A Novel TCP/IP Header Hijacking Attack on SDN

Authors

Ali Akbar Mohammadi, Innopolis University
Rasheed Hussain, University of Bristol
Alma Oracevic, University of Bristol
Syed Muhammad Ahsan Raza Kazmi, University of the West of England
Fatima Hussain, Kennesaw State University
Moayad Aloqaily, Royal Bank of CanadaFollow
Junggab Son, Mohamed Bin Zayed University of Artificial Intelligence

Document Type

Conference Proceeding

Publication Title

INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops

Abstract

Middlebox is primarily used in Software-Defined Network (SDN) to enhance operational performance, policy compliance, and security operations. Therefore, security of the middlebox itself is essential because incorrect use of the middlebox can cause severe cybersecurity problems for SDN. Existing attacks against middleboxes in SDN (for instance, middleboxbypass attack) use methods such as cloned tags from the previous packets to justify that the middlebox has processed the injected packet. Flowcloak as the latest solution to defeat such an attack creates a defence using a tag by computing the hash of certain parts of the packet header. However, the security mechanisms proposed to mitigate these attacks are compromise-able since all parts of the packet header can be imitated, leaving the middleboxes insecure. To demonstrate our claim, we introduce a novel attack against SDN middleboxes by hijacking TCP/IP headers. The attack uses crafted TCP/IP headers to receive the tags and signatures and successfully bypasses the middleboxes.

DOI

10.1109/INFOCOMWKSHPS54753.2022.9798234

Publication Date

5-2022

Keywords

Middleboxes, SDN, TCPIP hijacking, Computer security

Comments

IR conditions: non-described

Recommended Citation

A. A. Mohammadi et al., "A Novel TCP/IP Header Hijacking Attack on SDN," IEEE INFOCOM 2022 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), New York, NY, USA, 2022, pp. 1-2, doi: 10.1109/INFOCOMWKSHPS54753.2022.9798234.