{"title":"Enhancing SDN security by device fingerprinting","authors":"N. Gray, T. Zinner, P. Tran-Gia","doi":"10.23919/INM.2017.7987393","DOIUrl":null,"url":null,"abstract":"Software-defined Networking (SDN) provides an increased flexibility and cost savings by separating the data from the control plane. Despite these benefits, this separation also results in a greater attack surface as new devices and protocols are deployed. OpenFlow is one of these protocols and enables the communication between the switch and the controller. Ideally this connection takes place over an encrypted TLS channel, but as this feature is marked optional, it is not supported by all devices. This allows an attacker to eavesdrop and alter the communication, hence resulting in a comprised network. In this work, we demonstrate a new approach for authentication based on device fingerprinting to enhance the security in scenarios, where cryptographic mechanisms are unavailable.","PeriodicalId":119633,"journal":{"name":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/INM.2017.7987393","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 15
Abstract
Software-defined Networking (SDN) provides an increased flexibility and cost savings by separating the data from the control plane. Despite these benefits, this separation also results in a greater attack surface as new devices and protocols are deployed. OpenFlow is one of these protocols and enables the communication between the switch and the controller. Ideally this connection takes place over an encrypted TLS channel, but as this feature is marked optional, it is not supported by all devices. This allows an attacker to eavesdrop and alter the communication, hence resulting in a comprised network. In this work, we demonstrate a new approach for authentication based on device fingerprinting to enhance the security in scenarios, where cryptographic mechanisms are unavailable.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
