Skip to main content
placeholder image

Preventing Timing Side-Channel Attacks in SoftwareDefined Networks

Conference Paper


Abstract


  • Software-defined networking (SDN) is a technology for programming and efficiently managing networks. SDNs are prone to numerous threats, such as Distributed Denial of Service (DDoS), Man-in-the-middle, ARP Spoofing, Side-channels, and several other attacks. Separation of the data plane from the control plane makes SDN vulnerable to timing side-channel attacks. By comparing the response time of probe queries, an adversary can infer a pattern of request, which can invoke the controller and eventually discover information about the network. An adversary can apply these attacks to extract flow tables, routes, controller type, ports, etc. In this paper, we propose a novel security solution 'Netkasi' (kasi means 'hide' in Esperanto), to counter timing side-channel attacks in SDN. This solution hides the original response time information from the attacker and provides random response timing. As this security solution is designed to integrate with SDN, its architecture ensures minimal impact on the network traffic and consumption of network resources. The current solutions are a massive overhead on the network, whereas 'Netkasi' is implemented as a peripheral solution having its resources without causing significant overhead on the traffic. Analysis of the overall design shows that our solution is effective for the prevention of timing side-channel attacks in SDN.

Publication Date


  • 2021

Citation


  • Shoaib, F., Chow, Y. W., & Vlahu-Gjorgievska, E. (2021). Preventing Timing Side-Channel Attacks in SoftwareDefined Networks. In 2021 IEEE Asia-Pacific Conference on Computer Science and Data Engineering, CSDE 2021. doi:10.1109/CSDE53843.2021.9718377

Scopus Eid


  • 2-s2.0-85127873430

Abstract


  • Software-defined networking (SDN) is a technology for programming and efficiently managing networks. SDNs are prone to numerous threats, such as Distributed Denial of Service (DDoS), Man-in-the-middle, ARP Spoofing, Side-channels, and several other attacks. Separation of the data plane from the control plane makes SDN vulnerable to timing side-channel attacks. By comparing the response time of probe queries, an adversary can infer a pattern of request, which can invoke the controller and eventually discover information about the network. An adversary can apply these attacks to extract flow tables, routes, controller type, ports, etc. In this paper, we propose a novel security solution 'Netkasi' (kasi means 'hide' in Esperanto), to counter timing side-channel attacks in SDN. This solution hides the original response time information from the attacker and provides random response timing. As this security solution is designed to integrate with SDN, its architecture ensures minimal impact on the network traffic and consumption of network resources. The current solutions are a massive overhead on the network, whereas 'Netkasi' is implemented as a peripheral solution having its resources without causing significant overhead on the traffic. Analysis of the overall design shows that our solution is effective for the prevention of timing side-channel attacks in SDN.

Publication Date


  • 2021

Citation


  • Shoaib, F., Chow, Y. W., & Vlahu-Gjorgievska, E. (2021). Preventing Timing Side-Channel Attacks in SoftwareDefined Networks. In 2021 IEEE Asia-Pacific Conference on Computer Science and Data Engineering, CSDE 2021. doi:10.1109/CSDE53843.2021.9718377

Scopus Eid


  • 2-s2.0-85127873430