Securing Software-Defined Networks against Timing Side-Channel Attacks

Software-Defined Networking (SDN) is a networking technology that allows the programming and efficient management of networks. The Software-Defined Networks (SDNs) separate the orchestration of traffic forwarding (control plane) from the actual execution of traffic forwarding (data plane), allowing a network administrator to control and manage the network. This allows network applications to regulate the forwarding behaviour and policy of a network efficiently by utilising a logically centralised control plane managed by an SDN controller. The adaptation of SDN to modern networking is significant because it provides flexibility in designing and controlling a network, unlike conventional networks. Today’s communication networks demand high data speeds, swift deployment, high availability, and programmability. SDN can meet these requirements with a programmable architecture and centralised controlled design. However, this transformation has led to new security challenges.

The advent of SDNs has given rise to advanced security threats, including timing side-channel attacks. Owing to the separation of the data and control planes, SDN is vulnerable to timing side-channel attacks. An adversary with malicious intent can gather network data, including flow tables, routes, controller types, ports, and other parameters, by exploiting timing information. The focus of the current mitigation strategies for timing side-channel attacks is largely on minimising them through network architectural changes. This significantly increases the overhead of SDNs and makes it difficult to identify the origin of the attack. Existing techniques for mitigating timing side-channel attacks can mitigate the effects of such attacks to some extent. Nonetheless, these approaches are incapable of detecting the presence of an adversary or timing probe activity within a network, making them vulnerable to security breaches. To secure resilient SDN deployments, it is necessary to conduct comprehensive research that not only identifies the attack activity but also formulates an adequate response.

This thesis addresses the problem of timing side-channel attacks in SDNs by presenting and examining comprehensive methods for their mitigation. This thesis aims to provide an extensive framework that includes detection, response and prevention mechanisms to enhance the security of SDNs against timing side-channel attacks. The solutions proposed in this thesis demonstrate a significant level of compatibility with existing SDN infrastructure, exhibiting a high degree of computational efficiency while utilising minimal resources.

The detection mechanisms aim to identify potential adversaries or timing probe activities within an SDN by monitoring and analysing network traffic patterns. The methodology encompasses the creation of a comprehensive dataset of network traffic and the use of machine learning techniques for detection purposes. The machine learning methodology was adopted for this solution because it delivers faster and more accurate results. Unlike conventional methods, it can precisely detect the attack activity in an SDN and determine the attack source. To address the identified timing side-channel attack queries, a response mechanism was implemented. This entails devising a feedback-oriented response to counter the identified source, such as blocking or diverting it, while minimising any adverse effects on legitimate network traffic. This methodology is characterised by an automated data-driven approach that enables prompt and effective responses. This thesis presents a proactive technique for effectively controlling timing side-channel attacks in SDNs by recommending a preventive approach. The prevention mechanism is founded on a response randomisation technique that conceals the original response time information from attackers and introduces random delays in the response timing. This effectively inhibits attackers from exploiting such attacks by minimising the variance in probe packet response timings. attacks.

The key findings of this research include the use of machine learning algorithms for detection, the implementation of a data-driven automation approach for response, and the development of a response randomisation technique for prevention. This thesis makes a notable contribution to the field of SDN security by addressing the limitations of conventional techniques against timing side-channel attacks. This thesis seeks to improve the security of SDN deployments and mitigate the risks associated with timing side-channel attacks by presenting comprehensive methods for detecting, responding, and preventing such attacks. The proposed solutions demonstrate their compatibility with the current SDN infrastructure and prove to be computationally efficient, requiring minimal resources. The overall design findings show that our approach is successful in mitigating timing side-channel attacks in SDN.