A Link Fabrication Attack Mitigation Approach (LIFAMA) for software defined networks

Abstract

In software defined networks (SDN), the controller is a critical resource yet it is a potential target for attacks once compromised. The conventional Open Flow Discovery Protocol (OFPD) used in building the topology view by the controller has vulnerabilities that easily allow attackers to poison the network topology by creating fabricated links that can be used for malicious intent. OFDP makes use of the link layer discovery protocol (LLDP) to discover existing links. However, LLDP is not e cient in fabricated link detection. Existing approaches to mitigate this problem have focused on using passive approaches that depend on observing unexpected behaviour. Examples of such behaviour include link latency and packet patterns to trigger attack alerts. The problem with the existing solutions is that their implementation causes longer link discovery time. This implies that a dense SDN would su↵er from huge delays in the link discovery process. In this study, we propose a Link Fabrication Attack (LFA) Mitigation Approach (LiFAMA) which is an active mitigation approach and one that minimizes the link discovery time. The approach uses Link Layer Discovery Protocol (LLDP) packet authentication toghether with Keyed-Hash Based Message Authentication Code (HMAC) and a link verification database (PostgreSQL)that stores records of all known and verified links in the network. This approach has been implemented in an emulated SDN environment using Mininet and a Python based open source openflow (POX) controller. The results show that the approach detects fabricated links in SDN in real time and helps mitigate them. Additionally, the link discovery time of LiFAMA out competes that of an existing LFA mitigation approach.