Secure address resolution protocol proxy in software defined network

Ethernet is one of the most important and dominant protocols residing in the second layer of the seven-layer Open Systems Interconnection (OSI) model. It has many features such as simplicity, ease, and low-cost. All these advantages have enabled it to spread widely in all types of network topology,...

Full description

Bibliographic Details
Main Author: Munther, Munther Numan
Format: Thesis
Language:English
Published: 2018
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/68587/1/FK%202018%2047%20-%20IR.pdf
Description
Summary:Ethernet is one of the most important and dominant protocols residing in the second layer of the seven-layer Open Systems Interconnection (OSI) model. It has many features such as simplicity, ease, and low-cost. All these advantages have enabled it to spread widely in all types of network topology, and therefore Ethernet ports become an essential part of computer and network architecture. Despite its advantages, Ethernet suffers from scalability issue where the increasing number of hosts in a single broadcast domain will significantly increase the number of broadcast traffic in the network. Address Resolution Protocol (ARP) proxy is regarded as one of the best solutions to reduce broadcast traffic in a single broadcast domain, where ARP normally constitutes the bulk size of the broadcast traffic. With the emergence of Software Defined Network (SDN) based architecture, researchers exploited the SDN features and ARP proxy by enabling SDN controller with ARP proxy feature to suppress the broadcast traffic. In the existing literature, most works have focused on suppressing the broadcast traffic without changing the network architecture or adding new equipment. However, the security aspect has been neglected and attackers can easily exploit the inherent security limitation of ARP working principle to penetrate the network. Note that the SDN controller can be reached by ARP broadcast traffic with a single hop, and since the ARP can be easily manipulated by attackers, this scenario may eventually lead to the increase of attack probability on SDN controller. Two common ARP-based attacks that can be initiated are ARP spoofing and ARP storm. In this thesis, a secure ARP proxy with SDN controller is proposed in order to provide full protection to SDN controller and network host from ARP-based attacks. Therefore, the proposed approach contains collecting information algorithm, ARP storm attack detection algorithm, and ARP spoofing attack detection algorithm. In addition, ARP based attack detection technique combines ARP storm and ARP spoofing detection algorithms. In general, the proposed approach will check incoming ARP request packet before replying to ARP request. In case found any wrong information in ARP received packet; the proposed approach will consider the packet sender is the attacker and insert sender information to ARP-based attacks tables. In order to demonstrate the efficiency of the proposed approach, several attack scenarios are developed in a Mininet testbed. The attack scenarios consisted of various potential attack combinations that can be initiated by attackers, malicious or even normal hosts. The analysis of simulation and testbed results indicated that the proposed approach achieved 100% suppresses of ARP broadcast traffic in the broadcast domain. In addition, it was also successful in protecting the network from ARP-based attacks where the true positive ratio of attack detection for the first stage was 57.14% and, for the second stage is 66.66%, while it reached 100% in the final stage. Meanwhile, the CPU consumption for SDN controller of the proposed approach is increased in comparison with the general SDN controller with ARP proxy feature.