SoylentNews

Arthur T Knackerbracket has found the following story:

Software-defined networking (SDN) controllers respond to network conditions by pushing new flow rules to switches. And that, say Italian researchers, creates an unexpected security problem.

The researchers were able to persuade their SDN environment to leak information that sysadmins probably don't want out in public, including network virtualisation setups, quality of service policies, and more importantly, security tool configuration information such as "attack detection thresholds for network scanning".

Even a single switch's flow table, they write, can provide this kind of information, as well as serving as a side-channel for an attacker to exploit.

The three network boffins – Mauro Conti of the University of Padova, and Sapienza University's Fabio De Gaspari and Luigi Mancini – are particularly concerned about SDN being exploited to help an attacker build a profile of the target network, in what they call a Know Your Enemy (KYE) attack.

For example, they write, an attacker could potentially:

• Connect to the passive listening ports most SDN switches include for remote debugging, to retrieve the flow table (they offer HP Procurve's dpctl utility as an example);
• Infer information about the flow table from jitter (that is, round trip time (RTT) – variance);
• Sniff control traffic, because of inadequate protection (not using TLS, or not using certificates for authentication;
• Exploit vulnerabilities that might exist in switch operating systems, such as backdoors; or
• Copy the flow table or memory content of the switch to an external location.

The paper points out that none of this is specific to particular devices: "the KYE attack exploits a structural vulnerability of SDN, which derives from the on-demand management of network flows, that in turn is one of the main features and strengths" of SDN.

Original Submission