Distributed Denial-of-Service attacks (DDoS); oftware Defined Networking (SDN); Slow- and High-Rate Attacks
Résumé :
[en] Software Defined Networking (SDN) is a network paradigm that decouples the network’s control plane, delegated to the SDN controller, from the data plane, delegated to SDN switches.
For increased efficiency, SDN switches use a high-performance Ternary Content-Addressable memory (TCAM) to install rules. However, due to the TCAM’s high cost and power consumption, switches have a limited amount of TCAM memory. Consequently, a limited number of rules can be installed. This limitation has been exploited to carry out Distributed Denial of Service (DDoS) attacks, such as Saturation attacks, that generate large amounts of traffic. Inspired by slow application layer DDoS attacks, this paper presents and investigates DDoS attacks on SDN that do not require large amounts of traffic, thus bypassing existing defenses that are triggered by traffic volume.
In particular, we offer two slow attacks on SDN. The first attack, called Slow TCAM Exhaustion attack (Slow-TCAM), is able to consume all SDN switch’s TCAM memory by forcing the installation of new forwarding rules and maintaining them indeterminately active, thus disallowing new rules to be installed to serve legitimate clients.
The second attack, called Slow Saturation attack, combines Slow-TCAM attack with a lower rate instance of the Saturation attack. A Slow Saturation attack is capable of denying service using a fraction of the traffic of typical Saturation attacks. Moreover, the Slow Saturation attack can also impact installed legitimate rules, thus causing a greater impact than the Slow-TCAM attack. In addition, it also affects the availability of other network’s components, e.g., switches, even the ones not being directly targeted by the attack, as has been proven by our experiments. We propose a number of variations of these attacks and demonstrate their effectiveness by means of an extensive experimental evaluation. The Slow-TCAM is able to deny service to legitimate clients requiring only 38 seconds and sending less than 40 packets per second without abruptly changing network resources, such as CPU and memory. Moreover, besides denying service as a Slow-TCAM attack, the Slow Saturation attack can also disrupt multiple SDN switches (not only the targeted ones) by sending a lower-rate traffic when compared to current known Saturation attacks.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Critical and Extreme Security and Dependability Research Group (CritiX)
Disciplines :
Sciences informatiques
Auteur, co-auteur :
PASCOAL, Tulio ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
E. Fonseca, Iguatemi; University of Paraiba > Informatics Center
Nigam, Vivek; fortiss
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Slow Denial-of-Service Attacks on Software Defined Networks
Date de publication/diffusion :
2020
Titre du périodique :
Computer Networks
ISSN :
1389-1286
eISSN :
1872-7069
Maison d'édition :
Elsevier, Amsterdam, Pays-Bas
Peer reviewed :
Peer reviewed vérifié par ORBi
Focus Area :
Security, Reliability and Trust
Projet FnR :
FNR8149128 - Strategic Rtnd Program On Information Infrastructure Security And Dependability, 2014 (01/01/2015-31/12/2021) - Marcus Völp
Organisme subsidiant :
FNR - Fonds National de la Recherche CNPq - Conselho Nacional de Desenvolvimento Científico e Tecnológico H2020
