EFFICIENT MECHANISM FOR SECURING SOFTWARE DEFINED NETWORK AGAINST ARP SPOOFING ATTACK
Software Defined Network SDN is a new emerging paradigm of networking which decouples the data plane and the control plane. It is expected to be a solution to overcome the limitations of traditional networks. Conventional networks had several security problems, some of them disappeared by SDN and some others still exist such as Address Resolution Protocol ARP spoofing. This paper discusses the attacks of ARP spoofing and presents a deep study on the existing solutions either in traditional or SDN environments. A light, reliable, fast and effective mechanism has been proposed to prevent ARP spoofing, without any additional software or hardware by utilising SDN capabilities. In this work, the SDN controller has been extended by a module which checks every ARP packet in network to detect possible spoofed packets and stop them. Experiments were conducted on the simulated environment using Mininet to check the functionality of the proposed mechanism. The simulation results showed that the proposed mechanism is robust against ARP spoofing attack.
Abdelsalam, A. M. and El-sisi, A. B. (2015) ‘Mitigating ARP Spoofing Attacks in Software-Defined Networks’, ICCTA 2015, At Alexandria, Egypt, (October).
Alharbi, T. et al. (2016) ‘Securing ARP in Software Defined Networks’, Proceedings - Conference on Local Computer Networks, LCN, pp. 523–526. doi: 10.1109/LCN.2016.83.
Alsmadi, I. and Xu, D. (2015) ‘Security of Software Defined Networks: A Survey’, Computers and Security. Elsevier Ltd, 53, pp. 79–106. doi: 10.1016/j.cose.2015.05.006.
Balagopal, D., Agnise, X. and Rani, K. (2017) ‘Empowering SDN Firewall against ARP Poison Routing’, International Journal of Applied Engineering Research ISSN, 12(18), pp. 973–4562. Available at: http://www.ripublication.com.
Benson, T., Akella, A. and Maltz, D. (2009) ‘Unraveling the complexity of network management’, 6th USENIX Symposium on Networked Systems Design and Implementation, pp. 335–348. doi: 10.1007/978-1-59745-177-2_17.
Biondi, P. (2019) Scapy. Available at: https://scapy.net/.
Brooks, M. and Yang, B. (2015) ‘A Man-in-the-Middle attack against OpenDayLight SDN controller’, Proceedings of the 4th Annual ACM Conference on Research in Information Technology - RIIT ’15, pp. 45–49. doi: 10.1145/2808062.2808073.
Cho, I. (2019) Introduction to Mininet. Available at: https://github.com/mininet/mininet/wiki/Introduction-to-Mininet.
Klöti, R., Kotronis, V. and Smith, P. (2013) ‘OpenFlow: A security analysis’, in 21st IEEE International Conference on Network Protocols (ICNP). Goettingen: IEEE, pp. 1–6. doi: 10.1109/ICNP.2013.6733671.
Kreutz, D. et al. (2015) ‘Software-defined networking: A comprehensive survey’, Proceedings of the IEEE, 103(1), pp. 14–76. doi: 10.1109/JPROC.2014.2371999.
Kreutz, D., Ramos, F. M. V. and Verissimo, P. (2013) ‘Towards secure and dependable software-defined networks’, Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking - HotSDN ’13, p. 55. doi: 10.1145/2491185.2491199.
Lantz, B., Heller, B. and McKeown, N. (2010) ‘A Network in a Laptop’, Proceedings of the Ninth ACM SIGCOMM Workshop on Hot Topics in Networks - Hotnets ’10, pp. 1–6. doi: 10.1145/1868447.1868466.
Li, D., Hong, X. and Bowman, J. (2011) ‘Evaluation of security vulnerabilities by using ProtoGENI as a launchpad’, GLOBECOM - IEEE Global Telecommunications Conference, pp. 1–6. doi: 10.1109/GLOCOM.2011.6134465.
Masoud, M. Z., Jaradat, Y. and Jannoud, I. (2015) ‘On preventing ARP poisoning attack utilizing Software Defined Network (SDN) paradigm’, 2015 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies, AEECT 2015, pp. 0–4. doi: 10.1109/AEECT.2015.7360549.
Nehra, A., Tripathi, M. and Gaur, M. S. (2017) ‘FICUR: Employing SDN programmability to secure ARP’, 2017 IEEE 7th Annual Computing and Communication Workshop and Conference, CCWC 2017. doi: 10.1109/CCWC.2017.7868450.
Scott-Hayward, S., O’Callaghan, G. and Sezer, S. (2013) ‘SDN Security: A Survey’, SDN4FNS 2013 - 2013 Workshop on Software Defined Networks for Future Networks and Services, pp. 1–7. doi: 10.1109/SDN4FNS.2013.6702553.
Solomon, N. (2015) Mitigating Layer 2 Attacks: Re-Thinking the Division of Labor. The Interdisciplinary Center, Herzliya.
Song, M. S. et al. (2014) ‘DS-ARP: A new detection
It is the policy of the Journal of Duhok University to own the copyright of the technical contributions. It publishes and facilitates the appropriate re-utilize of the published materials by others. Photocopying is permitted with credit and referring to the source for individuals use.
Copyright © 2017. All Rights Reserved.