outsmarting network security with sdn teleportation
play

Outsmarting Network Security with SDN Teleportation KASHYAP - PowerPoint PPT Presentation

Apr 03, 2024 •96 likes •279 views

Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL) STEFAN SCHMID (AALBORG UNIVERSITY, DENMARK) IEEE EURO S&P, PARIS, FRANCE APRIL 2017 Networking Equipment

  1. Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL) STEFAN SCHMID (AALBORG UNIVERSITY, DENMARK) IEEE EURO S&P, PARIS, FRANCE APRIL 2017

  2. Networking Equipment is Critical • It forms a technological foundation for communication • It contributes to the economy • Vital for national security

  3. Backdoors, exploits and 0days in Networking Equipment

  4. Backdoors in SDN equipment • Does that introduce new attacks? • Can we detect backdoor activity?

  5. Software Defined Networking (SDN) is a networking paradigm ● Separated planes ● Centralized model Control Controller plane Data plane Switch

  6. SDN Teleportation: An attack previously not possible Control plane Teleportation Control plane Data plane Software Defined Traditional Networks Networks

  7. SDN Teleportation poses several threats ● Bypass security mechanisms ● Attack coordination ● Exfiltration ● Eavesdrop

  8. The Teleportation Model 1)Switch to Controller 2)Controller to Switches 3)Destination Processing Controller (2) ) 1 ( 01 10 ... (3) Switch Switch

  9. Teleportation Techniques • Out-of-band Forwarding • Flow (re-)configurations • Switch Identification

  10. Out-of-band Forwarding Teleportation ● Complete packets from one switch are teleported to another switch Packet-Out Packet-in

  11. Flow (Re-)Confjguration T eleportation ● Exploit the controllers centralized control to e t e Flow-add l reconfjgure the network Flow-add e P d n - a w i - c t o e k l k e F when a host moves across c t - a i n P the network

  12. Switch Identification Teleportation ● Impersonate the Features-reply (DPID=1) Features-reply (DPID=1) Datapath-ID to Features-request Features-request communicate Hello Hello information

  13. Attacks using Teleportation ● Bypass firewalls, IDS and IPS ● Exfiltration ● Man-in-the-middle ● Rendezvous/Attack coordination

  14. Teleportation Bandwidth

  15. Countermeasures ● Packet-in-Packet-Out Watcher ● Audit-Trails and Accountability ● Enhanced IDS with Waypoint Enforcement

  16. Conclusions ● Introduced a conceptually novel SDN attack ● Teleportation enables several attacks ● Teleportation has high quality and throughput ● Suggested Teleportation countermeasures

  17. Questions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quantum teleportation, diagrams, and the one-time pad A. Kissinger Digital Security Group

Quantum teleportation, diagrams, and the one-time pad A. Kissinger Digital Security Group

Process theories Non-separability Radboud University Nijmegen One-time pad Quantum teleportation Quantum teleportation, diagrams, and the one-time pad A. Kissinger Digital Security Group Institute for Computing and Information Sciences

1.1k views • 107 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Foundations of Network Diagrams: Dynamical Systems, Bayesian Networks and Quantum Processes

Foundations of Network Diagrams: Dynamical Systems, Bayesian Networks and Quantum Processes

Foundations of Network Diagrams: Dynamical Systems, Bayesian Networks and Quantum Processes Filippo Bonchi University of Pisa Quantum Teleportation Quantum Teleportation 1932: von Neumanns original formulation of quantum theory based on

942 views • 29 slides
Towards Parallel Quantum Need for Teleportation Problem Computing: Standard Communication Is a

Towards Parallel Quantum Need for Teleportation Problem Computing: Standard Communication Is a

Need for Fast Data . . . Need to Take . . . Computer Scientists . . . Towards Parallel Quantum Need for Teleportation Problem Computing: Standard Communication Is a . . . Analysis of the Problem Quantum Teleportation Conclusion Algorithm

597 views • 37 slides
Hierarchically clustering time-directed graphs and the effects of teleportation and memory Jevin

Hierarchically clustering time-directed graphs and the effects of teleportation and memory Jevin

Hierarchically clustering time-directed graphs and the effects of teleportation and memory Jevin West, Information School, University of Washington Network Clustering Graph Partitioning Community Detection Block Models Module Detection

789 views • 52 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Outsmarting Stress, Enhancing Resilience, and Optimizing Health in Todays World Margaret

Outsmarting Stress, Enhancing Resilience, and Optimizing Health in Todays World Margaret

Outsmarting Stress, Enhancing Resilience, and Optimizing Health in Todays World Margaret A. Chesney, PhD Professor of Medicine, UCSF Cancer Support Community East TN June 1, 2019 Facing Cancer Together - a program of Cancer Support

861 views • 55 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
Deterministic Memory Abstraction and Supporting Multicore System Architecture Farzad Farshchi $ ,

Deterministic Memory Abstraction and Supporting Multicore System Architecture Farzad Farshchi $ ,

Deterministic Memory Abstraction and Supporting Multicore System Architecture Farzad Farshchi $ , Prathap Kumar Valsan ^ , Renato Mancuso * , Heechul Yun $ $ University of Kansas, ^ Intel, * Boston University Multicore Processors in CPS

797 views • 24 slides
Congestion and the Role of Routers Jeff Chase Duke University Overview Problem is

Congestion and the Role of Routers Jeff Chase Duke University Overview Problem is

Congestion and the Role of Routers Jeff Chase Duke University Overview Problem is Bullies, Mobs, and Crooks [Floyd] AQM / RED / REM ECN Robust Congestion Signaling XCP Pushback Stoica Following slides

725 views • 50 slides
Devices and Device Controllers network interface graphics adapter secondary storage

Devices and Device Controllers network interface graphics adapter secondary storage

I/O 1 Devices and Device Controllers network interface graphics adapter secondary storage (disks, tape) and storage controllers serial (e.g., mouse, keyboard) sound co-processors . . . CS350 Operating Systems Winter

533 views • 28 slides
Main Memory and DRAM Instructor: Nima Honarmand Spring 2015 :: CSE 502 Computer Architecture

Main Memory and DRAM Instructor: Nima Honarmand Spring 2015 :: CSE 502 Computer Architecture

Spring 2015 :: CSE 502 Computer Architecture Main Memory and DRAM Instructor: Nima Honarmand Spring 2015 :: CSE 502 Computer Architecture SRAM vs. DRAM SRAM = Static RAM As long as power is present, data is retained DRAM =

484 views • 37 slides
Modeling and control of Rankine based waste heat recovery systems for heavy duty trucks Vincent

Modeling and control of Rankine based waste heat recovery systems for heavy duty trucks Vincent

Context and motivations Waste heat recovery Rankine cycle based Studied system Control oriented modeling Controller development Simulation results Conclusion and next steps Contacts and discussion Modeling and control of Rankine based waste

832 views • 28 slides
Probabilisti tic Model Checking and Contr troller Synth thesis Dave Parker

Probabilisti tic Model Checking and Contr troller Synth thesis Dave Parker

Probabilisti tic Model Checking and Contr troller Synth thesis Dave Parker University of Birmingham AVACS Autumn School, October 2015 Overview Probabilistic model checking verification vs. strategy/controller

431 views • 41 slides
Synthesizing Optimally Resilient Controllers Joint work with Daniel Neider and Alexander Weinert

Synthesizing Optimally Resilient Controllers Joint work with Daniel Neider and Alexander Weinert

Synthesizing Optimally Resilient Controllers Joint work with Daniel Neider and Alexander Weinert Martin Zimmermann Saarland University September 20th, 2018 Highlights Conference, Berlin, Germany Martin Zimmermann Saarland University

653 views • 13 slides
Robust control of a risk-sensitive performance measure Paul Dupuis Division of Applied

Robust control of a risk-sensitive performance measure Paul Dupuis Division of Applied

Robust control of a risk-sensitive performance measure Paul Dupuis Division of Applied Mathematics Brown University R. Atar, A. Budhiraja, R. Wu ICERM, June 2019 Three settings for robust optimization/control Three settings for robust

505 views • 48 slides

More recommend