Order P4-66: Characterizing and mitigating surreptitious programmable network device exploitation

TL;DR

This paper investigates a new security threat where attackers control programmable network devices to cause significant damage while evading detection, highlighting vulnerabilities and proposing mitigation strategies.

Contribution

It characterizes how compromised programmable network hardware can be exploited to degrade network performance stealthily and offers recommendations for defense.

Findings

Compromised devices can cause large performance drops with few targeted packets.

Programmable hardware enables precise, selective packet attacks.

Encryption and redundancy can mitigate attack impacts.

Abstract

Substantial efforts are invested in improving network security, but the threat landscape is rapidly evolving, particularly with the recent interest in programmable network hardware. We explore a new security threat, from an attacker who has gained control of such devices. While it should be obvious that such attackers can trivially cause substantial damage, the challenge and novelty are in doing so while preventing quick diagnosis by the operator. We find that compromised programmable devices can easily degrade networked applications by orders of magnitude, while evading diagnosis by even the most sophisticated network diagnosis methods in deployment. Two key observations yield this result: (a) targeting a small number of packets is often enough to cause disproportionate performance degradation; and (b) new programmable hardware is an effective enabler of careful, selective targeting of packets. Our results also point to recommendations for minimizing the damage from such attacks, ranging from known, easy to implement techniques like encryption and redundant requests, to more complex considerations that would potentially limit some intended uses of programmable hardware. For data center contexts, we also discuss application-aware monitoring and response as a potential mitigation.