Search for: All records

Given the scale and mission-critical nature of production networks today, it is essential to solidify their resilience to link failures. Building this resilience in each application separately is not scalable. In order to minimize downtime, at least some degree of resilience should be built directly into the data plane. Fast Failover groups in OpenFlow offer a mechanism to achieve this, but programming them introduces additional complexity to the existing arduous task of developing an SDN controller application. In this paper, we discuss how this complexity can be decoupled from the controller implementation. We introduce FORTIFY, a transparent resiliency layer that incorporates data plane fault tolerance into any existing controller application without any modification to it. FORTIFY operates as a shim layer between the controller and the data plane, and dynamically transforms the data plane rules computed by the controller to use Fast Failover groups. FORTIFY can be used off-The-shelf, or customized programmatically to choose specific types of backup paths. Experimental results collected on a production testbed demonstrate that FORTIFY is a practical, high-performance solution to data plane fault tolerance in SDNs. 

Abstract In recent years, we have seen rapid growth in the use and adoption of Internet of Things (IoT) devices. However, some loT devices are sensitive in nature, and simply knowing what devices a user owns can have security and privacy implications. Researchers have, therefore, looked at fingerprinting loT devices and their activities from encrypted network traffic. In this paper, we analyze the feasibility of fingerprinting IoT devices and evaluate the robustness of such fingerprinting approach across multiple independent datasets — collected under different settings. We show that not only is it possible to effectively fingerprint 188 loT devices (with over 97% accuracy), but also to do so even with multiple instances of the same make-and-model device. We also analyze the extent to which temporal, spatial and data-collection-methodology differences impact fingerprinting accuracy. Our analysis sheds light on features that are more robust against varying conditions. Lastly, we comprehensively analyze the performance of our approach under an open-world setting and propose ways in which an adversary can enhance their odds of inferring additional information about unseen devices (e.g., similar devices manufactured by the same company).