research-article

Detecting Malicious Switches for a Secure Software-defined Tactile Internet

Authors:

Laurence Tianruo Yang,

Hai JinAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 21, Issue 4

Article No.: 84, Pages 1 - 23

https://doi.org/10.1145/3415146

Published: 03 September 2021 Publication History

Abstract

The rapid development of the Internet of Things has led to demand for high-speed data transformation. Serving this purpose is the Tactile Internet, which facilitates data transfer in extra-low latency. In particular, a Tactile Internet based on software-defined networking (SDN) has been broadly deployed because of the proven benefits of SDN in flexible and programmable network management. However, the vulnerabilities of SDN also threaten the security of the Tactile Internet. Specifically, an SDN controller relies on the network status (provided by the underlying switches) to make network decisions, e.g., calculating a routing path to deliver data in the Tactile Internet. Hence, the attackers can compromise the switches to jeopardize the SDN and further attack Tactile Internet systems. For example, an attacker can compromise switches to launch distributed denial-of-service attacks to overwhelm the SDN controller, which will disrupt all the applications in the Tactile Internet. In pursuit of a more secure Tactile Internet, the problem of abnormal SDN switches in the Tactile Internet is analyzed in this article, including the cause of abnormal switches and their influences on different network layers. Then we propose an approach that leverages the messages sent by all switches to identify abnormal switches, which adopts a linear structure to store historical messages at a relatively low cost. By mapping each flow message to the flow establishment model, our method can effectively identify malicious SDN switches in the Tactile Internet and thus enhance its security.

References

[1]

2020. The Internet Topology Zoo. Retrieved from http://www.topology-zoo.org/dataset.html.

[2]

2020. Mininet. Retrieved from http://mininet.org/.

[3]

2020. The Moore Dataset. Retrieved from https://www.cl.cam.ac.uk/research/srg/netos/projects/archive/nprobe/.

[4]

2020. RYU. Retrieved from https://osrg.github.io/ryu-book/en/html/.

[5]

Khandakar Ahmed, Jan Olaf Blech, Mark A. Gregory, and Heinrich-Wilhelm Schmidt. 2015. Software defined networking for communication and control of cyber-physical systems. In Proceedings of the 21st IEEE International Conference on Parallel and Distributed Systems. 803–808.

Digital Library

[6]

Mustafa Y. Arslan, Karthikeyan Sundaresan, and Sampath Rangarajan. 2015. Software-defined networking in cellular radio access networks: Potential and challenges. IEEE Commun. Mag. 53, 1 (2015), 150–156.

Digital Library

[7]

Abdelhamied A. Ateya, Ammar Muthanna, Irina Gudkova, Abdelrahman Abuarqoub, Anastasia Vybornova, and Andrey Koucheryavy. 2018. Development of intelligent core network for tactile internet and future smart systems. J. Sens. Actuat. Netw. 7, 1 (2018), 1–20.

[8]

Stéphane Betgé-Brezetz, Guy-Bertrand Kamga, and Monsef Tazi. 2015. Trust support for SDN controllers and virtualized network applications. In Proceedings of the 2015 1st IEEE Conference on Network Softwarization. IEEE, 1–5.

[9]

Marco Canini, Daniele Venzano, Peter Perešíni, Dejan Kostić, and Jennifer Rexford. 2012. A {NICE} way to test OpenFlow applications. In Presented as Part of the 9th USENIX Symposium on Networked Systems Design and Implementation. 127–140.

[10]

M. Casado. 2013. OpenStack and network virtualization. [Online]. http://blogs.vmware.com/vmware/2013/04/openstack-and-networkvirtualization.html.

[11]

Tzu-Wei Chao, Yu-Ming Ke, Bo-Han Chen, Jhu-Lin Chen, Chen Jung Hsieh, Shao-Chuan Lee, and Hsu-Chun Hsiao. 2016. Securing data planes in software-defined networks. In Proceedings of the 2016 IEEE NetSoft Conference and Workshops. IEEE, 465–470.

[12]

Po-Wen Chi, Chien-Ting Kuo, Jing-Wei Guo, and Chin-Laung Lei. 2015. How to detect a compromised SDN switch. In Proceedings of the 2015 1st IEEE Conference on Network Softwarization. IEEE, 1–6.

[13]

Filipe Augusto da Luz Lemos, Rubens Alexandre de Faria, Paulo Jose Abatti, Mauro Sergio Pereira Fonseca, and Keiko Veronica Ono Fonseca. 2020. Memory auditing for detection of compromised switches in software-defined networks using trusted execution environment. In Developments and Advances in Defense and Security. Springer, 77–85.

[14]

Xiaodong Du, Ming-Zhong Wang, Xiaoping Zhang, and Liehuang Zhu. 2014. Traffic-based malicious switch detection in sdn. Int. J. Secur. Appl. 8, 5 (2014), 119–130.

[15]

Miguel Garcia, Alysson Bessani, Ilir Gashi, Nuno Neves, and Rafael Obelheiro. 2014. Analysis of operating system diversity for intrusion tolerance. Softw.: Pract. Exper. 44, 6 (2014), 735–770.

Digital Library

[16]

Rami Ghannam and Anthony Chung. 2016. Handling malicious switches in software defined networks. In Proceedings of the 2016 IEEE/IFIP Network Operations and Management Symposium. IEEE, 1245–1248.

Digital Library

[17]

Andrzej Kamisiński and Carol Fung. 2015. Flowmon: Detecting malicious switches in software-defined networks. In Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense. ACM, 39–45.

Digital Library

[18]

Diego Kreutz, Fernando M. V. Ramos, Paulo Esteves Verissimo, Christian Esteve Rothenberg, Siamak Azodolmolky, and Steve Uhlig. 2014. Software-defined networking: A comprehensive survey. Proc. IEEE 103, 1 (2014), 14–76.

[19]

Marta Z. Kwiatkowska, Gethin Norman, and David Parker. 2011. PRISM 4.0: Verification of probabilistic real-time systems. In Proceedings of the 23rd International Conference on Computer Aided Verification, Vol. 6806. 585–591.

[20]

Elias Molina and Eduardo Jacob. 2017. Software-defined networking in cyber-physical systems: A survey. Comput. Electr. Eng. (2017), 1–13.

[21]

Saran Neti, Anil Somayaji, and Michael E. Locasto. 2012. Software diversity: Security, entropy and game theory. In Proceedings of the 2012 USENIX Conference on Hot Topics in Security.

[22]

Ruoming Pang, Mark Allman, Mike Bennett, Jason Lee, Vern Paxson, and Brian Tierney. 2005. A first look at modern enterprise traffic. In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement. 2–2.

Digital Library

[23]

S. Schenker. 2013. Stanford Seminar—Software-defined Networking at the Crossroads. [Online]. http://www.youtube.com/watch?v=WabdXYzCAOU.

[24]

Maha Shamseddine, Wassim Itani, Ayman Kayssi, and Ali Chehab. 2017. Virtualized network views for localizing misbehaving sources in SDN data planes. In Proceedings of the 2017 IEEE International Conference on Communications. IEEE, 1–7.

[25]

Rob Sherwood, Glen Gibb, Kok-Kiong Yap, Guido Appenzeller, Martin Casado, Nick McKeown, and Guru M Parulkar. 2010. Can the production network be the testbed? In Proceedings of the 2010 USENIX Symposium on Operating Systems Design and Implementation), Vol. 10. 1–6.

[26]

Richard Skowyra, Andrei Lapets, Azer Bestavros, and Assaf Kfoury. 2014. A verification platform for sdn-enabled applications. In Proceedings of the 2014 IEEE International Conference on Cloud Engineering. IEEE, 337–342.

Digital Library

[27]

David Szabo, Andras Gulyas, Frank H. P. Fitzek, and Daniel E. Lucani. 2015. Towards the Tactile Internet: Decreasing communication latency with network coding and software defined networking. In Proceedings of the 21th European Wireless Conference on European Wireless. 428–433.

[28]

Volkan Yazici, M Oguz Sunay, and Ali O Ercan. 2014. Controlling a software-defined network via distributed controllers. arXiv:1401.7651. Retrieved from https://arxiv.org/abs/1401.7651.

[29]

Dongting Yu, Andrew W Moore, Chris Hall, and Ross Anderson. 2013. Authentication for resilience: The case of SDN. In Proceedings of the Cambridge International Workshop on Security Protocols. Springer, 39–44.

[30]

Minlan Yu, Lavanya Jose, and Rui Miao. 2013. Software defined traffic measurement with OpenSketch. In Presented as Part of the 10th USENIX Symposium on Networked Systems Design and Implementation. 29–42.

[31]

Bin Yuan, Hai Jin, Deqing Zou, Laurence Tianruo Yang, and Shui Yu. 2018. A practical Byzantine-based approach for faulty switch tolerance in software-defined networks. IEEE Trans. Netw. Serv. Manage. 15, 2 (2018), 825–839.

[32]

Haifeng Zhou, Chunming Wu, Chengyu Yang, Pengfei Wang, Qi Yang, Zhouhao Lu, and Qiumei Cheng. 2018. SDN-RDCD: A real-time and reliable method for detecting compromised SDN devices. IEEE/ACM Trans. Netw. 26, 5 (2018), 2048–2061.

Digital Library

Cited By

Tang DZheng ZLi KYin CLiang WZhang J(2024)FTOP: An Efficient Flow Table Overflow Preventing System for Switches in SDNIEEE Transactions on Network Science and Engineering10.1109/TNSE.2023.329765011:3(2524-2536)Online publication date: May-2024
https://doi.org/10.1109/TNSE.2023.3297650
Jain LU V(2023)Swguard: Mitigating Flow Rule Modification Attack in P4 Switches2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT56998.2023.10307738(1-7)Online publication date: 6-Jul-2023
https://doi.org/10.1109/ICCCNT56998.2023.10307738
Lembke JRavi SRoman PEugster P(2022)Secure and Reliable Network UpdatesACM Transactions on Privacy and Security10.1145/355654226:1(1-41)Online publication date: 9-Nov-2022
https://dl.acm.org/doi/10.1145/3556542

Index Terms

Detecting Malicious Switches for a Secure Software-defined Tactile Internet
1. Networks
  1. Network architectures
2. Security and privacy
  1. Network security

Recommendations

Cross-layer detection and defence mechanism against DDoS and DRDoS attacks in software-defined networks using P4 switches
Abstract
This paper presents a comprehensive system for detecting and defending against distributed denial-of-service (DDoS) and distributed reflective denial-of-service (DRDoS) flood attacks in software-defined networking (SDN) environments using ...
Graphical abstract

Display Omitted
Highlights
- Proposed HISTA accurately detects network attacks using intrusion statistics.
- Introducing Uruk protocol header, collaborating with HISTA in P4 SDNs.
- Extensive experimentation validates HISTA Uruk mechanism efficacy.
Software-Defined Network Based Secure Internet-Enabled Video Surveillance System
Information Security Applications
Abstract
The Internet-of-Things is driving significant change to the video surveillance network system, allowing access to video data anywhere and at any time. Despite the tremendous benefits, the system is faced with an insider threat, causing service ...
Security of Software Defined Networks

Software Defined Networking (SDN) has emerged as a new network architecture for dealing with network dynamics through software-enabled control. While SDN is promoting many new network applications, security has become an important concern. This paper ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 21, Issue 4

November 2021

520 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/3472282

Editor:
Ling Lu
Georgia Institute of Technology, USA

Issue’s Table of Contents

Copyright © 2021 Association for Computing Machinery.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 September 2021

Accepted: 01 August 2020

Revised: 01 June 2020

Received: 01 May 2020

Published in TOIT Volume 21, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Refereed

Funding Sources

National Key Research and Development (R&D) Plan of China
National Natural Science Foundation of China
China Postdoctoral Science Foundation
First Class Special Funding for Postdoctoral Scientific Research of Hubei Province
Key-Area Research and Development Program of Guangdong Province
Shenzhen Fundamental Research Program

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
199
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)2

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tang DZheng ZLi KYin CLiang WZhang J(2024)FTOP: An Efficient Flow Table Overflow Preventing System for Switches in SDNIEEE Transactions on Network Science and Engineering10.1109/TNSE.2023.329765011:3(2524-2536)Online publication date: May-2024
https://doi.org/10.1109/TNSE.2023.3297650
Jain LU V(2023)Swguard: Mitigating Flow Rule Modification Attack in P4 Switches2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT56998.2023.10307738(1-7)Online publication date: 6-Jul-2023
https://doi.org/10.1109/ICCCNT56998.2023.10307738
Lembke JRavi SRoman PEugster P(2022)Secure and Reliable Network UpdatesACM Transactions on Privacy and Security10.1145/355654226:1(1-41)Online publication date: 9-Nov-2022
https://dl.acm.org/doi/10.1145/3556542

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Issue’s Table of Contents