CS 244 ’18: Exploring an Identity Binding Attack in SDN

William Kovacs

Original Paper: Jero, Samuel, et al. “Identifier Binding Attacks and Defenses in Software-Defined Networks.” 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, 2017.

Software defined networks (SDNs) offer a greatly different approach to networking than traditional networks. In SDNs, the control plane is separated from the data plane; moving from the switches to a central controller. This can result in the movement of what was once distributed state into this central location. A particular class of state, referred to as identifier bindings, and how it can be exploited in this nascent technology is explored in the paper “Identifier Binding Attacks and Defenses in Software-Defined Networks” by Jero et al.

My goal is to be able to replicate the Persona Hijacking attack to verify whether it can be as potent as they claim. Furthermore, these experiments will be done using the POX controller, which was untested in the paper but suggested to be vulnerable, in order to demonstrate if it is as widespread of an issue as they claim. Due to time constraints I will not perform a formal evaluation of the weaknesses and security of the controllers and their system via a model checker. While I would have liked to implement the defenses as well, the timing of writing what took them over 2000 lines of code in addition to the attacks seemed slightly infeasible.

Full Report

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s