A new approach for detecting violation of data plane integrity in Software Defined Networks

Article type: Research Article

Authors: Hessam, Ghandi^{a; *} | Saba, Ghassan^b | Alkhayat, M. Iyad^a

Affiliations: [a] Department of Systems and Computer Networks, Faculty of Information Technology Engineering, Damascus University, Syria. E-mails: ghandi.hessam@damascusuniversity.edu.sy, iyad.khayat@damascusuniversity.edu.sy | [b] Informatics Engineering, Higher Institute for Applied Sciences and Technology, Syria. E-mail: ghassan.saba@hiast.edu.sy

Correspondence: [*] Corresponding author. E-mail: ghandi.hessam@damascusuniversity.edu.sy.

Abstract: The scale of Software Defined Networks (SDN) is expanding rapidly and the demands for security reinforcement are increasing. SDN creates new targets for potential security threats such as the SDN controller and networking devices in the data plane. Violation of data plane integrity might lead to abnormal behaviors of the overall network. In this paper, we propose a new security approach for OpenFlow-based SDN in order to detect violation of switches flow tables integrity and successfully locate the compromised switches online. We cover all aspects of integrity violation including flow rule adding, modifying and removing by an unauthorized entity. We achieve this by using the cookie field in the OpenFlow protocol to put in a suitable digest (hash) value for each flow entry. Moreover, we optimize our method performance by calculating a global digest value for the entire switch’s flow table that decides whether a switch is suspected of being compromised. Our method is also able to determine and handle false alarms that affect the coherence of a corresponding table digest. The implementation is a reactive java module integrated with the Floodlight controller. In addition, we introduce a performance evaluation for three different SDN topologies.

Keywords: Compromised switches, data plane security, floodlight controller, SDN security, Software Defined Networks (SDN)

DOI: 10.3233/JCS-200094

Journal: Journal of Computer Security, vol. 29, no. 3, pp. 341-358, 2021