P4Runtime Security and Man-in-the-Middle Attacks

Bachelor thesis (2022)

Authors

A. Katsikis Electrical Engineering, Mathematics and Computer Science

Contributors

F.A. Kuipers Embedded Systems - EEMCS (supervisor 1)
C. Ji Embedded Systems - EEMCS (supervisor 1)
M.L. Molenaar Computer Graphics and Visualisation - EEMCS (supervisor 2)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2022 Areti Katsikis
P4Runtime MITM Mininet P4
More Info
expand_more

Published Date

22-06-2022

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

In software defined networking a controller can control where the data-plane routes packets to. Programmable data-planes make networks even more flexible, as the algorithms on the data-plane can be updated. The P4 programming language can be used to program data-planes, and the P4Runtime data-plane API can be used for controller to data-plane communication. The possibility of man-in-the-middle attacks when using P4Runtime was investigated. Man-in-the-middle attacks are possible either between the controller and data-plane, or between two hosts on the network. A virtual network in Mininet was used to try and demonstrate the difference between secure and insecure channels in these two scenarios. A malicious controller can take control of a switch in order to use it for man-in-the-middle attacks when the P4Runtime channel is insecure, but not in a secure channel. The man-in-the-middle attack between the controller and switch was not achieved due to the switches in Mininet only running on localhost and not being able to run the controller in-band. It was concluded that it is indeed recommended to only use secure P4Runtime channels, and possible extensions to this research could be to attempt the same experiment using a different setup or to research the effects that a successful man-in-the-middle attack can have.