An active defense method for timing side-channel attacks on SDN networks

A side-channel attack and active defense technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve the problems of high performance overhead, difficult SDN framework or hardware, compatibility of side-channel defense methods, and achieve the performance overhead. Controllable, low performance overhead effects

Active Publication Date: 2020-12-08
HUAZHONG UNIV OF SCI & TECH +1
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the defects of the prior art, the purpose of the present invention is to solve the technical problems that the performance overhead of the side channel defense method in the prior art is very large, and it is difficult to be compatible with the general SDN framework or hardware in the industry

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An active defense method for timing side-channel attacks on SDN networks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0031] Side channel attacks against SDN networks are mainly used to detect whether it is an SDN network, discover flow tables, detect the load of SDN controllers, discover SDN configuration information and security policies, and so on. And most side channel attacks are based on similar side information, so extracting common features and deploying defense measures for them can effectively strengthen the SDN network's ability to resist side channel attacks. The purpose of the present invention is to break through key technologies such as the search of available side channels in the SDN network, the d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an active defense method for time sequence side channel attacks facing an SDN network. The method comprises the following steps that: after a controller monitors a Packet-In message, the controller issues a first flow table rule and a second flow table rule to a switch which triggers the Packet-In message; the data packet is matched with the first flow table rule, and the switch forwards the data packet to a delay host directly connected with the switch; the delay host captures the data packet and randomly adds delay T to the data packet; at the delay T after the capture moment, the delay host forwards the data packet back to the switch; wherein the first flow table rule is used for forwarding the data packet to the delay host by matching the target IP with the first input port number, and the second flow table rule is used for forwarding the data packet to the next hop switch or the target host by matching the target IP with the second input port number. The Delay host is used for adding delay to the data packet, pre-installing the flow rule and dynamically installing the flow rule during topology change, noise adding and confusion are carried out on side information, judgment of an attacker is interfered, and defending of side channel attacks is achieved.

Description

technical field [0001] The invention belongs to the technical field of defense against side channel attacks, and more particularly relates to an active defense method for timing side channel attacks oriented to an SDN network. Background technique [0002] Since the SDN network is centralized control, when the switch encounters a problem in data forwarding, the switch will send a request to the controller. For example, when the data flow cannot match the flow rules on the switch, the switch will send a request to the controller to inquire about the routing path, and the controller will calculate and install new flow rules into the switch. Until then, the switch is blocked, which increases latency in this case. Therefore, the SDN network has the characteristics of easy access to network information and a unique centralized data packet forwarding control mechanism, and is relatively vulnerable to side channel attacks. [0003] Existing defense methods for side channel attack...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/947H04L29/06
CPCH04L49/252H04L63/1441H04L63/1466
Inventor 邹德清袁斌金海徐鹏方升泽
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products