Exploitation of P4 Programmable Switch Networks

Bachelor thesis (2022)

Authors

M.W.G. Frensel Electrical Engineering, Mathematics and Computer Science

Contributors

F.A. Kuipers Embedded Systems - EEMCS (supervisor 1)
C. Ji Embedded Systems - EEMCS (supervisor 1)
M.L. Molenaar Computer Graphics and Visualisation - EEMCS (supervisor 2)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2022 Mees Frensel
More Info
expand_more

Published Date

22-06-2022

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

P4 programmable data-planes provide operators with a flexible method to set up data-plane forwarding logic. To deploy networks with confidence, a switch's forwarding logic should correspond with its intended behavior. Programs loaded onto programmable data-planes don't necessarily go through as much testing as traditional fixed-function devices from large manufacturers. Security is therefore of utmost importance.

The main question this research attempts to answer, is whether a single compromised P4 switch can corrupt the entire (P4) network. In this scenario the attacker already has access to the compromised switch, and the assumption is made that all devices blindly trust each other. Two load balancing schemes are investigated, Clove-ECN and HULA. The former performs load balancing on the hosts, and results show that switches can transparently influence traffic flow by manipulating the ECN bits. The latter is designed for implementation on the data-plane, e.g. using P4, and we can conclude that HULA is susceptible to attacks by spoofing probe packets with false data.