Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

I DPID It My Way! A Covert Timing Channel in Software-Defined Networks

Robert Krösche, Kashyap Thimmaraju, Liron Schiff, Stefan Schmid

TL;DR

It is shown that the separation of the control plane from the data plane, which lies at the heart of Software-Defined Networks (SDNs), can be exploited for covert channels based on SDN Teleportation, even when the data planes are physically disconnected.

Abstract

Software-defined networking is considered a promising new paradigm, enabling more reliable and formally verifiable communication networks. However, this paper shows that the separation of the control plane from the data plane, which lies at the heart of Software-Defined Networks (SDNs), can be exploited for covert channels based on SDN Teleportation, even when the data planes are physically disconnected. This paper describes the theoretical model and design of our covert timing channel based on SDN Teleportation. We implement our covert channel using a popular SDN switch, Open vSwitch, and a popular SDN controller, ONOS. Our evaluation of the prototype shows that even under load at the controller, throughput rates of 20 bits per second are possible, with a communication accuracy of approximately 90\%. We also discuss techniques to increase the throughput further.

I DPID It My Way! A Covert Timing Channel in Software-Defined Networks

TL;DR

It is shown that the separation of the control plane from the data plane, which lies at the heart of Software-Defined Networks (SDNs), can be exploited for covert channels based on SDN Teleportation, even when the data planes are physically disconnected.

Abstract

Software-defined networking is considered a promising new paradigm, enabling more reliable and formally verifiable communication networks. However, this paper shows that the separation of the control plane from the data plane, which lies at the heart of Software-Defined Networks (SDNs), can be exploited for covert channels based on SDN Teleportation, even when the data planes are physically disconnected. This paper describes the theoretical model and design of our covert timing channel based on SDN Teleportation. We implement our covert channel using a popular SDN switch, Open vSwitch, and a popular SDN controller, ONOS. Our evaluation of the prototype shows that even under load at the controller, throughput rates of 20 bits per second are possible, with a communication accuracy of approximately 90\%. We also discuss techniques to increase the throughput further.
Paper Structure (18 sections, 5 equations, 7 figures, 2 algorithms)

This paper contains 18 sections, 5 equations, 7 figures, 2 algorithms.

Table of Contents

  1. Introduction
  2. Threat Model
  3. A Covert Channel using Teleportation
  4. Single Bit Transfer
  5. State Transition Model
  6. Transition Delays
  7. From One Bit to Multiple Bits
  8. Design and Performance Challenges
  9. Synchronization
  10. Determining the Time Interval $\Delta$ and Delays
  11. Frame-based Transmission
  12. Influence of the Controller
  13. Evaluation
  14. Implementation
  15. Setup and Methodology
  16. ...and 3 more sections

Figures (7)

  • Figure 1: Message sequence pattern for the OpenFlow handshake and switch identification teleportation when the controller denies the second switch a connection.
  • Figure 2: State diagram for the sender and receiver to send/receive one binary value.
  • Figure 3: Channel accuracy for time intervals 30-100 $ms$, and frame lengths 7, 14 and 28 when $\delta_{offset}=5 ms$, OpenFlow status is checked at $\Delta/2$, and there is no load on the controller.
  • Figure 4: Channel accuracy for time intervals 30-100 $ms$, and frame lengths 7, 14 and 28 when $\delta_{offset}=5 ms$, OpenFlow status is checked at $2\Delta/3$, and there is no load on the controller.
  • Figure 5: Channel accuracy for time intervals 30-100 $ms$, and frame lengths 7, 14 and 28 when $\delta_{offset}=5 ms$, OpenFlow status is checked at $\Delta/3$, and there is no load on the controller.
  • ...and 2 more figures