Abstract

Software defined networking (SDN) presents opportunities for improving network management, mainly thanks to the centralized controller separated from forwarding devices. On the other hand, security in SDN is a complicated issue: SDN both inherits vulnerabilities from traditional networks through common protocols and introduces new problems due to the risks associated with softwarization. Dynamic host configuration protocol (DHCP) is an essential protocol in SDNs as well and the security risks of DHCP also menace SDNs. In this study, we have analyzed the security of the built-in DHCP services on three popular SDN controllers: POX, ONOS and Floodlight. Our results indicate that they are vulnerable to starvation attacks, and DHCP discovery message floods can also be used to launch denial-of-service attacks, slowing down networks and overloading controllers. To counter these issues, we examined state-of-the-art DHCP security methodologies and assessed their applicability to the built-in DHCP servers of SDN controllers. Considering our assessment, we have designed and implemented a DHCP security module on the POX controller, DHCPguard, utilizing DHCP snooping, rate limiting, and IP pool recovery functions. Our findings show that DHCPguard successfully blocks malicious DHCP messages, recovers the IP address pool, and alleviates the negative effects of DHCP related attacks on the network without significant overhead. DHCPguard is able to increase throughput by up to 94% and decrease CPU usage by up to 92% compared to plain POX under DHCP attack scenarios performed on simple and complex topologies.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.