Show simple item record

dc.contributor.authorKatongole, Joseph
dc.contributor.authorOdongo, Steven Eyobu
dc.contributor.authorKasyoka, Philemon
dc.contributor.authorOyana, Tonny J.
dc.date.accessioned2022-06-07T09:36:48Z
dc.date.available2022-06-07T09:36:48Z
dc.date.issued2022-05
dc.identifier.citationElectronics 2022, 11, 1581.en_US
dc.identifier.urihttps://doi.org/10.3390/electronics11101581
dc.identifier.urihttp://repository.embuni.ac.ke/handle/embuni/4079
dc.description.abstractn software defined networks (SDNs), the controller is a critical resource, yet it is a potential target for attacks as well. The conventional OpenFlow Discovery Protocol (OFPD) used in building the topological view for the controller has vulnerabilities that easily allow attackers to poison the network topology by creating fabricated links with malicious effects. OFDP makes use of the link layer discovery protocol (LLDP) to discover existing links. However, the LLDP is not efficient at fabricated link detection. Existing approaches to mitigating this problem have mostly been passive approaches that depend on observing unexpected behaviour. Examples of such behaviour include link latency and packet patterns to trigger attack alerts. The problem with the existing solutions is that their implementations cause longer link discovery time. This implies that a dense SDN would suffer from huge delays in the link discovery process. In this study, we propose a link fabrication attack (LFA) mitigation approach (LiFAMA), which is an active mitigation approach and one that minimises the link discovery time. The approach uses LLDP packet authentication together with keyed-hashbased message authentication code (HMAC) and a link verification database (PostgreSQL) that stores records of all known and verified links in the network. This approach was implemented in an emulated SDN environment using Mininet and a Python-based open-source OpenFlow (POX) controller. The results show that the approach detects fabricated links in an SDN in real time and helps mitigate them. Additionally, the link discovery time of LiFAMA out-competes that of an existing LFA mitigation approach.en_US
dc.language.isoenen_US
dc.publisherMDPIen_US
dc.subjectSDN securityen_US
dc.subjectlink verificationen_US
dc.subjecttopology discoveryen_US
dc.titleA Link Fabrication Attack Mitigation Approach (LiFAMA) for Software Defined Networksen_US
dc.typeArticleen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record