Mitigating DoS Attacks against SDN Controller Using Information Hiding

Osamah Ibrahiem Abdullaziz, Li Chun Wang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Because of SDN centralization nature, denial of service (DoS) attacks have become a prominent concern. In the OpenFlow (OF) protocol, the transport layer security (TLS) protocol is recommended to secure the control channel. Unfortunately, the tasks involved in the proper configuration of a secured TLS are very challenging. Even worse, TLS is made an optional mode of communication in OF. As a consequence, some OF-enabled switches and controllers do not adopt TLS. In this paper, we develop a lightweight authentication mechanism, called Hidden Authentication (HiAuth), to protect SDN controller against DoS attacks. HiAuth legitimizes SDN forwarding devices by hiding authentication information into the header of control channel packets. Our experimental results prove that HiAuth is lightweight and can not only mitigate DoS attacks, but also provide high undetectability to the attacker.

Original languageEnglish
Title of host publication2019 IEEE Wireless Communications and Networking Conference, WCNC 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538676462
DOIs
StatePublished - 2019
Event2019 IEEE Wireless Communications and Networking Conference, WCNC 2019 - Marrakesh, Morocco
Duration: 15 Apr 201919 Apr 2019

Publication series

NameIEEE Wireless Communications and Networking Conference, WCNC
Volume2019-April
ISSN (Print)1525-3511

Conference

Conference2019 IEEE Wireless Communications and Networking Conference, WCNC 2019
CountryMorocco
CityMarrakesh
Period15/04/1919/04/19

Keywords

  • Denial of service (DoS) attacks
  • Information hiding
  • OpenFlow
  • Software defined networking (SDN)

Fingerprint Dive into the research topics of 'Mitigating DoS Attacks against SDN Controller Using Information Hiding'. Together they form a unique fingerprint.

Cite this