On the fine-grained fingerprinting threat to software-defined networks

Abstract Software-defined networking (SDN) is an emerging networking technology, which has attracted wide attention from academia and industry, playing a key role in enabling techniques of the 5th generation wireless systems (5G). The fundamental characteristic of SDN is that it decouples the control plane from the data plane, which can provide flexibility and programmability for 5G. Unfortunately, the separation of the two planes becomes a potential attack surface as well, which enables adversaries to fingerprint and attack the SDNs. Existing work showed the possibility of fingerprinting an SDN with time-based features. However, they are coarse-grained. This paper proposes a fine-grained fingerprinting approach that reveals the much more severe threats to SDN security and explores the mitigation strategies. By analyzing network packets, the approach can dig out sensitive and control-related information, i.e., match fields of SDN flow rules. The match fields of flow rules can be used to infer the type of an SDN controller and the security policy of an SDN network. With sensitive configuration information, adversaries can launch more targeted and destructive attacks against an SDN. We implement our approach in both simulated and physical environments with different kinds of SDN controllers to verify the effectiveness of our concept. Experimental results demonstrate the feasibility to obtain fine-grained and highly sensitive information in SDN, and hence reveal the high risk of information disclosure in SDN and severe threats of attacks against SDN. To mitigate the fine-grained fingerprinting threat we have revealed, we explore a lightweight countermeasure trying to hide the sensitive time-based features of SDN networks. Implementation and evaluation demonstrate that our countermeasure can play a role in mitigating the risk of SDN control information leakage with only minor overheads.