DHCP DoS and starvation attacks on SDN controllers and their mitigation

IF 1.5 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Computer Virology and Hacking Techniques Pub Date : 2023-05-30 DOI:10.1007/s11416-023-00483-0

Hafiz Usama Ishtiaq, Areeb Ahmed Bhutta, Adnan Noor Mian

{"title":"DHCP DoS and starvation attacks on SDN controllers and their mitigation","authors":"Hafiz Usama Ishtiaq, Areeb Ahmed Bhutta, Adnan Noor Mian","doi":"10.1007/s11416-023-00483-0","DOIUrl":null,"url":null,"abstract":"Software Defined Networking (SDN) technology offers possibilities to improve network administration through a separate central controller for network switching devices. However, security in SDN is a critical issue and SDN faces new challenges due to shared protocols, inherits flaws from traditional networks and control flexibility. Dynamic Host Configuration Protocol (DHCP) is a crucial protocol for SDN, but DHCP itself poses a security risk to SDN. In our study we performed security analysis for DHCP attacks on RYU, OpenDaylight and Floodlight, three popular SDN controllers. Our research demonstrates that they are vulnerable to starvation attacks and denial of service attacks by flooding DHCP discovery messages, slowing down networks and overloading controllers. In order to address these problems, we looked at state-of-the-art DHCP security approaches and evaluated their performance on these SDN controllers. We proposed and implemented a DHCP security algorithm on the RYU controller based on our analysis. Our solution utilize flexibility of SDN controller to identify discovery flood packets and verify authentic hosts to mitigate effects of DHCP attacks. Furthermore, the proposed solution transfers the authentic flows to switch for reduction in controller load. We demonstrate that without significant computational load the suggested method successfully rejects malicious DHCP packets, restores the IP address pool, and mitigates the harmful network consequences of DHCP-related attacks. The proposed solution improves the throughput by 3.6 times, transferred data by 66.8%, CPU usage by 93.9% and packet loss by 95% compared to the conventional RYU controller.","PeriodicalId":15545,"journal":{"name":"Journal of Computer Virology and Hacking Techniques","volume":null,"pages":null},"PeriodicalIF":1.5000,"publicationDate":"2023-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Virology and Hacking Techniques","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s11416-023-00483-0","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 1

Abstract

Software Defined Networking (SDN) technology offers possibilities to improve network administration through a separate central controller for network switching devices. However, security in SDN is a critical issue and SDN faces new challenges due to shared protocols, inherits flaws from traditional networks and control flexibility. Dynamic Host Configuration Protocol (DHCP) is a crucial protocol for SDN, but DHCP itself poses a security risk to SDN. In our study we performed security analysis for DHCP attacks on RYU, OpenDaylight and Floodlight, three popular SDN controllers. Our research demonstrates that they are vulnerable to starvation attacks and denial of service attacks by flooding DHCP discovery messages, slowing down networks and overloading controllers. In order to address these problems, we looked at state-of-the-art DHCP security approaches and evaluated their performance on these SDN controllers. We proposed and implemented a DHCP security algorithm on the RYU controller based on our analysis. Our solution utilize flexibility of SDN controller to identify discovery flood packets and verify authentic hosts to mitigate effects of DHCP attacks. Furthermore, the proposed solution transfers the authentic flows to switch for reduction in controller load. We demonstrate that without significant computational load the suggested method successfully rejects malicious DHCP packets, restores the IP address pool, and mitigates the harmful network consequences of DHCP-related attacks. The proposed solution improves the throughput by 3.6 times, transferred data by 66.8%, CPU usage by 93.9% and packet loss by 95% compared to the conventional RYU controller.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

SDN控制器上的DHCP DoS和饥饿攻击及其缓解

软件定义网络(SDN)技术通过网络交换设备的单独中央控制器提供了改进网络管理的可能性。然而，SDN的安全性是一个关键问题，由于协议共享、继承传统网络的缺陷和控制灵活性，SDN面临着新的挑战。DHCP (Dynamic Host Configuration Protocol)是SDN的关键协议，但DHCP本身也会给SDN带来安全风险。在我们的研究中，我们对RYU、OpenDaylight和Floodlight这三种流行的SDN控制器的DHCP攻击进行了安全分析。我们的研究表明，它们很容易受到饥饿攻击和拒绝服务攻击，通过淹没DHCP发现消息，减缓网络和超载控制器。为了解决这些问题，我们研究了最先进的DHCP安全方法，并评估了它们在这些SDN控制器上的性能。在此基础上，提出并实现了一种基于RYU控制器的DHCP安全算法。我们的解决方案利用SDN控制器的灵活性来识别发现洪水数据包和验证真实主机，以减轻DHCP攻击的影响。此外，提出的解决方案将可信流传输到交换机，以减少控制器负载。我们证明，在没有显著计算负荷的情况下，建议的方法成功地拒绝了恶意DHCP数据包，恢复了IP地址池，并减轻了DHCP相关攻击的有害网络后果。与传统RYU控制器相比，该方案的吞吐量提高了3.6倍，传输数据量提高了66.8%，CPU利用率提高了93.9%，丢包率降低了95%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Computer Virology and Hacking Techniques COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

4.00

自引率

13.30%

发文量

期刊介绍： The field of computer virus prevention has rapidly taken an important position in our technological and information society. Viral attacks increase year after year, and antiviral efforts continually face new challenges. Beneficial applications of technologies based on scientific computer virology are still very limited. The theoretical aspects of the virus problem are only rarely considered, although many interesting and important open problems still exist. Little proactive research is focused on predicting the future of viral attacks.The Journal of Computer Virology and Hacking Techniques is an independent scientific and technical journal dedicated to viral and antiviral computer technologies. Both theoretical and experimental aspects will be considered; papers emphasizing the theoretical aspects are especially welcome. The topics covered by this journal include, but are certainly not limited to:- Mathematical aspects and theoretical fundamentals of computer virology - Algorithmics and computer virology - Computer immunology and biological models for computers - Reverse engineering (hardware and software) - Viral and antiviral technologies - Cryptology and steganography tools and techniques - Applications in computer virology - Virology and IDS - Hardware hacking, and free and open hardware - Operating system, network, and embedded systems security - Social engineeringIn addition, since computational problems are of practical interest, papers on the computational aspects of computer virology are welcome. It is expected that the areas covered by this journal will change as new technologies, methodologies, challenges and applications develop. Hacking involves understanding technology intimately and in depth in order to use it in an operational way. Hackers are complementary to academics in that they favour the result over the methods and over the theory, while academics favour the formalization and the methods -- explaining is not operating and operating is not explaining. The aim of the journal in this respect is to build a bridge between the two communities for the benefit of technology and science.The aim of the Journal of Computer Virology and Hacking Techniques is to promote constructive research in computer virology by publishing technical and scientific results related to this research area. Submitted papers will be judged primarily by their content, their originality and their technical and scientific quality. Contributions should comprise novel and previously unpublished material.However, prior publication in conference proceedings of an abstract, summary, or other abbreviated, preliminary form of the material should not preclude publication in this journal when notice of such prior or concurrent publication is given with the submission. In addition to full-length theoretical and technical articles, short communications or notes are acceptable. Survey papers will be accepted with a prior invitation only. Special issues devoted to a single topic are also planned.The policy of the journal is to maintain strict refereeing procedures, to perform a high quality peer-review of each submitted paper, and to send notification to the author(s) with as short a delay as possible. Accepted papers will normally be published within one year of submission at the latest. The journal will be published four times a year. Note: As far as new viral techniques are concerned, the journal strongly encourages authors to consider algorithmic aspects rather than the actual source code of a particular virus. Nonetheless, papers containing viral source codes may be accepted provided that a scientific approach is maintained and that inclusion of the source code is necessary for the presentation of the research. No paper containing a viral source code will be considered or accepted unless the complete source code is communicated to the Editor-in-Chief. No publication will occur before antiviral companies receive this source code to update/upgrade their products.The final objective is, once again, proactive defence.This journal was previously known as Journal in Computer Virology. It is published by Springer France.