10.1007/978-3-030-63086-7_16

Misreporting attacks in software-defined networking. / Burke, Quinn; McDaniel, Patrick; Porta, Thomas La; Yu, Mingli; He, Ting.

Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. ed. / Noseong Park; Kun Sun; Sara Foresti; Kevin Butler; Nitesh Saxena. Springer Science and Business Media Deutschland GmbH, 2020. p. 276-296 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 335).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Misreporting attacks in software-defined networking

AU - Burke, Quinn

AU - McDaniel, Patrick

AU - Porta, Thomas La

AU - Yu, Mingli

AU - He, Ting

N1 - Funding Information: Acknowledgements. This research was sponsored by the U.S. Army Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on. This work was also supported in part by the National Science Foundation under award CNS-1946022.

PY - 2020

Y1 - 2020

N2 - Load balancers enable efficient use of network resources by distributing traffic fairly across them. In software-defined networking (SDN), load balancing is most often realized by a controller application that solicits traffic load reports from network switches and enforces load balancing decisions through flow rules. This separation between the control and data planes in SDNs creates an opportunity for an adversary at a compromised switch to misreport traffic loads to influence load balancing. In this paper, we evaluate the ability of such an adversary to control the volume of traffic flowing through a compromised switch by misreporting traffic loads. We use a queuing theoretic approach to model the attack and develop algorithms for misreporting that allow an adversary to tune attack parameters toward specific adversarial goals. We validate the algorithms with a virtual network testbed, finding that through misreporting the adversary can draw nearly all of the load in the subnetwork (+750%, or 85% of the load in the system), or an adversary-desired amount of load (a target load, e.g., +200%) to within 12% error of that target. This is yet another example of how depending on untrustworthy reporting in making control decisions can lead to fundamental security failures.

AB - Load balancers enable efficient use of network resources by distributing traffic fairly across them. In software-defined networking (SDN), load balancing is most often realized by a controller application that solicits traffic load reports from network switches and enforces load balancing decisions through flow rules. This separation between the control and data planes in SDNs creates an opportunity for an adversary at a compromised switch to misreport traffic loads to influence load balancing. In this paper, we evaluate the ability of such an adversary to control the volume of traffic flowing through a compromised switch by misreporting traffic loads. We use a queuing theoretic approach to model the attack and develop algorithms for misreporting that allow an adversary to tune attack parameters toward specific adversarial goals. We validate the algorithms with a virtual network testbed, finding that through misreporting the adversary can draw nearly all of the load in the subnetwork (+750%, or 85% of the load in the system), or an adversary-desired amount of load (a target load, e.g., +200%) to within 12% error of that target. This is yet another example of how depending on untrustworthy reporting in making control decisions can lead to fundamental security failures.

UR - http://www.scopus.com/inward/record.url?scp=85098279259&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85098279259&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-63086-7_16

DO - 10.1007/978-3-030-63086-7_16

M3 - Conference contribution

AN - SCOPUS:85098279259

SN - 9783030630850

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 276

EP - 296

BT - Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings

A2 - Park, Noseong

A2 - Sun, Kun

A2 - Foresti, Sara

A2 - Butler, Kevin

A2 - Saxena, Nitesh

PB - Springer Science and Business Media Deutschland GmbH

T2 - 16th International Conference on Security and Privacy in Communication Networks, SecureComm 2020

Y2 - 21 October 2020 through 23 October 2020

ER -

Burke Q, McDaniel P, Porta TL, Yu M, He T. Misreporting attacks in software-defined networking. In Park N, Sun K, Foresti S, Butler K, Saxena N, editors, Security and Privacy in Communication Networks - 16th EAI International Conference, SecureComm 2020, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 276-296. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). https://doi.org/10.1007/978-3-030-63086-7_16