Abstract
The rapid development of the Internet of Things has led to demand for high-speed data transformation. Serving this purpose is the Tactile Internet, which facilitates data transfer in extra-low latency. In particular, a Tactile Internet based on software-defined networking (SDN) has been broadly deployed because of the proven benefits of SDN in flexible and programmable network management. However, the vulnerabilities of SDN also threaten the security of the Tactile Internet. Specifically, an SDN controller relies on the network status (provided by the underlying switches) to make network decisions, e.g., calculating a routing path to deliver data in the Tactile Internet. Hence, the attackers can compromise the switches to jeopardize the SDN and further attack Tactile Internet systems. For example, an attacker can compromise switches to launch distributed denial-of-service attacks to overwhelm the SDN controller, which will disrupt all the applications in the Tactile Internet. In pursuit of a more secure Tactile Internet, the problem of abnormal SDN switches in the Tactile Internet is analyzed in this article, including the cause of abnormal switches and their influences on different network layers. Then we propose an approach that leverages the messages sent by all switches to identify abnormal switches, which adopts a linear structure to store historical messages at a relatively low cost. By mapping each flow message to the flow establishment model, our method can effectively identify malicious SDN switches in the Tactile Internet and thus enhance its security.
- 2020. The Internet Topology Zoo. Retrieved from http://www.topology-zoo.org/dataset.html.Google Scholar
- 2020. Mininet. Retrieved from http://mininet.org/.Google Scholar
- 2020. The Moore Dataset. Retrieved from https://www.cl.cam.ac.uk/research/srg/netos/projects/archive/nprobe/.Google Scholar
- 2020. RYU. Retrieved from https://osrg.github.io/ryu-book/en/html/.Google Scholar
- Khandakar Ahmed, Jan Olaf Blech, Mark A. Gregory, and Heinrich-Wilhelm Schmidt. 2015. Software defined networking for communication and control of cyber-physical systems. In Proceedings of the 21st IEEE International Conference on Parallel and Distributed Systems. 803–808.Google Scholar
Digital Library
- Mustafa Y. Arslan, Karthikeyan Sundaresan, and Sampath Rangarajan. 2015. Software-defined networking in cellular radio access networks: Potential and challenges. IEEE Commun. Mag. 53, 1 (2015), 150–156.Google Scholar
Digital Library
- Abdelhamied A. Ateya, Ammar Muthanna, Irina Gudkova, Abdelrahman Abuarqoub, Anastasia Vybornova, and Andrey Koucheryavy. 2018. Development of intelligent core network for tactile internet and future smart systems. J. Sens. Actuat. Netw. 7, 1 (2018), 1–20.Google Scholar
Cross Ref
- Stéphane Betgé-Brezetz, Guy-Bertrand Kamga, and Monsef Tazi. 2015. Trust support for SDN controllers and virtualized network applications. In Proceedings of the 2015 1st IEEE Conference on Network Softwarization. IEEE, 1–5.Google Scholar
Cross Ref
- Marco Canini, Daniele Venzano, Peter Perešíni, Dejan Kostić, and Jennifer Rexford. 2012. A {NICE} way to test OpenFlow applications. In Presented as Part of the 9th USENIX Symposium on Networked Systems Design and Implementation. 127–140.Google Scholar
- M. Casado. 2013. OpenStack and network virtualization. [Online]. http://blogs.vmware.com/vmware/2013/04/openstack-and-networkvirtualization.html.Google Scholar
- Tzu-Wei Chao, Yu-Ming Ke, Bo-Han Chen, Jhu-Lin Chen, Chen Jung Hsieh, Shao-Chuan Lee, and Hsu-Chun Hsiao. 2016. Securing data planes in software-defined networks. In Proceedings of the 2016 IEEE NetSoft Conference and Workshops. IEEE, 465–470.Google Scholar
Cross Ref
- Po-Wen Chi, Chien-Ting Kuo, Jing-Wei Guo, and Chin-Laung Lei. 2015. How to detect a compromised SDN switch. In Proceedings of the 2015 1st IEEE Conference on Network Softwarization. IEEE, 1–6.Google Scholar
- Filipe Augusto da Luz Lemos, Rubens Alexandre de Faria, Paulo Jose Abatti, Mauro Sergio Pereira Fonseca, and Keiko Veronica Ono Fonseca. 2020. Memory auditing for detection of compromised switches in software-defined networks using trusted execution environment. In Developments and Advances in Defense and Security. Springer, 77–85.Google Scholar
- Xiaodong Du, Ming-Zhong Wang, Xiaoping Zhang, and Liehuang Zhu. 2014. Traffic-based malicious switch detection in sdn. Int. J. Secur. Appl. 8, 5 (2014), 119–130.Google Scholar
- Miguel Garcia, Alysson Bessani, Ilir Gashi, Nuno Neves, and Rafael Obelheiro. 2014. Analysis of operating system diversity for intrusion tolerance. Softw.: Pract. Exper. 44, 6 (2014), 735–770.Google Scholar
Digital Library
- Rami Ghannam and Anthony Chung. 2016. Handling malicious switches in software defined networks. In Proceedings of the 2016 IEEE/IFIP Network Operations and Management Symposium. IEEE, 1245–1248.Google Scholar
Digital Library
- Andrzej Kamisiński and Carol Fung. 2015. Flowmon: Detecting malicious switches in software-defined networks. In Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense. ACM, 39–45.Google Scholar
Digital Library
- Diego Kreutz, Fernando M. V. Ramos, Paulo Esteves Verissimo, Christian Esteve Rothenberg, Siamak Azodolmolky, and Steve Uhlig. 2014. Software-defined networking: A comprehensive survey. Proc. IEEE 103, 1 (2014), 14–76.Google Scholar
Cross Ref
- Marta Z. Kwiatkowska, Gethin Norman, and David Parker. 2011. PRISM 4.0: Verification of probabilistic real-time systems. In Proceedings of the 23rd International Conference on Computer Aided Verification, Vol. 6806. 585–591.Google Scholar
Cross Ref
- Elias Molina and Eduardo Jacob. 2017. Software-defined networking in cyber-physical systems: A survey. Comput. Electr. Eng. (2017), 1–13.Google Scholar
- Saran Neti, Anil Somayaji, and Michael E. Locasto. 2012. Software diversity: Security, entropy and game theory. In Proceedings of the 2012 USENIX Conference on Hot Topics in Security.Google Scholar
- Ruoming Pang, Mark Allman, Mike Bennett, Jason Lee, Vern Paxson, and Brian Tierney. 2005. A first look at modern enterprise traffic. In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement. 2–2.Google Scholar
Digital Library
- S. Schenker. 2013. Stanford Seminar—Software-defined Networking at the Crossroads. [Online]. http://www.youtube.com/watch?v=WabdXYzCAOU.Google Scholar
- Maha Shamseddine, Wassim Itani, Ayman Kayssi, and Ali Chehab. 2017. Virtualized network views for localizing misbehaving sources in SDN data planes. In Proceedings of the 2017 IEEE International Conference on Communications. IEEE, 1–7.Google Scholar
Cross Ref
- Rob Sherwood, Glen Gibb, Kok-Kiong Yap, Guido Appenzeller, Martin Casado, Nick McKeown, and Guru M Parulkar. 2010. Can the production network be the testbed? In Proceedings of the 2010 USENIX Symposium on Operating Systems Design and Implementation), Vol. 10. 1–6.Google Scholar
- Richard Skowyra, Andrei Lapets, Azer Bestavros, and Assaf Kfoury. 2014. A verification platform for sdn-enabled applications. In Proceedings of the 2014 IEEE International Conference on Cloud Engineering. IEEE, 337–342.Google Scholar
Digital Library
- David Szabo, Andras Gulyas, Frank H. P. Fitzek, and Daniel E. Lucani. 2015. Towards the Tactile Internet: Decreasing communication latency with network coding and software defined networking. In Proceedings of the 21th European Wireless Conference on European Wireless. 428–433.Google Scholar
- Volkan Yazici, M Oguz Sunay, and Ali O Ercan. 2014. Controlling a software-defined network via distributed controllers. arXiv:1401.7651. Retrieved from https://arxiv.org/abs/1401.7651.Google Scholar
- Dongting Yu, Andrew W Moore, Chris Hall, and Ross Anderson. 2013. Authentication for resilience: The case of SDN. In Proceedings of the Cambridge International Workshop on Security Protocols. Springer, 39–44.Google Scholar
Cross Ref
- Minlan Yu, Lavanya Jose, and Rui Miao. 2013. Software defined traffic measurement with OpenSketch. In Presented as Part of the 10th USENIX Symposium on Networked Systems Design and Implementation. 29–42.Google Scholar
- Bin Yuan, Hai Jin, Deqing Zou, Laurence Tianruo Yang, and Shui Yu. 2018. A practical Byzantine-based approach for faulty switch tolerance in software-defined networks. IEEE Trans. Netw. Serv. Manage. 15, 2 (2018), 825–839.Google Scholar
Cross Ref
- Haifeng Zhou, Chunming Wu, Chengyu Yang, Pengfei Wang, Qi Yang, Zhouhao Lu, and Qiumei Cheng. 2018. SDN-RDCD: A real-time and reliable method for detecting compromised SDN devices. IEEE/ACM Trans. Netw. 26, 5 (2018), 2048–2061.Google Scholar
Digital Library
Index Terms
Detecting Malicious Switches for a Secure Software-defined Tactile Internet
Recommendations
Software-Defined Network Based Secure Internet-Enabled Video Surveillance System
Information Security ApplicationsAbstractThe Internet-of-Things is driving significant change to the video surveillance network system, allowing access to video data anywhere and at any time. Despite the tremendous benefits, the system is faced with an insider threat, causing service ...
Security of Software Defined Networks
Software Defined Networking (SDN) has emerged as a new network architecture for dealing with network dynamics through software-enabled control. While SDN is promoting many new network applications, security has become an important concern. This paper ...
Security in Software Defined Networks: A Survey
Software defined networking (SDN) decouples the network control and data planes. The network intelligence and state are logically centralized and the underlying network infrastructure is abstracted from applications. SDN enhances network security by means ...






Comments