Vulnerability Assessment and Robust Defenses for Optimized Attacks in Dynamic SDNs Experiment

---

Impacts :

Impact 1: Enhanced EU – US cooperation in Next Generation Internet, including policy cooperation.
This project clearly sets out to target shared values of the EU and US, such as openness, dependability,
and security.
It proposes a thorough study that aims at extending the use of the Software-Defined Networking paradigm beyond its current use mostly in private, enterprise networks. The project addresses the following topics of the fourth NGIAtlantic call:

• b.1) Strengthening the trustworthiness and resilience of the internet,
• b.4) Open Internet architecture renovation.

It does so by implementing techniques for increasing an SDN network’s robustness, and capability to promptly react to intentional attacks or to network failures possibly due to natural phenomena, or disasters.

Impact 2: Reinforced collaboration and increased synergies between the Next Generation Internet and the Tomorrow's Internet programmes.
The NGI and Tomorrow’s Internet initiatives aim at reshaping the internet to face important challenges to respond to fundamental needs of trust, security, dependability, and energy-efficient internet. With the purpose of creating a trustworthy paradigm where a controller is in charge of optimizing the network reaction to external attacks or to upcoming performance issues, the project brings together researchers from both EU and US to share knowledge, build common goals and pave the path to new common research and experiments.

Impact 3: Developing interoperable solutions and joint demonstrators, contributions to standards.
The experimental study conducted by this project will serve two purposes. The first is to highlight vulnerabilities of current SDN implementation, with the realization of a real experiment where some switches of an SDN architecture will be targeted by a cache pollution attack, with the objective of slowing down the network and causing legitimate flows to request a controller intervention for setting up their flow rules at switches.
Considering the vulnerabilities evidenced above, the second purpose is to implement and evaluate various defense techniques. We will consider novel cache replacement policies, specifically tailored to ensure robustness against the aforementioned attacks. We will also consider dynamic resource provisioning policies, where vulnerable areas of the network will be first detected by means of either passive or active end-to-end measurements, then reinforced by means of the addition of new nodes and links, which creates alternative paths for load balancing, and attack neutralization.

Impact 4: An EU - US ecosystem of top researchers, hi-tech start-ups / SMEs and Internet-related communities collaborating on the evolution of the Internet
According to the NGIatlantic program, the project will foster the development of joint research and related experiments which build upon previous work performed both jointly and individually by the two partners of the project consortium.
The consortium will devote most of its efforts to the development of a common experimental testbed that will create opportunities for partners in the EU and US to carry on additional research grounding on the results of the project.

 

Results :

With the proposed experiments, we want to contribute to the improvement of the efficiency and the resilience of software-defined networks.

The first batch of experiments prove that end to end measurements are sensitive to the state of the cache of the switches. They show how the round trip time of a packet is highly dependent on the outcome of the flow rule retrieval from the switches’ tables, i.e., if the switch generated a miss or a hit.

A second batch of experiments were driven on the mininet simulator to test efficient rule installation policies. We implemented two strategies, all at once and one-by-one. Our experiments highlight how the all at once strategy requires less time, as ideally only one switch on the path produces a miss, but other cache misses may occur because of flow rule installation asynchrony among switches.  This phenomenon can be avoided by including an artificial delay to allow all switches to synchronise. These experiments allowed us to understand and propose a best practice for rule installation.

The third batch of experiments shows how end-to-end monitoring can be useful to detect delays happening within a node, and reactively respond to them by making requests on the controller. The communication between the monitors and the controller does not use the OpenFlow protocol, as it makes use of a dedicated VLAN, that does not involve the network nodes (switches). Therefore it does not inject traffic in the controller’s southbound channel. We propose a differently strategy from those in existing work for flow redirection, as our method is able to localize delays due to cache-pollution attacks.

Future Plan :

The project characterized key vulnerabilities of SDNs. It demonstrated how DoS and cache pollution attacks can be used to overwhelm the data and control planes of the network. This project presents a monitoring system and a routing mechanism for SDNs; that can detect and react to DoS, cache pollution attacks and in general to performance anomalies. These kinds of attacks are hard to detect for a controller, which is unable to tell apart malicious and legitimate traffic. It experiences very high congestion because of the many frequent requests for rule installation by the network switch under attack. With our experimental campaign, mostly carried out on a real test-bed, we propose a resilient proactive defence mechanism that exploits end-to-end monitoring based on stochastic network tomography. This is able to detect unexpected delays and provide the necessary information to the controller to reroute legitimate traffic in a resilient manner.

This project has brought out several interesting aspects that we plan to investigate in the next months as future work. The two teams are currently working on the design and analysis of different rule update strategies. Our goal is to understand the possible solutions that a controller can implement to keep the network up-to-date while minimizing the miss ratio and latency due to switch-controller communication and rule installation. This project also gave us the opportunity to become familiar with real implementations of SDNs. It is our plan to take advantage of this new experience and to invest in designing  solutions for green SDNs, where ports and switches can be turned off or set in sleep mode to save energy while guaranteeing QoS. Our prototype can greatly support our work by providing real energy consumption measurements that can be beneficial to the whole SDN community.

Key results

• An implementation of a network tomography-based monitoring system on a small SDN architecture.

• Accepted paper: Viviana Arrigoni, Novella Bartolini, Annalisa Massini, and Federico Trombetti. A Bayesian approach to network monitoring for progressive failure localization. IEEE/ACM Transactions on Networking, 2022

• Accepted paper: V. Arrigoni, M. Prata, N. Bartolini, "Tomography-based progressive network recovery and critical service restoration after massive failures", to appear in IEEE Proceedings of the International Conference on Computer Communications (IEEE INFOCOM 2023)

Expected TRL at experiment completition :

4

NGI related Topic :

Strengthening Trustworthiness and Resilience Of the Internet

Call Reference :

4