Mitigating DoS Attacks against SDN Controller Using Information Hiding

Because of SDN centralization nature, denial of service (DoS) attacks have become a prominent concern. In the OpenFlow (OF) protocol, the transport layer security (TLS) protocol is recommended to secure the control channel. Unfortunately, the tasks involved in the proper configuration of a secured TLS are very challenging. Even worse, TLS is made an optional mode of communication in OF. As a consequence, some OF-enabled switches and controllers do not adopt TLS. In this paper, we develop a lightweight authentication mechanism, called Hidden Authentication (HiAuth), to protect SDN controller against DoS attacks. HiAuth legitimizes SDN forwarding devices by hiding authentication information into the header of control channel packets. Our experimental results prove that HiAuth is lightweight and can not only mitigate DoS attacks, but also provide high undetectability to the attacker.