Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN...

Post on 01-Jul-2020

7 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN...

Outsmarting Network Security with SDN Teleportation

KASHYAP THIMMARAJU (TU BERLIN, GERMANY)

LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

STEFAN SCHMID (AALBORG UNIVERSITY, DENMARK)

IEEE EURO S&P, PARIS, FRANCEAPRIL 2017

Networking Equipment is Critical• It forms a technological foundation for communication

• It contributes to the economy

• Vital for national security

Backdoors, exploits and 0days in Networking Equipment

Backdoors in SDN equipment• Does that introduce new attacks?

• Can we detect backdoor activity?

Software Defined Networking (SDN)is a networking paradigm

● Separated planes● Centralized model

Data plane

Control plane

Switch

Controller

SDN Teleportation:An attack previously not possible

Traditional Networks

Software Defined Networks

Teleportation

Data plane

Control plane

Controlplane

SDN Teleportation poses several threats● Bypass security mechanisms

● Attack coordination

● Exfiltration

● Eavesdrop

The Teleportation Model

1)Switch to Controller

2)Controller to Switches

3)Destination Processing

Switch

Controller

(1) (2)

0110... (3)

Switch

Teleportation Techniques• Out-of-band Forwarding

• Flow (re-)configurations

• Switch Identification

Out-of-band Forwarding Teleportation● Complete packets from one

switch are teleported to

another switch

Packet-in

Packet-Out

Flow (Re-)Configuration Teleportation● Exploit the controllers

centralized control to

reconfigure the network

when a host moves across

the networkPack

et-in

Flow-add Packet-in

Flow-addFlow-delete

Switch Identification Teleportation● Impersonate the

Datapath-ID to

communicate

information Hello

Features-request Features-request

Features-reply

(DPID

=1) Features-reply (DPID=1)

Hello

Attacks using Teleportation● Bypass firewalls, IDS and IPS

● Exfiltration

● Man-in-the-middle

● Rendezvous/Attack coordination

Teleportation Bandwidth

Countermeasures● Packet-in-Packet-Out Watcher

● Audit-Trails and Accountability

● Enhanced IDS with Waypoint Enforcement

Conclusions● Introduced a conceptually novel SDN attack

● Teleportation enables several attacks

● Teleportation has high quality and throughput

● Suggested Teleportation countermeasures

Questions

Top related

Teleportation Ece Seminar Report
 Documents
Quantum teleportation
 Education
Full body teleportation system
 Documents
Quantum Teleportation
 Documents
Teleportation. 2 bits Teleportation BELL MEASUREMENT.
 Documents
Quantum Teleportation Cours CERN
 Documents
Outsmarting Network Security with SDN Teleportation · SDN paradigm, introduces an opportunity for teleportation: Malicious SDN switches may transmit information via the logically
 Documents
Shaking Entanglement Teleportation in Motion · 2012-12-01 · Results - Teleportation in Motion Shaking Entanglement Teleportation in Motion 9thVienna Central European Seminar University
 Documents
Outsmarting the Competition: Using Competitive ...
 Documents
Outsmarting traffic together
 Business
Quantum Teleportation Report
 Documents
teleportation recipes
 Entertainment & Humor
Outsmarting Climate Change
 Education
Teleportation and Wormholes
 Documents
Outsmarting Optical Boundaries
 Documents
Quantum computing, teleportation, cryptography Computing Teleportation Cryptography.
 Documents
QSIT Teleportation
 Documents
OUTSMARTING THE RED QUEEN
 Documents
"Quantum Teleportation for Dogs"
 Education
Teleportation Physics Study
 Documents

Copyright © 2022 FDOCUMENTS