Controlling your neighbour’s bandwidth for fun and for profit

Jonathan Weekes, Shishir Nagaraja

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

Abstract

We carry out a systematic study of the attack-resilience of flow-rule replacement strategies for switch caches in Software-Defined Networks. Flow Rules are inserted into the switch at the request of the network hosts to direct traffic- replacing older rules when the switch flow table is full. Malicious hosts can leverage the flow rule replacement strategy to launch cache flushing attacks. This results in substantially reducing the network throughput of their neighbours forcing their traffic to slow down dramatically. We describe and evaluate the attack on the First-In-First-Out strategy- the defacto SDN flow-rule replacement strategy.

LanguageEnglish
Title of host publicationSecurity Protocols XXV - 25th International Workshop, Revised Selected Papers
EditorsFrank Stajano, Bruce Christianson, Vashek Matyas, Jonathan Anderson
Place of PublicationCham
PublisherSpringer-Verlag
Pages214-223
Number of pages10
ISBN (Print)9783319710747
DOIs
Publication statusPublished - 1 Jan 2017
Event25th International Workshop on Security Protocols, 2017 - Cambridge, United Kingdom
Duration: 20 Mar 201722 Mar 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10476 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference25th International Workshop on Security Protocols, 2017
CountryUnited Kingdom
CityCambridge
Period20/03/1722/03/17

Fingerprint

Profit
Profitability
Bandwidth
Switches
Replacement
Switch
Attack
Cache
Traffic
Throughput
Resilience
Leverage
Forcing
Table
Software
Strategy
Evaluate
Software defined networking

Keywords

  • bandwidth
  • network security
  • attack resiliences
  • malicious host
  • network hosts

Cite this

Weekes, J., & Nagaraja, S. (2017). Controlling your neighbour’s bandwidth for fun and for profit. In F. Stajano, B. Christianson, V. Matyas, & J. Anderson (Eds.), Security Protocols XXV - 25th International Workshop, Revised Selected Papers (pp. 214-223). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10476 LNCS). Cham: Springer-Verlag. https://doi.org/10.1007/978-3-319-71075-4_23
Weekes, Jonathan ; Nagaraja, Shishir. / Controlling your neighbour’s bandwidth for fun and for profit. Security Protocols XXV - 25th International Workshop, Revised Selected Papers. editor / Frank Stajano ; Bruce Christianson ; Vashek Matyas ; Jonathan Anderson. Cham : Springer-Verlag, 2017. pp. 214-223 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{e86781e53a0d4e5c869e83e7b148456a,
title = "Controlling your neighbour’s bandwidth for fun and for profit",
abstract = "We carry out a systematic study of the attack-resilience of flow-rule replacement strategies for switch caches in Software-Defined Networks. Flow Rules are inserted into the switch at the request of the network hosts to direct traffic- replacing older rules when the switch flow table is full. Malicious hosts can leverage the flow rule replacement strategy to launch cache flushing attacks. This results in substantially reducing the network throughput of their neighbours forcing their traffic to slow down dramatically. We describe and evaluate the attack on the First-In-First-Out strategy- the defacto SDN flow-rule replacement strategy.",
keywords = "bandwidth, network security, attack resiliences, malicious host, network hosts",
author = "Jonathan Weekes and Shishir Nagaraja",
year = "2017",
month = "1",
day = "1",
doi = "10.1007/978-3-319-71075-4_23",
language = "English",
isbn = "9783319710747",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag",
pages = "214--223",
editor = "Frank Stajano and Bruce Christianson and Vashek Matyas and Jonathan Anderson",
booktitle = "Security Protocols XXV - 25th International Workshop, Revised Selected Papers",

}

Weekes, J & Nagaraja, S 2017, Controlling your neighbour’s bandwidth for fun and for profit. in F Stajano, B Christianson, V Matyas & J Anderson (eds), Security Protocols XXV - 25th International Workshop, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10476 LNCS, Springer-Verlag, Cham, pp. 214-223, 25th International Workshop on Security Protocols, 2017, Cambridge, United Kingdom, 20/03/17. https://doi.org/10.1007/978-3-319-71075-4_23

Controlling your neighbour’s bandwidth for fun and for profit. / Weekes, Jonathan; Nagaraja, Shishir.

Security Protocols XXV - 25th International Workshop, Revised Selected Papers. ed. / Frank Stajano; Bruce Christianson; Vashek Matyas; Jonathan Anderson. Cham : Springer-Verlag, 2017. p. 214-223 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10476 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

TY - GEN

T1 - Controlling your neighbour’s bandwidth for fun and for profit

AU - Weekes, Jonathan

AU - Nagaraja, Shishir

PY - 2017/1/1

Y1 - 2017/1/1

N2 - We carry out a systematic study of the attack-resilience of flow-rule replacement strategies for switch caches in Software-Defined Networks. Flow Rules are inserted into the switch at the request of the network hosts to direct traffic- replacing older rules when the switch flow table is full. Malicious hosts can leverage the flow rule replacement strategy to launch cache flushing attacks. This results in substantially reducing the network throughput of their neighbours forcing their traffic to slow down dramatically. We describe and evaluate the attack on the First-In-First-Out strategy- the defacto SDN flow-rule replacement strategy.

AB - We carry out a systematic study of the attack-resilience of flow-rule replacement strategies for switch caches in Software-Defined Networks. Flow Rules are inserted into the switch at the request of the network hosts to direct traffic- replacing older rules when the switch flow table is full. Malicious hosts can leverage the flow rule replacement strategy to launch cache flushing attacks. This results in substantially reducing the network throughput of their neighbours forcing their traffic to slow down dramatically. We describe and evaluate the attack on the First-In-First-Out strategy- the defacto SDN flow-rule replacement strategy.

KW - bandwidth

KW - network security

KW - attack resiliences

KW - malicious host

KW - network hosts

UR - http://www.scopus.com/inward/record.url?scp=85037845217&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-71075-4_23

DO - 10.1007/978-3-319-71075-4_23

M3 - Conference contribution book

SN - 9783319710747

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 214

EP - 223

BT - Security Protocols XXV - 25th International Workshop, Revised Selected Papers

A2 - Stajano, Frank

A2 - Christianson, Bruce

A2 - Matyas, Vashek

A2 - Anderson, Jonathan

PB - Springer-Verlag

CY - Cham

ER -

Weekes J, Nagaraja S. Controlling your neighbour’s bandwidth for fun and for profit. In Stajano F, Christianson B, Matyas V, Anderson J, editors, Security Protocols XXV - 25th International Workshop, Revised Selected Papers. Cham: Springer-Verlag. 2017. p. 214-223. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-71075-4_23