Preventing Timing Side-Channel Attacks in Software-Defined Networks

Software-defined networking (SDN) is a technology for programming and efficiently managing networks. SDNs are prone to numerous threats, such as Distributed Denial of Service (DDoS), Man-in-the-middle, ARP Spoofing, Side-channels, and several other attacks. Separation of the data plane from the control plane makes SDN vulnerable to timing side-channel attacks. By comparing the response time of probe queries, an adversary can infer a pattern of request, which can invoke the controller and eventually discover information about the network. An adversary can apply these attacks to extract flow tables, routes, controller type, ports, etc. In this paper, we propose a novel security solution 'Netkasi' (kasi means `hide' in Esperanto), to counter timing side-channel attacks in SDN. This solution hides the original response time information from the attacker and provides random response timing. As this security solution is designed to integrate with SDN, its architecture ensures minimal impact on the network traffic and consumption of network resources. The current solutions are a massive overhead on the network, whereas `Netkasi' is implemented as a peripheral solution having its resources without causing significant overhead on the traffic. Analysis of the overall design shows that our solution is effective for the prevention of timing side-channel attacks in SDN.