ACST: Audit-based compromised switch tolerance for enhancing data plane robustness in software-defined networking

摘要

Software-defined networking has stimulated the worldwide interests in both academia and industry for its proven advantages. However, switches in data plane are more vulnerable due to malicious attacks. Consequently, the network may consist of a switch misguiding phenomenon: the switches are compromised by the attackers and send the faked statistics while interacting with the controller to mislead the control decision (e.g., optimal routing).In this paper, we introduce an audit-based compromised switch tolerance (ACST) scheme, which aims at tolerating compromised switches and dealing with switch misguiding phenomenon when switches are trustless. Our main idea is to audit the statistics (specifically, state messages) delivered by switches not only to make the controller receive the correct messages but also to identify the compromised switches. Following this idea, we first investigate the switch misguiding phenomenon. Then, we design ACST to ensure that the controller gets the correct state messages even if the compromised switches exist. ACST introduces a special logic plane called fault tolerance proxy plane between data plane and control plane. Each proxy consists of specific function modules, which are used for extracting original state messages and performing statistics auditing. Finally, the proxies output the auditing results, including corrected state messages and the compromised switch IDs. The corresponding algorithm and theoretical proof of its robustness enhancement are also presented. Results show our proposal can successfully resist different manipulating attacks launched by the compromised switches and guarantee a high correctness rate of state messages (approaching 100%). Besides, ACST shows good topological adaptability and produces low overheads. (C) 2019 Elsevier B.V. All rights reserved.