Show simple item record

dc.contributor.advisorMcEachen, John
dc.contributor.advisorBeverly, Rob
dc.contributor.authorFischer, Briana D.
dc.contributor.authorLato, Anita M.
dc.dateSep-16
dc.date.accessioned2016-11-02T17:18:28Z
dc.date.available2016-11-02T17:18:28Z
dc.date.issued2016-09
dc.identifier.urihttp://hdl.handle.net/10945/50541
dc.description.abstractIn contrast to traditional networks, Software Defined Networking (SDN) allows the programming of network functions via an Application Programming Interface (API). The ability to implement the APIs in software is advantageous for traffic manipulation in SDN. With automated logic being programmed into a centralized component of the SDN, network operators are presented with new and scalable methods for traffic manipulation. Enterprises and Internet Service Providers of all sizes can implement these techniques to great effect. Of particular concern are large state-owned providers. A motivation for this thesis came from a case study on China's Great Cannon and how the operators redirect benign traffic via content injection. In a technically similar fashion, we implemented targeted redirection on a software-defined network. Our experimentation demonstrates how an owner of the network can use man-in-the-middle (MiTM) techniques to redirect the traffic of unknowing users. To enable these techniques we wrote a MiTM application to redirect targeted users to a malicious server. Within a multi-switch test bed, our experimental results show that forcing our MiTM application to pass the injected response packet on a directed path to the switch closest to the targeted destination reduces the overall response time. In addition to testing for a route that would reduce overall HTTP response times, we illustrate the technical requirements of the attack in our MiTM taxonomy.en_US
dc.description.urihttp://archive.org/details/ataxonomyforsoft1094550541
dc.publisherMonterey, California: Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleA taxonomy for software-defined networking, man-in-the-middle attacksen_US
dc.typeThesisen_US
dc.contributor.departmentComputer Science
dc.subject.authorsoftware-defined networkingen_US
dc.subject.authorman in the middleen_US
dc.subject.authoriframe injectionen_US
dc.subject.authoropenflowen_US
dc.subject.authorRyuen_US
dc.subject.authorminineten_US
dc.description.serviceCivilian, Department of Defenseen_US
dc.description.serviceCivilian, Department of Defenseen_US
etd.thesisdegree.nameMaster of Science in Computer Scienceen_US
etd.thesisdegree.levelMastersen_US
etd.thesisdegree.disciplineComputer Scienceen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US
dc.description.distributionstatementApproved for public release; distribution is unlimited.


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record