skip to main content
research-article

Detecting Malicious Switches for a Secure Software-defined Tactile Internet

Authors Info & Claims
Published:03 September 2021Publication History
Skip Abstract Section

Abstract

The rapid development of the Internet of Things has led to demand for high-speed data transformation. Serving this purpose is the Tactile Internet, which facilitates data transfer in extra-low latency. In particular, a Tactile Internet based on software-defined networking (SDN) has been broadly deployed because of the proven benefits of SDN in flexible and programmable network management. However, the vulnerabilities of SDN also threaten the security of the Tactile Internet. Specifically, an SDN controller relies on the network status (provided by the underlying switches) to make network decisions, e.g., calculating a routing path to deliver data in the Tactile Internet. Hence, the attackers can compromise the switches to jeopardize the SDN and further attack Tactile Internet systems. For example, an attacker can compromise switches to launch distributed denial-of-service attacks to overwhelm the SDN controller, which will disrupt all the applications in the Tactile Internet. In pursuit of a more secure Tactile Internet, the problem of abnormal SDN switches in the Tactile Internet is analyzed in this article, including the cause of abnormal switches and their influences on different network layers. Then we propose an approach that leverages the messages sent by all switches to identify abnormal switches, which adopts a linear structure to store historical messages at a relatively low cost. By mapping each flow message to the flow establishment model, our method can effectively identify malicious SDN switches in the Tactile Internet and thus enhance its security.

References

  1. 2020. The Internet Topology Zoo. Retrieved from http://www.topology-zoo.org/dataset.html.Google ScholarGoogle Scholar
  2. 2020. Mininet. Retrieved from http://mininet.org/.Google ScholarGoogle Scholar
  3. 2020. The Moore Dataset. Retrieved from https://www.cl.cam.ac.uk/research/srg/netos/projects/archive/nprobe/.Google ScholarGoogle Scholar
  4. 2020. RYU. Retrieved from https://osrg.github.io/ryu-book/en/html/.Google ScholarGoogle Scholar
  5. Khandakar Ahmed, Jan Olaf Blech, Mark A. Gregory, and Heinrich-Wilhelm Schmidt. 2015. Software defined networking for communication and control of cyber-physical systems. In Proceedings of the 21st IEEE International Conference on Parallel and Distributed Systems. 803–808.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Mustafa Y. Arslan, Karthikeyan Sundaresan, and Sampath Rangarajan. 2015. Software-defined networking in cellular radio access networks: Potential and challenges. IEEE Commun. Mag. 53, 1 (2015), 150–156.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Abdelhamied A. Ateya, Ammar Muthanna, Irina Gudkova, Abdelrahman Abuarqoub, Anastasia Vybornova, and Andrey Koucheryavy. 2018. Development of intelligent core network for tactile internet and future smart systems. J. Sens. Actuat. Netw. 7, 1 (2018), 1–20.Google ScholarGoogle ScholarCross RefCross Ref
  8. Stéphane Betgé-Brezetz, Guy-Bertrand Kamga, and Monsef Tazi. 2015. Trust support for SDN controllers and virtualized network applications. In Proceedings of the 2015 1st IEEE Conference on Network Softwarization. IEEE, 1–5.Google ScholarGoogle ScholarCross RefCross Ref
  9. Marco Canini, Daniele Venzano, Peter Perešíni, Dejan Kostić, and Jennifer Rexford. 2012. A {NICE} way to test OpenFlow applications. In Presented as Part of the 9th USENIX Symposium on Networked Systems Design and Implementation. 127–140.Google ScholarGoogle Scholar
  10. M. Casado. 2013. OpenStack and network virtualization. [Online]. http://blogs.vmware.com/vmware/2013/04/openstack-and-networkvirtualization.html.Google ScholarGoogle Scholar
  11. Tzu-Wei Chao, Yu-Ming Ke, Bo-Han Chen, Jhu-Lin Chen, Chen Jung Hsieh, Shao-Chuan Lee, and Hsu-Chun Hsiao. 2016. Securing data planes in software-defined networks. In Proceedings of the 2016 IEEE NetSoft Conference and Workshops. IEEE, 465–470.Google ScholarGoogle ScholarCross RefCross Ref
  12. Po-Wen Chi, Chien-Ting Kuo, Jing-Wei Guo, and Chin-Laung Lei. 2015. How to detect a compromised SDN switch. In Proceedings of the 2015 1st IEEE Conference on Network Softwarization. IEEE, 1–6.Google ScholarGoogle Scholar
  13. Filipe Augusto da Luz Lemos, Rubens Alexandre de Faria, Paulo Jose Abatti, Mauro Sergio Pereira Fonseca, and Keiko Veronica Ono Fonseca. 2020. Memory auditing for detection of compromised switches in software-defined networks using trusted execution environment. In Developments and Advances in Defense and Security. Springer, 77–85.Google ScholarGoogle Scholar
  14. Xiaodong Du, Ming-Zhong Wang, Xiaoping Zhang, and Liehuang Zhu. 2014. Traffic-based malicious switch detection in sdn. Int. J. Secur. Appl. 8, 5 (2014), 119–130.Google ScholarGoogle Scholar
  15. Miguel Garcia, Alysson Bessani, Ilir Gashi, Nuno Neves, and Rafael Obelheiro. 2014. Analysis of operating system diversity for intrusion tolerance. Softw.: Pract. Exper. 44, 6 (2014), 735–770.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Rami Ghannam and Anthony Chung. 2016. Handling malicious switches in software defined networks. In Proceedings of the 2016 IEEE/IFIP Network Operations and Management Symposium. IEEE, 1245–1248.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Andrzej Kamisiński and Carol Fung. 2015. Flowmon: Detecting malicious switches in software-defined networks. In Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense. ACM, 39–45.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Diego Kreutz, Fernando M. V. Ramos, Paulo Esteves Verissimo, Christian Esteve Rothenberg, Siamak Azodolmolky, and Steve Uhlig. 2014. Software-defined networking: A comprehensive survey. Proc. IEEE 103, 1 (2014), 14–76.Google ScholarGoogle ScholarCross RefCross Ref
  19. Marta Z. Kwiatkowska, Gethin Norman, and David Parker. 2011. PRISM 4.0: Verification of probabilistic real-time systems. In Proceedings of the 23rd International Conference on Computer Aided Verification, Vol. 6806. 585–591.Google ScholarGoogle ScholarCross RefCross Ref
  20. Elias Molina and Eduardo Jacob. 2017. Software-defined networking in cyber-physical systems: A survey. Comput. Electr. Eng. (2017), 1–13.Google ScholarGoogle Scholar
  21. Saran Neti, Anil Somayaji, and Michael E. Locasto. 2012. Software diversity: Security, entropy and game theory. In Proceedings of the 2012 USENIX Conference on Hot Topics in Security.Google ScholarGoogle Scholar
  22. Ruoming Pang, Mark Allman, Mike Bennett, Jason Lee, Vern Paxson, and Brian Tierney. 2005. A first look at modern enterprise traffic. In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement. 2–2.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. S. Schenker. 2013. Stanford Seminar—Software-defined Networking at the Crossroads. [Online]. http://www.youtube.com/watch?v=WabdXYzCAOU.Google ScholarGoogle Scholar
  24. Maha Shamseddine, Wassim Itani, Ayman Kayssi, and Ali Chehab. 2017. Virtualized network views for localizing misbehaving sources in SDN data planes. In Proceedings of the 2017 IEEE International Conference on Communications. IEEE, 1–7.Google ScholarGoogle ScholarCross RefCross Ref
  25. Rob Sherwood, Glen Gibb, Kok-Kiong Yap, Guido Appenzeller, Martin Casado, Nick McKeown, and Guru M Parulkar. 2010. Can the production network be the testbed? In Proceedings of the 2010 USENIX Symposium on Operating Systems Design and Implementation), Vol. 10. 1–6.Google ScholarGoogle Scholar
  26. Richard Skowyra, Andrei Lapets, Azer Bestavros, and Assaf Kfoury. 2014. A verification platform for sdn-enabled applications. In Proceedings of the 2014 IEEE International Conference on Cloud Engineering. IEEE, 337–342.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. David Szabo, Andras Gulyas, Frank H. P. Fitzek, and Daniel E. Lucani. 2015. Towards the Tactile Internet: Decreasing communication latency with network coding and software defined networking. In Proceedings of the 21th European Wireless Conference on European Wireless. 428–433.Google ScholarGoogle Scholar
  28. Volkan Yazici, M Oguz Sunay, and Ali O Ercan. 2014. Controlling a software-defined network via distributed controllers. arXiv:1401.7651. Retrieved from https://arxiv.org/abs/1401.7651.Google ScholarGoogle Scholar
  29. Dongting Yu, Andrew W Moore, Chris Hall, and Ross Anderson. 2013. Authentication for resilience: The case of SDN. In Proceedings of the Cambridge International Workshop on Security Protocols. Springer, 39–44.Google ScholarGoogle ScholarCross RefCross Ref
  30. Minlan Yu, Lavanya Jose, and Rui Miao. 2013. Software defined traffic measurement with OpenSketch. In Presented as Part of the 10th USENIX Symposium on Networked Systems Design and Implementation. 29–42.Google ScholarGoogle Scholar
  31. Bin Yuan, Hai Jin, Deqing Zou, Laurence Tianruo Yang, and Shui Yu. 2018. A practical Byzantine-based approach for faulty switch tolerance in software-defined networks. IEEE Trans. Netw. Serv. Manage. 15, 2 (2018), 825–839.Google ScholarGoogle ScholarCross RefCross Ref
  32. Haifeng Zhou, Chunming Wu, Chengyu Yang, Pengfei Wang, Qi Yang, Zhouhao Lu, and Qiumei Cheng. 2018. SDN-RDCD: A real-time and reliable method for detecting compromised SDN devices. IEEE/ACM Trans. Netw. 26, 5 (2018), 2048–2061.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Detecting Malicious Switches for a Secure Software-defined Tactile Internet

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Internet Technology
        ACM Transactions on Internet Technology  Volume 21, Issue 4
        November 2021
        520 pages
        ISSN:1533-5399
        EISSN:1557-6051
        DOI:10.1145/3472282
        • Editor:
        • Ling Lu
        Issue’s Table of Contents

        Copyright © 2021 Association for Computing Machinery.

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 3 September 2021
        • Accepted: 1 August 2020
        • Revised: 1 June 2020
        • Received: 1 May 2020
        Published in toit Volume 21, Issue 4

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!