Design of Multiple-flow Timing Channel in Software-defined

doi:10.3969/j.issn.1006-2475.2017.04.019

Abstract

Abstract: Software-defined networks (SDN), different from traditional network, is a new network architecture with the separation of application layer, control layer and data layer. In this paper, covert communication in SDN is studied, a multiple-flow timing channel scheme is proposed based on the interaction characteristic between OpenFlow controllers and switches, which utilizes the arriving time of reply packets in link layer discovery protocol to transmit secret messages. Simulation results show that the proposed scheme can achieve well covertness and robustness.


Key words: software-defined networks, covert communication, timing channels, link layer discovery protocol

CLC Number:

TP393

YIN Su-kai1, LIU Guang-jie1, LIU Wei-wei1, ZHAI Jiang-tao2, DAI Yue-wei1,2. Design of Multiple-flow Timing Channel in Software-defined[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2017.04.019.

References

［1］ Wendzel S, Zander S, Fechner B, et al. Pattern-based survey and categorization of network covert channel techniques［J］. ACM Computing Surveys, 2015,47(3):Article No. 50.
［2］ Maurice C, Neumann C, Heen O, et al. C5: Cross-cores cache covert channel［C］// International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 2015:46-64.
［3］ Wu Zhenyu, Xu Zhang, Wang Haining. Whispers in the hyper-space: High-bandwidth and reliable covert channel attacks inside the cloud［J］. IEEE/ACM Transactions on Networking (TON), 2015,23(2):603-615.
［4］ Wu Jingzheng, Ding Liping, Wu Yanjun, et al. C2Detector: A covert channel detection framework in cloud computing［J］. Security and Communication Networks, 2014,7(3):544-557.
［5］ Wu Zhenyu, Xu Zhang, Wang Haining. Whispers in the hyper-space: High-speed covert channel attacks in the cloud［C］// Proceedings of the 21st USENIX Conference on Security Symposium. 2012:159-173.
［6］ Wu Jing zheng, Wang Yongji, Ding Liping, et al. Improving performance of network covert timing channel through huffman coding［C］// The 2010 FTRA International Symposium on Advances in Cryptography, Security and Applications for Future Computing. 2012:69-79.
［7］ Wu Jingzheng, Ding Liping, Wang Yongji, et al. Identification and evaluation of sharing memory covert timing channel in Xen virtual machines［C］// Proceedings of the 4th IEEE International Conference on Cloud Computing. 2011:283-291.
［8］ Park Younghee, Chang Sang-Yoon, Krishnamurthy L M. Watermarking for detecting freeloader misbehavior in software-defined networks［C］// 2016 International Conference on Computing, Networking and Communications. 2016:1-6.
［9］ Scott-Hayward S, O’Callaghan G, Sezer S. SDN security: A survey［C］// 2013 IEEE SDN For Future Networks and Services. 2013:1-7.
［10］Sezer S, Scott-Hayward S, Chouhan P K, et al. Are we ready for SDN? Implementation challenges for software-defined networks［J］. IEEE Communications Magazine, 2013,51(7):36-43.
［11］Shin Seungwon, Gu Guofei. Attacking software-defined networks: A first feasibility study［C］// Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013:165-166.
［12］Kreutz D, Ramos F, Verissimo P. Towards secure and dependable software-defined networks［C］// Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013:55-60.
［13］Kloti R, Kotronis V, Smith P. OpenFlow: A security analysis［C］// Proceedings of the 21st IEEE International Conference on Network Protocols. 2013:1-6.
［14］戴彬,王航远,徐冠,等. SDN安全探讨：机遇与威胁并存［J］. 计算机应用研究, 2014,31(8):2254-2262.
［15］Jose T， Kurian J. Survey on SDN security mechanisms［J］. International Journal of Computer Applications, 2015,132(14):.32-35.
［16］Hussein A, Elhajj I H, Chehab A, et al. SDN security plane: An architecture for resilient security services［C］// IEEE International Conference on Cloud Engineering Workshop. 2016:54-59.
［17］Shah G, Molina A, Blaze M. Keyboards and covert channels［C］// Proceedings of the 15th conference on USENIX Security Symposium. 2006: Article No. 5.

[1]	WANG Hong-jie, XU Sheng-chao, YANG Bo, MAO Ming-yang, JIANG Jin-ling. Automatic Arrangement Method of Cloud Network Security Service Chain Based on SRv6 Technology [J]. Computer and Modernization, 2024, 0(01): 1-5.
[2]	HU Chong-jia, LIU Jin-zhou, FANG Li. Unsupervised Domain Adaptation for Outdoor Point Cloud Semantic Segmentation [J]. Computer and Modernization, 2024, 0(01): 74-79.
[3]	HUANG Yu-ting, CHEN Lin, LIN Hong-gang, . An Importance Assessment Method of Network Assets in Critical Information Infrastructure Based on Percolation Theory [J]. Computer and Modernization, 2023, 0(11): 51-56.
[4]	CHEN Chen, ZHUANG Yi, GAO Zeng. QoE-driven High-availability Transmission Framework for SDN [J]. Computer and Modernization, 2023, 0(11): 62-68.
[5]	LI Xiang, ZHUANG Yi. Critical Fault Point Identification Method for Routing Algorithms Using XGBoost [J]. Computer and Modernization, 2023, 0(11): 75-81.
[6]	JIANG Hou-hai, ZHUANG Yi, CAO Zi-ning. A Fast Failure Recovery Scheme for SDN Based on Flow Aggregation and Congestion Avoidance [J]. Computer and Modernization, 2023, 0(10): 77-83.
[7]	WANG Hong-jie, XU Sheng-chao. Clustering Method of Cloud Platform Abnormal Transmission Data Based on Hilbert Similarity [J]. Computer and Modernization, 2023, 0(09): 27-31.
[8]	YANG Liu-qing, WANG Chong. Personalized Recommendation Method of Web Service Resources Based on Maximum Entropy [J]. Computer and Modernization, 2023, 0(09): 32-37.
[9]	JIANG Hou-hai, ZHUANG Yi, CAO Zi-ning. SDN Reliability Evaluation Algorithm Based on Improved BDD [J]. Computer and Modernization, 2023, 0(09): 64-69.
[10]	XIAO Hang, LI Peng, MA Hui-ping, ZHU Feng, . RFID System Security Analysis Model Based on Stochastic Petri Net [J]. Computer and Modernization, 2023, 0(09): 105-114.
[11]	CHEN Gang, WANG Zhi-jian, XU Sheng-chao. Mobile Edge Computing Task Offloading Based on Feasible Point Tracking Continuous#br# Convex Approximation [J]. Computer and Modernization, 2023, 0(08): 93-97.
[12]	YANG Bo, XU Sheng-chao. Security Protection Method of Cloud Network Special Line Scenarios Based on SRv6#br# Service Chain [J]. Computer and Modernization, 2023, 0(08): 107-111.
[13]	LEI Yi-han, CAO Li-feng, HAN Meng-da, HAN Xue. Security Handover Architecture and Method for Software Defined Space-ground#br# Integration Network [J]. Computer and Modernization, 2023, 0(08): 119-126.
[14]	WANG Liu, ZHU Yi-xin, HAN Li-ying. Opinion Leaders Mining Method Based on Improved Hits Algorithm [J]. Computer and Modernization, 2023, 0(06): 39-42.
[15]	LI Jin-hai, HU Xu. Analysis of Hot Topics of College Online Public Opinion Based on Baidu Tieba [J]. Computer and Modernization, 2020, 0(09): 12-18.