Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
The	
  dark	
  side	
  of	
  SDN	
  and	
  
OpenFlow	
  
Diego	
  Kreutz	
  
Navigators,	
  LaSIGE/FCUL,	
  University	
  ...
Main	
  threat	
  vectors	
  in	
  SDNs	
  
Short	
  intro	
  to	
  SDN	
  
Outline	
  
Sec&Dep	
  issues	
  in	
  OpenFlo...
Main	
  threat	
  vectors	
  in	
  SDNs	
  
Short	
  intro	
  to	
  SDN	
  
Outline	
  
Sec&Dep	
  issues	
  in	
  OpenFlo...
SDN	
  in	
  short	
  
1.  Decoupling	
  control	
  
and	
  data	
  plane	
  
2.  Logical	
  centralizaCon	
  
of	
  netwo...
SDN CONTROLLER
APPLICATIONS
NETWORK
OPERATING
SYSTEM
ACCESS CONTROL SDN DEVICE
SOFTWAREHARDWARE
CONTROL
COMMUNICATIONS
FLO...
SDN CONTROLLER
APPLICATIONS
NETWORK
OPERATING
SYSTEM
ACCESS CONTROL FIREWALL
SOFTWARE
CONTROL
COMMUNICATIONS
SDN/OpenFlow	...
SDN/OpenFlow	
  
SDN CONTROLLER
APPLICATIONS
NETWORK
OPERATING
SYSTEM
ACCESS CONTROL
SDN DEVICE
SOFTWAREHARDWARE
CONTROL
C...
SDN/OpenFlow	
  
Packet	
  in	
  from	
  
network	
  
OpKonal	
  802.1d	
  
STP	
  processing	
  
Table	
  lookup	
  
Matc...
But	
  …	
  SDN	
  is	
  not	
  OpenFlow!	
  
SDN CONTROLLER
APPLICATIONS
NETWORK
OPERATING
SYSTEM
ACCESS CONTROL
SDN DEVI...
SDN/OpenFlow	
  
SDN CONTROLLER
APPLICATIONS
NETWORK
OPERATING
SYSTEM
ACCESS CONTROL
SDN DEVICE
SOFTWAREHARDWARE
CONTROL
C...
SDN/POF:	
  how	
  it	
  should	
  be	
  
Service	
  
Controller	
  
Forwarding	
  
Element	
  
ApplicaKon	
  
OperaKng	
 ...
SDN/POF:	
  how	
  it	
  is	
  
SDN CONTROLLER
APPLICATIONS
NETWORK
OPERATING
SYSTEM
ACCESS CONTROL
SDN DEVICE
SOFTWAREHAR...
SDN/POF	
  
Principle	
  and	
  Implementa/on	
  of	
  Protocol	
  Oblivious	
  Forwarding	
  	
  
h;p://goo.gl/BHXTzi	
  ...
Main	
  threat	
  vectors	
  in	
  SDNs	
  
Short	
  intro	
  to	
  SDN	
  
Outline	
  
Sec&Dep	
  issues	
  in	
  OpenFlo...
Data Plane!
Control & Management!
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
Admin	
  
StaKon	
  
SDN	
  
Co...
Data Plane!
Control & Management!
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
Admin	
  
StaKon	
  
SDN	
  
Co...
Data Plane!
Control & Management!
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
Admin	
  
StaKon	
  
3	
  
SDN	...
Data Plane!
Control & Management!
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
Admin	
  
StaKon	
  
4	
  
SDN	...
Data Plane!
Control & Management!
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
Admin	
  
StaKon	
  
5	
  
SDN	...
Data Plane!
Control & Management!
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
Admin	
  
StaKon	
  
6	
  
SDN	...
Data Plane!
Control & Management!
7	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
Admin	
  
StaKon	
  
SDN	...
Data Plane!
Control & Management!
7	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
Admin	
  
StaKon	
  
6	
 ...
Threat	
  vectors	
  map	
  
Threat	
   Specific	
  
to	
  SDN?	
  
Consequences	
  in	
  SDN	
  
Vector	
  1	
   no	
   ca...
Main	
  threat	
  vectors	
  in	
  SDNs	
  
Short	
  intro	
  to	
  SDN	
  
Outline	
  
Sec&Dep	
  issues	
  in	
  OpenFlo...
Data Plane!
Control & Management!
Admin	
  
StaKon	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
de...
Data Plane!
Control Plane!
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
IPs	
  of	
  contro...
Data Plane!
Control Plane!
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
Controllers	
  
SDN	
  
device...
Data Plane!
Control Plane!
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
Controllers...
Data Plane!
Control Plane!
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
No	
  trust	
  
man...
Data Plane!
Control & Management!
Admin	
  
StaKon	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
de...
Controller A
App A
Controller B
App A
Controller C
App A
Master-­‐slave	
  controllers	
  (what	
  if	
  B	
  fails?)	
  
Master-­‐slave	
  controllers	
  (what	
  if	
  B	
  fails?)	
  
On	
  the	
  feasibility	
  of	
  a	
  consistent	
  and	...
Controller
App B App C
A:	
  10.0.0.1	
   V:	
  10.0.0.3	
  
block	
  src=10.0.0.1	
  
(to	
  dst=10.0.0.3)	
  
rewrite	
 ...
AggregaCon	
  Flow	
  Table	
  (priority	
  and	
  isolaKon	
  of	
  signed	
  rules)	
  …	
  
A	
  Security	
  Enforcemen...
Data Plane!
Control & Management!
Admin	
  
StaKon	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
device	
  
SDN	
  
de...
Controller A
App A
Controller B
App B
Controller C
App C
Fault-­‐tolerant	
  Distributed	
  Data	
  Store	
  
Apps	
  tryi...
Moving	
  network	
  funcConality	
  to	
  the	
  edge…	
  
Controller A
Fw A
Controller B
Fw B
Controller C
Fw C
Controller A
Fw A
Controller B
Fw B
Controller C
Fw C
Fault-­‐tolerant	
  Distributed	
  Data	
  Store	
  
Apps	
  trying	...
Controller A
Fw A
Controller B
Fw B
Controller C
Fw C
Fault-­‐tolerant	
  Distributed	
  Data	
  Store	
  
Apps	
  trying	...
Which	
  controller	
  should	
  take	
  over	
  the	
  forwarding	
  devices?	
  
Controller A
DevM
Controller B
DevM
Con...
Main	
  threat	
  vectors	
  in	
  SDNs	
  
Short	
  intro	
  to	
  SDN	
  
Outline	
  
Sec&Dep	
  issues	
  in	
  OpenFlo...
OpenFlow	
  security	
  issues	
  
h;p://goo.gl/b5bzZC	
  	
  ,	
  h;p://goo.gl/2sf5CF	
  	
  ,	
  h;p://goo.gl/7opnZk	
  ...
OpenFlow	
  security	
  issues	
  
OpenFlow:	
  A	
  Security	
  Analysis	
  
h;p://goo.gl/59CIVm	
  	
  	
  
Threat	
  
(...
“OpenFlow	
  security	
  is	
  minimally	
  specified,	
  
to	
  the	
  point	
  where	
  the	
  differences	
  between	
  
...
Main	
  threat	
  vectors	
  in	
  SDNs	
  
Short	
  intro	
  to	
  SDN	
  
Outline	
  
Sec&Dep	
  issues	
  in	
  OpenFlo...
Time	
  and	
  bandwidth	
  for	
  DoS	
  afacks	
  
DoS	
  afacks	
  on	
  the	
  control	
  plane	
  
h;p://goo.gl/2sf5C...
SDN CONTROLLER
APPLICATIONS
NETWORK
OPERATING
SYSTEM
ACCESS CONTROL FIREWALL
SOFTWARE
CONTROL
COMMUNICATIONS
10	
  switche...
The	
  Network	
  Access	
  Layer	
  Goes	
  Virtual	
  
Sojware	
  switching:	
  the	
  new	
  trend?!	
  
The	
  Sandwic...
VulnerabiliKes	
  in	
  Cisco	
  IOS	
  
0
5
10
15
20
25
30
35
40
45
50
1992 1995 1998 2001 2004 2007 2010 2013
Numberofvu...
Nächste SlideShare
Wird geladen in …5
×

The dark side of SDN and OpenFlow

The dark side of SDN and OpenFlow

Security & Dependability issues, challenges, and research opportunities.
Attack vectors and threats.
Practical security assessment of OpenFlow-enabled networks.
Vulnerabilities of current Network Operating Systems (e.g., Cisco IOS).

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

The dark side of SDN and OpenFlow

  1. 1. The  dark  side  of  SDN  and   OpenFlow   Diego  Kreutz   Navigators,  LaSIGE/FCUL,  University  of  Lisbon     NavTalks,  November,  2013  
  2. 2. Main  threat  vectors  in  SDNs   Short  intro  to  SDN   Outline   Sec&Dep  issues  in  OpenFlow  SDNs   More  OpenFlow  security  issues   Just  out  of  curiosity  …  
  3. 3. Main  threat  vectors  in  SDNs   Short  intro  to  SDN   Outline   Sec&Dep  issues  in  OpenFlow  SDNs   More  OpenFlow  security  issues   Just  out  of  curiosity  …  
  4. 4. SDN  in  short   1.  Decoupling  control   and  data  plane   2.  Logical  centralizaCon   of  network  control   3.  Programming  the   network  
  5. 5. SDN CONTROLLER APPLICATIONS NETWORK OPERATING SYSTEM ACCESS CONTROL SDN DEVICE SOFTWAREHARDWARE CONTROL COMMUNICATIONS FLOW TABLES FIREWALL SOFTWARE CONTROL COMMUNICATIONS SDN/OpenFlow   Data  plane   “instrucKon   set”   (what  to   look  for?   what  to  do   with…?  …)   Control  plane   communicaKon   channels  and   commands  
  6. 6. SDN CONTROLLER APPLICATIONS NETWORK OPERATING SYSTEM ACCESS CONTROL FIREWALL SOFTWARE CONTROL COMMUNICATIONS SDN/OpenFlow   Top  features  of  OpenFlow  controllers:   1.     Event-­‐driven  model                    (PACKET_IN,  PORT_STATUS,  FEATURE_REPLY,                    STATS_REPLY)   2.     Packet  parsing  capabiliCes                (standard  procedures)   3.  switch.send(msg)   •  PACKET_OUT  (with  buffer_id  or  fabricated   packet)   •  FLOW_MOD  (with  match  rules  and  acKons)   •  FEATURE_REQUEST,  STATS_REQUEST,   BARRIER_REQUEST  
  7. 7. SDN/OpenFlow   SDN CONTROLLER APPLICATIONS NETWORK OPERATING SYSTEM ACCESS CONTROL SDN DEVICE SOFTWAREHARDWARE CONTROL COMMUNICATIONS FLOW TABLES FIREWALL SOFTWARE CONTROL COMMUNICATIONS RULE STATSACTION Packet + counters 1.  Forward packet to port(s) 2.  Encapsulate and forward to controller 3.  Drop packet 4.  Send to normal processing pipeline Switch port MAC src MAC src VLAN ID IP src TCP sport TCP dport IP dst FLOW TABLE Eth type OpenFlow  specifies/recommends:   •  TCP  and  TLS  connecKons  (C  ó  D)   •  MulK-­‐controller  connecKons   •  MulKple  channels  (auxiliary  connecKons)   •  Flow  table  with  <rule,  acKon,  stats>   •  MulKple  flow  tables   •  …  
  8. 8. SDN/OpenFlow   Packet  in  from   network   OpKonal  802.1d   STP  processing   Table  lookup   Match  table   entry  0?   Apply     acCons   Send  to     controller   Match  table   entry  n?   No   No   Yes   Yes   Packet  flow  in     an  OpenFlow     switch  
  9. 9. But  …  SDN  is  not  OpenFlow!   SDN CONTROLLER APPLICATIONS NETWORK OPERATING SYSTEM ACCESS CONTROL SDN DEVICE SOFTWAREHARDWARE CONTROL COMMUNICATIONS FLOW TABLES FIREWALL SOFTWARE CONTROL COMMUNICATIONS RULE STATSACTION Packet + counters 1.  Forward packet to port(s) 2.  Encapsulate and forward to controller 3.  Drop packet 4.  Send to normal processing pipeline Switch port MAC src MAC src VLAN ID IP src TCP sport TCP dport IP dst FLOW TABLE Eth type Examples  of  southbound  APIs:   •  OpenFlow   •  POF  (Portable  Oblivious  Forwarding)   •  ForCES   •  …  
  10. 10. SDN/OpenFlow   SDN CONTROLLER APPLICATIONS NETWORK OPERATING SYSTEM ACCESS CONTROL SDN DEVICE SOFTWAREHARDWARE CONTROL COMMUNICATIONS FLOW TABLES FIREWALL SOFTWARE CONTROL COMMUNICATIONS RULE STATSACTION Packet + counters 1.  Forward packet to port(s) 2.  Encapsulate and forward to controller 3.  Drop packet 4.  Send to normal processing pipeline Switch port MAC src MAC src VLAN ID IP src TCP sport TCP dport IP dst FLOW TABLE Eth type Protocol  specific   header  fields,   increased  complexity   (specificaKon  and   backward   compaKbility),  …  
  11. 11. SDN/POF:  how  it  should  be   Service   Controller   Forwarding   Element   ApplicaKon   OperaKng   System   CPU   API   Sys.  Call   Driver   Interrupt   InstrucKon  Set   SDN   Computer  
  12. 12. SDN/POF:  how  it  is   SDN CONTROLLER APPLICATIONS NETWORK OPERATING SYSTEM ACCESS CONTROL SDN DEVICE SOFTWAREHARDWARE CONTROL COMMUNICATIONS FLOW TABLES FIREWALL SOFTWARE CONTROL COMMUNICATIONS FIELDS INSTRUCTIONS 1.  Goto-Table 2.  Write-Metadata-From-Packet 3.  Set/Modify the current protocol header 4.  Add/Delete a protocol header 5.  Copy the current protocol field to the metadata 6.  Access control: forward/drop/send upward a packet 7.  … type offset lenght FLOW TABLE •  Protocol  header  agnosCc   •  Simple  instrucCon  set     •  Same  control  commands  as  OF  1.3   §  add/delete  flow  entries   §  …   •  …  
  13. 13. SDN/POF   Principle  and  Implementa/on  of  Protocol  Oblivious  Forwarding     h;p://goo.gl/BHXTzi      
  14. 14. Main  threat  vectors  in  SDNs   Short  intro  to  SDN   Outline   Sec&Dep  issues  in  OpenFlow  SDNs   More  OpenFlow  security  issues   Just  out  of  curiosity  …  
  15. 15. Data Plane! Control & Management! SDN   device   SDN   device   SDN   device   Admin   StaKon   SDN   Controller   SDN   device   1   Not  specific  to  SDNs,  but  can  be  a  door  for  augmented  DoS  afacks.   Possible  solu/ons:  IDS  +  rate  bounds  for  control  plane  requests   Threat  vectors  map   Threat  vector  1   forged  or  faked  traffic   flows  
  16. 16. Data Plane! Control & Management! SDN   device   SDN   device   SDN   device   Admin   StaKon   SDN   Controller   2   SDN   device   Not  specific  to  SDNs,  but  now  the  impact  is  potenKally  augmented.   Possible  solu/ons:  sojware  afestaKon  with  autonomic  trust  management   Threat  vectors  map   Threat  vector  2   exploiKng  vulnerabiliKes   in  forwarding  devices  
  17. 17. Data Plane! Control & Management! SDN   device   SDN   device   SDN   device   Admin   StaKon   3   SDN   Controller   SDN   device   Specific  to  SDNs:  communicaKon  with  logically  centralized  controllers  can  be   explored.   Possible  solu/ons:  threshold  crypto,  trust  management,  ...   Threat  vectors  map   Threat  vector  3   afacking  control   communicaKons  
  18. 18. Data Plane! Control & Management! SDN   device   SDN   device   SDN   device   Admin   StaKon   4   SDN   Controller   SDN   device   Specific  to  SDNs,  controlling  the  controller  may  compromise  the  enKre  network.   Possible  solu/ons:  replicaKon  +  diversity  +  recovery,  reliable  updates,  ...   Threat  vectors  map   Threat  vector  4   exploiKng  vulnerabiliKes   in  controllers  
  19. 19. Data Plane! Control & Management! SDN   device   SDN   device   SDN   device   Admin   StaKon   5   SDN   Controller   SDN   device   Specific  to  SDNs,  malicious  applicaKons  can  now  be  easily  developed  and  deployed   on  controllers.   Possible  solu/ons:  sojware  afestaKon,  security  domains,  ...   Threat  vectors  map   Threat  vector  5   lack  of  trust  between  the   controller  and  apps  
  20. 20. Data Plane! Control & Management! SDN   device   SDN   device   SDN   device   Admin   StaKon   6   SDN   Controller   SDN   device   Not  specific  to  SDNs,  but  now  the  impact  is  potenKally  augmented.   Possible  solu/ons:  double  credenKal  verificaKon,  reliable  recovey,  ...   Threat  vectors  map   Threat  vector  6   exploiKng  vulnerabiliKes   in  admin  staKons  
  21. 21. Data Plane! Control & Management! 7   SDN   device   SDN   device   SDN   device   Admin   StaKon   SDN   Controller   SDN   device   Threat  vector  7   lack  of  trusted  resources   for  forensics  and   remediaKon   Not  specific  to  SDNs,  but  it  is  sKll  criKcal  to  assure  fast  recovery  and  diagnosis   when  faults  happen.   Possible  solu/ons:  immutable  and  secure  logging,  secure  and  reliable  snapshots   Threat  vectors  map  
  22. 22. Data Plane! Control & Management! 7   SDN   device   SDN   device   SDN   device   Admin   StaKon   6   5   4   3   SDN   Controller   SDN  control  protocol   (e.g.,  OpenFlow  )   Management   connecKon  (e.g.,  SSH  )   2   Data  plane   physical  /  logical   connecKons   SDN   device   1   Seven  main  threat  vectors   Ø  1  and  3:  communicaKons   Ø  2,  4,  5,  6:  elements   Ø  7:  communicaKons  and  elements   Threat  vectors  map  
  23. 23. Threat  vectors  map   Threat   Specific   to  SDN?   Consequences  in  SDN   Vector  1   no   can  be  a  door  for  DoS  afacks   Vector  2   no   but  now  the  impact  is  potenKally  augmented   Vector  3   yes   communicaCon  with  logically  centralized   controllers  can  be  explored   Vector  4   yes   controlling  the  controller  may  compromise   the  enCre  network   Vector  5   yes   malicious  applicaCons  can  now  be  easily   developed  and  deployed  on  controllers   Vector  6   no   but  now  the  impact  is  potenKally  augmented   Vector  7   no   it  is  sKll  criKcal  to  assure  fast  recovery  and   diagnosis  when  faults  happen  
  24. 24. Main  threat  vectors  in  SDNs   Short  intro  to  SDN   Outline   Sec&Dep  issues  in  OpenFlow  SDNs   More  OpenFlow  security  issues   Just  out  of  curiosity  …  
  25. 25. Data Plane! Control & Management! Admin   StaKon   SDN   device   SDN   device   SDN   device   SDN   device   SDN   Controllers   3   Threat  Vector  3  in  OpenFlow   Networks  
  26. 26. Data Plane! Control Plane! SDN   device   SDN   device   SDN   device   SDN   device   IPs  of  controllers   are  manually   configured     SDN   Controllers   OpenFlow  control  plane:  how  it   works  
  27. 27. Data Plane! Control Plane! SDN   device   SDN   device   SDN   device   SDN   Controllers   SDN   device   Switches  can   connect  to  any   controller   OpenFlow  control  plane:  how  it   works  
  28. 28. Data Plane! Control Plane! SDN   device   SDN   device   SDN   device   SDN   device   SDN   Controllers   No  cerKficate   management   soluKons   OpenFlow  control  plane:  how  it   works  
  29. 29. Data Plane! Control Plane! SDN   device   SDN   device   SDN   device   SDN   device   No  trust   management   between  devices   SDN   Controllers   No  trust   management   between  devices   No  trust   management   between  devices   OpenFlow  control  plane:  how  it   works  
  30. 30. Data Plane! Control & Management! Admin   StaKon   SDN   device   SDN   device   SDN   device   SDN   device   SDN   Controllers   4   Threat  Vector  4  in  OpenFlow   Networks  
  31. 31. Controller A App A Controller B App A Controller C App A Master-­‐slave  controllers  (what  if  B  fails?)  
  32. 32. Master-­‐slave  controllers  (what  if  B  fails?)   On  the  feasibility  of  a  consistent  and  fault-­‐tolerant  data  store  for  SDNs     h;p://goo.gl/mF9HNB     Fault-­‐ tolerant   distributed   datastore   Active" Controller" Active" Controller" Master  ConnecKon   Slave  ConnecKon   Active" Controller" Datastore "
  33. 33. Controller App B App C A:  10.0.0.1   V:  10.0.0.3   block  src=10.0.0.1   (to  dst=10.0.0.3)   rewrite  src=10.0.0.1   (to  src=10.0.0.2)   Apps/services  rewriKng  rules  (accidentally  or  maliciously)  …  
  34. 34. AggregaCon  Flow  Table  (priority  and  isolaKon  of  signed  rules)  …   A  Security  Enforcement  Kernel  for  OpenFlow  Networks   h;p://goo.gl/4DJPbK      
  35. 35. Data Plane! Control & Management! Admin   StaKon   SDN   device   SDN   device   SDN   device   SDN   device   SDN   Controllers   5   Threat  Vector  5  in  OpenFlow   Networks  
  36. 36. Controller A App A Controller B App B Controller C App C Fault-­‐tolerant  Distributed  Data  Store   Apps  trying  to  access  and/or  change/corrupt  shared  memory/objects  …   block  src=10.0.0.1   (to  dst=10.0.0.3)   allow  src=10.0.0.1   (to  dst=10.0.0.3)   Unauthorized   controller   and/or  app   Datastore "
  37. 37. Moving  network  funcConality  to  the  edge…   Controller A Fw A Controller B Fw B Controller C Fw C
  38. 38. Controller A Fw A Controller B Fw B Controller C Fw C Fault-­‐tolerant  Distributed  Data  Store   Apps  trying  to  access  and/or  change/corrupt  shared  memory/objects  …   set  border   sec  level=2   set  border     sec  level=1   Malicious  or   buggy   controller/app   trying  to   enforce  a  lower   security  level   Afack   detected  on   network   perimeter  A   Datastore "
  39. 39. Controller A Fw A Controller B Fw B Controller C Fw C Fault-­‐tolerant  Distributed  Data  Store   Apps  trying  to  access  and/or  change/corrupt  shared  memory/objects  …   set  border   sec  level=2   set  border     sec  level=1   1.  set  rate   limit=1000   2.  allow  direct   connecKons   1.  set  rate   limit=500   2.  force  all   suspected   conns  to  pass   through  Sec   Midbox  L1   Datastore "
  40. 40. Which  controller  should  take  over  the  forwarding  devices?   Controller A DevM Controller B DevM Controller C DevM AssociaKon  phase:  devices  receive   the  decision  signed  by  “all”   controllers   Consensus-­‐as-­‐a-­‐service  to  help  in  such  decisions?   AssociaKon  phase:  devices  receive   the  decision  signed  by  “all”  DevMs  
  41. 41. Main  threat  vectors  in  SDNs   Short  intro  to  SDN   Outline   Sec&Dep  issues  in  OpenFlow  SDNs   More  OpenFlow  security  issues   Just  out  of  curiosity  …  
  42. 42. OpenFlow  security  issues   h;p://goo.gl/b5bzZC    ,  h;p://goo.gl/2sf5CF    ,  h;p://goo.gl/7opnZk     1.  Lacks  TLS  and  access  control   2.  Repeats  the  error  of  previous  protocols:  “the  link  should  be   physically  secure”   3.  Man  in  the  middle:  simple  to  do  if  TLS  is  not  is  use  and/or  when   it  is  weakly  implemented   4.  Listener  mode:  some  switches  accept  connecKons  from  any   source  (write  rules  and  read  informaKon)   5.  Lack  of  switch  authenCcaCon  (e.g.,  request  traffic  redirecKon)   6.  Flow  table  verificaCon:  lack  of  TLS  makes  it  impossible  to  verity   if  flow  tables  are  configured  with  the  expected  rules   7.  Denial  of  service  risks:  specially  in  the  case  of  centralized   controllers  (single  points  of  failure)   8.  Controller  vulnerabiliCes:  diverse  apps,  complex  protocols   parsing,  lack  of  priority-­‐based  controls  and  isolaKon,  …   9.  Resource  depleCon  acacks  (e.g.,  learning  switch  of  POX)  
  43. 43. OpenFlow  security  issues   OpenFlow:  A  Security  Analysis   h;p://goo.gl/59CIVm       Threat   (STRIDE)   Security   Property   Possible     Acacks   Affected   OF  versions   Spoofing   AuthenKcaKon   MAC  and  IP  address  spoofing,  forged   ARP  and  IPv6  router  adverKsement   1.0,  1.2,   1.3,  1.3.1   Tampering   Integrity   Counters  falsificaKon,  install  rules  that   modify  packets,  redirect/clone  flows   1.0,  1.2,   1.3,  1.3.1   RepudiaKon   Non-­‐ repudiaKon   Install  rules  to  forge  source  address  of   packets   1.0,  1.2,   1.3,  1.3.1   InformaKon   disclosure   ConfidenKality   Side  channel  afacks  to  figure  out  flow   rules  setup   1.0,  1.2,   1.3,  1.3.1   Denial  of   service   Availability   Augmented  new  flow  requests  to  the   controller   1.0,  1.2,   1.3,  1.3.1   ElevaKon  of   privilege   AuthorizaKon   Take  over  the  controller  by  exploiKng   implementaKon  flaws   1.0,  1.2,   1.3,  1.3.1  
  44. 44. “OpenFlow  security  is  minimally  specified,   to  the  point  where  the  differences  between   mul/ple  OpenFlow  implementa/ons  could   cause  opera/onal  complexity,   interoperability  issues  or  unexpected   security  vulnerabili/es.”       (M.  Wasserman  and  S.  Hartman)   h;p://goo.gl/Ep5CXH     OpenFlow  security  issues  
  45. 45. Main  threat  vectors  in  SDNs   Short  intro  to  SDN   Outline   Sec&Dep  issues  in  OpenFlow  SDNs   Some  OpenFlow  security  issues   Just  out  of  curiosity  …  
  46. 46. Time  and  bandwidth  for  DoS  afacks   DoS  afacks  on  the  control  plane   h;p://goo.gl/2sf5CF     One  controller,  one  switch,  and  two  hosts.   HP  5406zl  like  switch  with  1.500  flow  rules  capacity.  
  47. 47. SDN CONTROLLER APPLICATIONS NETWORK OPERATING SYSTEM ACCESS CONTROL FIREWALL SOFTWARE CONTROL COMMUNICATIONS 10  switches  =  a  powerful  weapon   DoS  afacks  on  controllers   With  10  switches,  one  can   easily  do  a  DoS  afack  to   significantly  impact  the   controller’s  performance.   h;p://goo.gl/WEmR7n    ,    h;p://goo.gl/b5bzZC    ,  h;p://goo.gl/2sf5CF    
  48. 48. The  Network  Access  Layer  Goes  Virtual   Sojware  switching:  the  new  trend?!   The  Sandwich…  Network  Virtualiza/on  Main  Stage  at  Interop   h;p://goo.gl/yt9pi2    
  49. 49. VulnerabiliKes  in  Cisco  IOS   0 5 10 15 20 25 30 35 40 45 50 1992 1995 1998 2001 2004 2007 2010 2013 Numberofvulnerabilities Year of publication Current  Network  OperaKng  Systems  

×