Cargando…
Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks
OpenFlow makes a network highly flexible and fast-evolving by separating control and data planes. The control plane thus becomes responsive to changes in topology and load balancing requirements. OpenFlow also offers a new approach to handle security threats accurately and responsively. Therefore, i...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7213737/ https://www.ncbi.nlm.nih.gov/pubmed/32392261 http://dx.doi.org/10.1371/journal.pone.0232574 |
| _version_ | 1783531849189949440 |
|---|---|
| author | Al-Ani, Ayman Anbar, Mohammed Laghari, Shams A. Al-Ani, Ahmed K. |
| author_facet | Al-Ani, Ayman Anbar, Mohammed Laghari, Shams A. Al-Ani, Ahmed K. |
| author_sort | Al-Ani, Ayman |
| collection | PubMed |
| description | OpenFlow makes a network highly flexible and fast-evolving by separating control and data planes. The control plane thus becomes responsive to changes in topology and load balancing requirements. OpenFlow also offers a new approach to handle security threats accurately and responsively. Therefore, it is used as an innovative firewall that acts as a first-hop security to protect networks against malicious users. However, the firewall provided by OpenFlow suffers from Internet protocol version 6 (IPv6) fragmentation, which can be used to bypass the OpenFlow firewall. The OpenFlow firewall cannot identify the message payload unless the switch implements IPv6 fragment reassembly. This study tests the IPv6 fragmented packets that can evade the OpenFlow firewall, and proposes a new mechanism to guard against attacks carried out by malicious users to exploit IPv6 fragmentation loophole in OpenFlow networks. The proposed mechanism is evaluated in a simulated environment by using six scenarios, and results exhibit that the proposed mechanism effectively fixes the loophole and successfully prevents the abuse of IPv6 fragmentation in OpenFlow networks. |
| format | Online Article Text |
| id | pubmed-7213737 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-72137372020-05-26 Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks Al-Ani, Ayman Anbar, Mohammed Laghari, Shams A. Al-Ani, Ahmed K. PLoS One Research Article OpenFlow makes a network highly flexible and fast-evolving by separating control and data planes. The control plane thus becomes responsive to changes in topology and load balancing requirements. OpenFlow also offers a new approach to handle security threats accurately and responsively. Therefore, it is used as an innovative firewall that acts as a first-hop security to protect networks against malicious users. However, the firewall provided by OpenFlow suffers from Internet protocol version 6 (IPv6) fragmentation, which can be used to bypass the OpenFlow firewall. The OpenFlow firewall cannot identify the message payload unless the switch implements IPv6 fragment reassembly. This study tests the IPv6 fragmented packets that can evade the OpenFlow firewall, and proposes a new mechanism to guard against attacks carried out by malicious users to exploit IPv6 fragmentation loophole in OpenFlow networks. The proposed mechanism is evaluated in a simulated environment by using six scenarios, and results exhibit that the proposed mechanism effectively fixes the loophole and successfully prevents the abuse of IPv6 fragmentation in OpenFlow networks. Public Library of Science 2020-05-11 /pmc/articles/PMC7213737/ /pubmed/32392261 http://dx.doi.org/10.1371/journal.pone.0232574 Text en © 2020 Al-Ani et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. |
| spellingShingle | Research Article Al-Ani, Ayman Anbar, Mohammed Laghari, Shams A. Al-Ani, Ahmed K. Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks |
| title | Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks |
| title_full | Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks |
| title_fullStr | Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks |
| title_full_unstemmed | Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks |
| title_short | Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks |
| title_sort | mechanism to prevent the abuse of ipv6 fragmentation in openflow networks |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7213737/ https://www.ncbi.nlm.nih.gov/pubmed/32392261 http://dx.doi.org/10.1371/journal.pone.0232574 |
| work_keys_str_mv | AT alaniayman mechanismtopreventtheabuseofipv6fragmentationinopenflownetworks AT anbarmohammed mechanismtopreventtheabuseofipv6fragmentationinopenflownetworks AT lagharishamsa mechanismtopreventtheabuseofipv6fragmentationinopenflownetworks AT alaniahmedk mechanismtopreventtheabuseofipv6fragmentationinopenflownetworks |