Path verification in software-defined networks using programmable data planes

2022-1
Bostan, Hakan
Software-Defined Networks (SDNs) revamp the traditional network architectures by segregating the data plane and control plane and introducing a programmable and log- ically centralized control plane. Although SDNs bring along extensive improvements, as well as solutions to some of the network security problems, the security of SDN itself is often overlooked. Especially the security of the data plane is often overlooked because of the widespread assumption that the data plane devices are trusted. How- ever, an adversary can compromise data plane devices and change their behavior. Due to a lack of verification mechanisms, the controller cannot verify that the forwarding behavior has not been altered and packets follow their intended paths. Solutions for traditional IP networks cannot be readily applied to SDN deployments. Moreover, solutions in SDN domain are held back by the limitations of the broadly used Open- Flow devices on the data plane. In this thesis, we present the path verification problem and propose a controller design, P4thV, that provides path verification and packet in- tegrity verification by leveraging the benefits of SDNs and the programmable data planes using P4. P4thV works by analyzing the packets entering and exiting the net- work to detect packet integrity violations as well as abnormal forwarding behaviors. Additionally, P4thV collects flow statistics from switches to verify the forwarding be- havior of the switches further and detect attacks against the data plane. We prototype P4thV using Python and P4 enabled open source BMv2 software switch. We then evaluate its performance using Mininet emulations and present our results. Further, we compare P4thV against recent studies FOCES and SPHINX. Our experiments show that P4thV outperforms FOCES by achieving over 97% verification accuracy and almost two times faster anomaly detection while requiring 50% less control chan- nel messages than SPHINX and causing negligible additional forwarding delays and 10% throughput degradation.

Suggestions

Poster Abstract: iSDR: SDR-in-the-loop Simulation
Ergenc, Doganalp; Onur, Ertan (2019-01-01)
Discrete event network simulators are used to evaluate the performance of a variety of designs in the wireless communication field. They enable researchers to build new network protocols and architectures in a simplified and organized development environment with adherence to the fundamental software engineering principles. However, even though they embody different mathematical models to simulate wireless medium, it is still far from taking an excessive number of channel conditions that directly affect wir...
Direct Adaptive Limit and Control Margin Estimation with Concurrent Learning
Gursoy, Gonenc; Yavrucuk, İlkay (American Institute of Aeronautics and Astronautics (AIAA), 2016-6)
In this paper, two vital signals to enable flight envelope protection, namely the onset to the flight envelope (limit margin) and the available control travel to reach the limit boundary (control margin), are estimated using improved noniterative adaptive neural-network-based approximate models. The adaptive elements use current and past information (concurrent learning) and have guaranteed signal bounds. Minimum singular value maximization is used to record data for concurrent learning. Results showed bett...
Path Planning and Localization for Mobile Anchor Based Wireless Sensor Networks
Erdemir, Ecenaz; Tuncer, Temel Engin (2017-09-02)
In wireless sensor networks, anchor positions play an important role for accurate localization. For mobile anchor ( MA) based scenarios, both the efficiency of the path planning algorithm and the accuracy of the localization mechanism are critical for the best performance. In this work, an adaptive path planning algorithm is proposed based on Gauss-Markov mobility model, while the sensors are localized using alternating minimization approach. Path planning, which combines the velocity adjustment, the perpen...
Dielectric function of the two-dimensional electron liquid: An analytical fitting
Bulutay, C; Tomak, Mehmet (1996-03-15)
For electron-electron interactions in two-dimensional electronic systems the technique proposed by Singwi, Tosi, Land, and Sjolander (STLS) has been very promising. In this work, after showing the asymptotic behavior of the STLS local held correction we propose a simple expression for the local-held correction that contains two fitting parameters which are smoothly varying functions of the electronic density. The agreement of the fitting for the pair correlation function is remarkable. It further leads to a...
HyFI: Hybrid Flow Initiation in Software Defined Networks
Soltani, Ahmad; Bazlamaçcı, Cüneyt Fehmi (2014-04-03)
Software defined networking (SDN) provides techniques to facilitate the management of computer networks in a centralized and integrated architecture by separating the control plane from the data plane in packet forwarding devices and middleboxes. By creating this abstraction layer, SDN allows control of network middleboxes remotely from a controller point, which is either connected directly (out-of-band control using dedicated links) or indirectly (in-band control using the available data network links) to ...
Citation Formats
H. Bostan, “Path verification in software-defined networks using programmable data planes,” M.S. - Master of Science, Middle East Technical University, 2022.