Covert channel by abusing host-mobility

3 views

Skip to first unread message

Liron Schiff

unread,

Dec 2, 2021, 3:42:36 PM12/2/21

to onos-tech-s...@onosproject.org, Amir Sabzi, Kashyap Thimmaraju, Stefan Schmid, sa...@cs.ubc.ca, Blenk, Andreas

Hi,

We would like to inform you that we have found a scenario in which two hosts in separate networks, but such that are managed by the same host-mobility application instance (same controller), can communicate by spoofing each other source MAC address and measuring RTT changes. Attached are figures from our research paper describing the potential covert channel, which we name Macchiato. We tested it with ONOS in a mininet network with P4 and OpenFlow.

As countermeasures, we suggest that old mobility flow entries will be deleted by (idle) timeouts instead of mobility events (same MAC identified by another switch), unless the new path intersects the old one (so they are in the same network). Another straightforward solution is not to use the same controller for separate networks.

Please let us know if you need more details and if you have any comments.

Thanks,

Liron, Amir, Kashyap, Andreas and Stefan.

Machiato-MSC.pdf

Abstraction.pdf

Reply all

Reply to author

Forward

0 new messages