Software-Defined Adversarial Trajectory Sampling

TL;DR

SoftATS is an OpenFlow-based system that detects malicious or compromised network devices by monitoring packet trajectories, addressing hardware trust issues in modern network routing protocols.

Contribution

It introduces a novel, secure, and adaptive sampling scheme for trajectory monitoring that can identify adversarial switches even when they attempt to reroute, drop, or modify packets.

Findings

Effective detection of adversarial switches in various attack scenarios

Proof-of-concept implementation demonstrating practical feasibility

Performance overheads are manageable in real-world settings

Abstract

Today's routing protocols critically rely on the assumption that the underlying hardware is trusted. Given the increasing number of attacks on network devices, and recent reports on hardware backdoors this assumption has become questionable. Indeed, with the critical role computer networks play today, the contrast between our security assumptions and reality is problematic. This paper presents Software-Defined Adversarial Trajectory Sampling (SoftATS), an OpenFlow-based mechanism to efficiently monitor packet trajectories, also in the presence of non-cooperating or even adversarial switches or routers, e.g., containing hardware backdoors. Our approach is based on a secure, redundant and adaptive sample distribution scheme which allows us to provably detect adversarial switches or routers trying to reroute, mirror, drop, inject, or modify packets (i.e., header and/or payload). We evaluate the effectiveness of our approach in different adversarial settings, report on a proof-of-concept implementation, and provide a first evaluation of the performance overheads of such a scheme.