期刊名称:International Journal of Network Security & Its Applications
印刷版ISSN:0975-2307
电子版ISSN:0974-9330
出版年度:2018
卷号:10
期号:3
页码:1
DOI:10.5121/ijnsa.2018.10301
出版社:Academy & Industry Research Collaboration Center (AIRCC)
摘要:Networking (SDN) is a new paradigm for configuring, controlling and managing computer networks. InSDN's logically centralized approach to network control, a reliable and accurate view of the networktopology is absolutely essential. Most SDN controllers use a de-facto standard topology discoverymechanism based on OpenFlow to identify active links in the network. This paper evaluates the security, orrather lack thereof, of the current SDN topology discovery mechanism. We discuss and demonstrate itsvulnerability to a simple link spoofing attack, which allows an attacker to poison the topology view of thecontroller. The feasibility of the attack is verified and demonstrated via experiments, and its impact onhigher layer services is evaluated, via the example of shortest path routing. The paper finally discussescountermeasures, and implements and evaluates the most promising one.
关键词:Software Defined Network; Topology discovery; Security; POX
