• Home

  • Documents

  • Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN...
17
Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL) STEFAN SCHMID (AALBORG UNIVERSITY, DENMARK) IEEE EURO S&P, PARIS, FRANCE APRIL 2017

Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

  • Upload
    others

  • View
    10

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Outsmarting Network Security with SDN Teleportation

KASHYAP THIMMARAJU (TU BERLIN, GERMANY)

LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

STEFAN SCHMID (AALBORG UNIVERSITY, DENMARK)

IEEE EURO S&P, PARIS, FRANCEAPRIL 2017

Page 2: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Networking Equipment is Critical• It forms a technological foundation for communication

• It contributes to the economy

• Vital for national security

Page 3: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Backdoors, exploits and 0days in Networking Equipment

Page 4: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Backdoors in SDN equipment• Does that introduce new attacks?

• Can we detect backdoor activity?

Page 5: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Software Defined Networking (SDN)is a networking paradigm

● Separated planes● Centralized model

Data plane

Control plane

Switch

Controller

Page 6: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

SDN Teleportation:An attack previously not possible

Traditional Networks

Software Defined Networks

Teleportation

Data plane

Control plane

Controlplane

Page 7: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

SDN Teleportation poses several threats● Bypass security mechanisms

● Attack coordination

● Exfiltration

● Eavesdrop

Page 8: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

The Teleportation Model

1)Switch to Controller

2)Controller to Switches

3)Destination Processing

Switch

Controller

(1) (2)

0110... (3)

Switch

Page 9: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Teleportation Techniques• Out-of-band Forwarding

• Flow (re-)configurations

• Switch Identification

Page 10: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Out-of-band Forwarding Teleportation● Complete packets from one

switch are teleported to

another switch

Packet-in

Packet-Out

Page 11: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Flow (Re-)Configuration Teleportation● Exploit the controllers

centralized control to

reconfigure the network

when a host moves across

the networkPack

et-in

Flow-add Packet-in

Flow-addFlow-delete

Page 12: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Switch Identification Teleportation● Impersonate the

Datapath-ID to

communicate

information Hello

Features-request Features-request

Features-reply

(DPID

=1) Features-reply (DPID=1)

Hello

Page 13: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Attacks using Teleportation● Bypass firewalls, IDS and IPS

● Exfiltration

● Man-in-the-middle

● Rendezvous/Attack coordination

Page 14: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Teleportation Bandwidth

Page 15: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Countermeasures● Packet-in-Packet-Out Watcher

● Audit-Trails and Accountability

● Enhanced IDS with Waypoint Enforcement

Page 16: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Conclusions● Introduced a conceptually novel SDN attack

● Teleportation enables several attacks

● Teleportation has high quality and throughput

● Suggested Teleportation countermeasures

Page 17: Outsmarting Network Security with SDN Teleportation · Outsmarting Network Security with SDN Teleportation KASHYAP THIMMARAJU (TU BERLIN, GERMANY) LIRON SCHIFF (GUARDICORE LABS, ISRAEL)

Questions


Quantum Teleportation original

Quantum Teleportation original

Documents
Experimentalquantum teleportation - KTH€¦ · quantum teleportation escapes the verdict of the no-cloning theorem14. After successful teleportation particle 1 is not available in

Experimentalquantum teleportation - KTH€¦ · quantum teleportation escapes the verdict of the no-cloning theorem14. After successful teleportation particle 1 is not available in

Documents
Outsmarting the smart meter (Jfokus 2017)

Outsmarting the smart meter (Jfokus 2017)

Software
Experimental Quantum Teleportation

Experimental Quantum Teleportation

Documents
"Quantum Teleportation for Dogs"

"Quantum Teleportation for Dogs"

Education
Outsmarting Network Security with SDN Teleportation

Outsmarting Network Security with SDN Teleportation

Documents
Outsmarting traffic together

Outsmarting traffic together

Business
Outsmarting your smartphone

Outsmarting your smartphone

Technology
Quantum computing, teleportation, cryptography Computing Teleportation Cryptography

Quantum computing, teleportation, cryptography Computing Teleportation Cryptography

Documents
Outsmarting your smart meter ebook

Outsmarting your smart meter ebook

Business
Teleportation Technology of the Future is Here!. Agenda Brief description of transportation process. Teleportation that is being used today. How teleportation

Teleportation Technology of the Future is Here!. Agenda Brief description of transportation process. Teleportation that is being used today. How teleportation

Documents
SEMINAR ON QUANTUM TELEPORTATION. CONTENTS Introduction To Quantum Teleportation Introduction To Quantum Teleportation Quantum Teleportation Quantum Teleportation

SEMINAR ON QUANTUM TELEPORTATION. CONTENTS Introduction To Quantum Teleportation Introduction To Quantum Teleportation Quantum Teleportation Quantum Teleportation

Documents
Outsmarting Optical Boundaries

Outsmarting Optical Boundaries

Documents
QSIT Teleportation

QSIT Teleportation

Documents
Outsmarting the Competition: Using Competitive

Outsmarting the Competition: Using Competitive

Documents
Teleportation and Wormholes

Teleportation and Wormholes

Documents
Quantum Teleportation, FLASH RadiotherapyQuantum teleportation, FLASH radiotherapy and the end of electricity from coal Researchers have been raising the bar for quantum teleportation

Quantum Teleportation, FLASH RadiotherapyQuantum teleportation, FLASH radiotherapy and the end of electricity from coal Researchers have been raising the bar for quantum teleportation

Documents
Outsmarting Your Smart Meter

Outsmarting Your Smart Meter

Documents
Teleportation Physics Study

Teleportation Physics Study

Documents
Outsmarting Network Security with SDN Teleportation · SDN paradigm, introduces an opportunity for teleportation: Malicious SDN switches may transmit information via the logically

Outsmarting Network Security with SDN Teleportation · SDN paradigm, introduces an opportunity for teleportation: Malicious SDN switches may transmit information via the logically

Documents
IDENTITY THEFT: Outsmarting the Crooks

IDENTITY THEFT: Outsmarting the Crooks

Documents
Shaking Entanglement Teleportation in Motion · 2012-12-01 · Results - Teleportation in Motion Shaking Entanglement Teleportation in Motion 9thVienna Central European Seminar University

Shaking Entanglement Teleportation in Motion · 2012-12-01 · Results - Teleportation in Motion Shaking Entanglement Teleportation in Motion 9thVienna Central European Seminar University

Documents
OUTSMARTING THE RED QUEEN

OUTSMARTING THE RED QUEEN

Documents
Pkm GT Teleportation

Pkm GT Teleportation

Documents
teleportation(quantum psysics)

teleportation(quantum psysics)

Documents
Quantum teleportation salma

Quantum teleportation salma

Documents
Outsmarting Network Security with SDN Teleportation · •Vital for national security. Backdoors, exploits and 0days in Networking Equipment. Backdoors in SDN equipment •Does that

Outsmarting Network Security with SDN Teleportation · •Vital for national security. Backdoors, exploits and 0days in Networking Equipment. Backdoors in SDN equipment •Does that

Documents
Outsmarting the Computer, Linked Updates

Outsmarting the Computer, Linked Updates

Documents
teleportation recipes

teleportation recipes

Entertainment & Humor
Outsmarting smartphones

Outsmarting smartphones

Technology