Field of Invention
The present invention relates generally to development of an application software for SDN networks, and more specifically, it relates to a software that utilizes SDN controller's trusted dynamic flow-routing and L3 header-rewrite capabilities in SDN networks. These capabilities are exploited to provide anonymous communications between a source and destination host pair.
Discussion of Related Art
Any discussion of the prior art throughout the specification should in no way be considered as an admission that such prior art is widely known or forms part of common general knowledge in the field.
Securing communications has always been a critical issue in computer networks. Computer networks use many intermediary switches to carry data packets to their final destinations. If any of these intermediary switches is compromised, the communications are jeopardized. The most basic and efficient method to secure any communications in prior art is encryption. Origination encrypts the data and the destination decrypts and reads it. Any intermediary can attempt to snoop into the data, but as long as the encryption keys are kept confidential, the data is kept safe, too. However, the identities of the source and destination are still exposed even though the content of the data is secured since two-way routing is performed in the network based on the network addresses of the source and destination. Given enough time a malicious party tapping into the network traffic can easily infer the identities of the source and destination, their communications frequency and volumes (even when the data is encrypted).
There are many cases in which simply securing the identities of the communicating parties, and thus keeping the conversation anonymous, is equally or even more important than securing the content of the communications. A prior art method called “onion routing” (see paper to Reed et al. titled, “Anonymous connections and onion routing,” IEEE Journal on Selected Areas in Communications, 1998, 16(4), pp. 482-494) (named so because of its use of encryption layers analogous to layers of an onion) was developed in the mid-1990s at the U.S. Naval Research Laboratory to provide anonymous communications over computer networks. It was further developed by the Defense Advanced Research Projects Agency (DARPA) and patented by the Navy in 1998. In onion routing, the data is encapsulated in layers of encryption. Thereafter, the encrypted data is transmitted through a series of network switches, each of which peels away a single layer, thereby uncovers the data's next destination. After the final innermost layer is decrypted, the message is delivered to its destination. The communications is kept anonymous because each intermediary knows only the location of the immediately preceding and the following nodes.
Tor (see paper to Lawrence titled, “The Inside Story of Tor, the Best Internet Anonymity Tool the Government Ever Built,” Business Week, Jan. 23, 2014), a free worldwide, volunteer network, is the most prominent and widely available application of onion routing. A client using some special software, which is usually a ‘Tor browser’, can communicate with a web server through the use of dedicated ‘Tor switches’. A “directory node” provides the list of all available Tor switches. The Tor client software chooses a random path among the available switches and sends its encrypted data packets as in onion routing.
The Tor browsing is relatively slow when compared with traditional routing mechanisms. It requires a software installation at the client side and dedicated switches or volunteering participants before any communications becomes possible. Additionally, when the last encapsulation layer is stripped off at the egress node, which is well known to be a Tor switch and hence an attacking point, the content of the data becomes vulnerable to attacks. If by any means the egress Tor node is compromised, the data can be captured. In order to compensate for the said deficiency, the content of the data should also be encrypted using cryptographic methods such as TLS (see paper to Dierks et al. titled, “The TLS protocol, Version 1.0,” January 1999, RFC-2246) or SSL, resulting in further sluggishness in communications.
Sophisticated attackers often spend a long time trying to map the target network and gather as much information as possible about essential services. Under the assumption that a determined attacker will get any information given enough time, keeping any information about the communications static does not make sense. The general defense strategy described in this patent application tries to render information obtained by attackers harmless by changing network related information frequently. As an added bonus, the use of stale information raises alerts, which can serve as valuable input to intrusion detection systems.
To maximize the defense, changes should be unpredictable for the attacker. Timeliness is a central aspect of this defense; on one hand, a high rate of change results in high overhead; on the other hand, infrequent change might allow an attacker to gather information and spoil anonymity. The strategy has to be flexible enough to allow one to describe this trade-off upon actual deployment. The strategy we mapped out in this invention is a dynamic address randomization and route hopping strategy, implemented in synchronization, during the lifetime of an anonymous communications session without creating disruption on the rest of the network. Of course the proposed strategy is practical only when there is a reasonably small set of communications that are deemed critical.
Considering the deficiencies of encryption and onion routing techniques, the new software proposed in our present invention departs from the conventional concepts and designs of prior art, and in doing so, it provides a much faster and more efficient way for anonymous delivery of any critical data.
We exploited key properties of a software defined network (SDN) (see paper to Lantz et al. titled, “A network in a laptop: rapid prototyping for software-defined networks,” Proceedings of the 9th ACM, 2010) to execute the proposed strategy without necessitating the use of encryption/decryption mechanisms. SDN relies on a trusted centralized system (i.e., the controller,) which oversees the network, and can instantly program the network switches along the data path using a trusted control network (e.g., using OpenFlow protocol (see paper to McKeown et al. titled, “OpenFlow: Enabling innovation in campus networks,” ACM SIGCOMM Computer Communication Review, 38(2), April 2008, pp. 69-74). This unique infrastructure enables rapid programming of switches with aliased (fake) IP addresses for the source and destination hosts and dynamic route changes only for a set of flows without touching the rest of the traffic.
Embodiments of the present invention are an improvement over prior art systems and methods.