A taxonomy for software-defined networking, man-in-the-middle attacks

Abstract

In contrast to traditional networks, Software Defined Networking (SDN) allows the programming of network functions via an Application Programming Interface (API). The ability to implement the APIs in software is advantageous for traffic manipulation in SDN. With automated logic being programmed into a centralized component of the SDN, network operators are presented with new and scalable methods for traffic manipulation. Enterprises and Internet Service Providers of all sizes can implement these techniques to great effect. Of particular concern are large state-owned providers. A motivation for this thesis came from a case study on China's Great Cannon and how the operators redirect benign traffic via content injection. In a technically similar fashion, we implemented targeted redirection on a software-defined network. Our experimentation demonstrates how an owner of the network can use man-in-the-middle (MiTM) techniques to redirect the traffic of unknowing users. To enable these techniques we wrote a MiTM application to redirect targeted users to a malicious server. Within a multi-switch test bed, our experimental results show that forcing our MiTM application to pass the injected response packet on a directed path to the switch closest to the targeted destination reduces the overall response time. In addition to testing for a route that would reduce overall HTTP response times, we illustrate the technical requirements of the attack in our MiTM taxonomy.