A Link Fabrication Attack Mitigation Approach (LiFAMA) for Software Defined Networks

Abstract

In software defined networks (SDNs), the controller is a critical resource, yet it is a potential target for attacks as well. The conventional OpenFlow Discovery Protocol (OFPD) used in building the topological view for the controller has vulnerabilities that easily allow attackers to poison the network topology by creating fabricated links with malicious effects. OFDP makes use of the link layer discovery protocol (LLDP) to discover existing links. However, the LLDP is not efficient at fabricated link detection. Existing approaches to mitigating this problem have mostly been passive approaches that depend on observing unexpected behaviour. Examples of such behaviour include link latency and packet patterns to trigger attack alerts. The problem with the existing solutions is that their implementations cause longer link discovery time. This implies that a dense SDN would suffer from huge delays in the link discovery process. In this study, we propose a link fabrication attack (LFA) mitigation approach (LiFAMA), which is an active mitigation approach and one that minimises the link discovery time. The approach uses LLDP packet authentication together with keyed-hashbased message authentication code (HMAC) and a link verification database (PostgreSQL) that stores records of all known and verified links in the network. This approach was implemented in an emulated SDN environment using Mininet and a Python-based open-source OpenFlow (POX) controller. The results show that the approach detects fabricated links in an SDN in real time and helps mitigate them. Additionally, the link discovery time of LiFAMA out-competes that of an existing LFA mitigation approach.