Network fingerprinting via timing attacks and defense in software defined networks

Software-Defined Networking (SDN) is becoming a native networking model for next-generation networks. However, with its decoupled architecture, SDN is susceptible to reconnaissance through time inference attacks. Attackers can use probing-based measurements and gather information such as network type and flow table size. In this paper, an automated attacker tool called RAFA is proposed to infer network type (SDN or traditional) and flow rule timeout values (hard and idle). Moreover, a lightweight defense mechanism to randomize rule timeouts with respect to network status is described. A comprehensive simulation setup with different network conditions shows that the proposed methods achieve a superior success rate in diverse settings.