On Topology Poisoning Detection in Software Defined Networking

  • 洪 勤硯

Student thesis: Master's Thesis

Abstract

With the development of the network and the cloud applications the number of network devices is increasing Devices management and configuration becomes a problem Therefore Software Defined Networking has become the trend The difference between a SDN network and a tradition network is that the data plane and the forwarding plane are separated in the SDN network The forwarding plane is primarily an SDN controller that follows the rules from the controller to process incoming packets The control plane is a centralized controller which can send the rules and actions to each switch via the SDN southbound protocol such as OpenFlow The advantage of the separated architecture is that the controller can collect network conditions immediately and send corresponded countermeasures to the switch In order to get network information we must first create a global view In most SDN controllers it uses OFDP (OpenFlow Discovery Protocol) to discover the network topology In OFDP LLDP (Link Layer Discovery Protocol) is used to discover the links between two switches However LLDP lacks a good authentication It will let an attacker poison the network topology via launch fake LLDP injection attack or LLDP relay attack Therefore this thesis proposes a mechanism to authenticate packet integrity and routing For LLDP relay attack this thesis uses the differences between benign links and forged links to detect the attack At last the result shows that either in a simulated environment or a real environment proposed method can effectively detect the attack
Date of Award2018 Sep 1
Original languageEnglish
SupervisorHui-Tang Lin (Supervisor)

Cite this

'