Design And Detection Of Worm-Hole Attacks In Software-Defined Networking

With the development of network abstraction,the existing network architecture has been unable to meet the existing needs.This led to the creation of Software-Defined Networking(SDN).Link Layer Discovery Protocol(LLDP),which is widely used by the controller in SDN to discover the network topology,has been demonstrated to be unable to guarantee the integrity of its messages.Attackers could exploit this vulnerability to fabricate LLDP packets to declare a false link connecting two distant switches to the controller.By doing so,the controller would be misled to route flows to the false links,which leads to further Do S,eavesdropping and even hijacking attacks.This attack seems very similar to the well-known Worm-Hole Attack in wireless sensor networking(WSN).Nevertheless,in WSN,attackers are assumed to leverage an out-of-band wired channel to realize the true packet transmission between the two cheating sensor nodes.Unfortunately,in SDN,there usually does not exist any out-of-band channels between the distant cheating switches.Flows misguided to the fake link will cause 100% packet loss,and thus be detected soon.The research topic in this paper is aimming to propose and realize the worm-hole attack in SDN.This paper mainly focuses on how to use the existing in-band convert channels in the network to construct the worm-hole attack.We propose the first True worm-hole attack in SDN,which could achieve the packet transmission over the forged link without using any out-of-band channels.Instead,it introduces a relay host in the networks to build a completely in-band convey channel between the two cheating switches.Unlike the existing studies,the relay host is not required to be directly linked to them.Moreover,attackers are only assumed to poss the remote read and write privileges of the flow tables of the both cheating switches and do not have to alter any oftheir software or hardware.Our extensive experiments demonstrate the high feasibility of this attack.Both the increases of transmission delays and packet loss rates are within a reasonable range.We finally present and evaluate the countermeasures against the proposed attack.