Skip to main content
SpringerLink
Log in

Forensics Investigation of OpenFlow-Based SDN Platforms

  • Chapter
  • First Online:
Cyber Threat Intelligence

Part of the book series: Advances in Information Security ((ADIS,volume 70))

Abstract

Software Defined Networking (SDN) is an increasingly common implementation for virtualization of networking functionalities. Although security of SDNs has been investigated thoroughly in the literature, forensic acquisition and analysis of data remnants for the purposes of constructing digital evidences for threat intelligence did not have much research attention. This chapter at first proposes a practical framework for forensics investigation in Openflow based SDN platforms. Furthermore, due to the sheer amount of data that flows through networks it is important that the proposed framework also implements data reduction techniques not only for facilitating intelligence creation, but also to help with long term storage and mapping of SDN data. The framework is validated through experimenting two use-cases on a virtual SDN running on Mininet. Analysis and comparison of Southbound PCAP files and the memory images of switches enabled successful acquisition of forensic evidential artefacts pertaining to these use cases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/504ensicsLabs/LiME/tree/master/doc.

References

  1. Alekseev I, Nikitinskiy M (2015) Eventbus module for distributed openflow controllers. In: 2015 17th Conference of Open Innovations Association (FRUCT), Institute of Electrical and Electronics Engineers (IEEE), DOI 10.1109/fruct.2015.7117963, URL https://doi.org/10.1109%2Ffruct.2015.7117963

  2. Bates A, Butler K, Haeberlen A, Sherr M, Zhou W (2014) Let SDN be your eyes: Secure forensics in data center networks. In: Proceedings 2014 Workshop on Security of Emerging Networking Technologies, Internet Society, DOI 10.14722/sent.2014.23002, URL https://doi.org/10.14722%2Fsent.2014.23002

  3. Birk D, Wegener C (2011) Technical issues of forensic investigations in cloud computing environments. In: 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, Institute of Electrical and Electronics Engineers (IEEE), DOI 10.1109/sadfe.2011.17, URL https://doi.org/10.1109%2Fsadfe.2011.17

  4. Brady O, Overill R, Keppens J (2015) DESO: Addressing volume and variety in large-scale criminal cases. Digital Investigation 15:72–82, DOI 10.1016/j.diin.2015.10.002, URL https://doi.org/10.1016%2Fj.diin.2015.10.002

  5. Chung H, Park J, Lee S, Kang C (2012) Digital forensic investigation of cloud storage services. Digital Investigation 9(2):81–95, DOI 10.1016/j.diin.2012.05.015, URL https://doi.org/10.1016%2Fj.diin.2012.05.015

  6. Daryabar F, Dehghantanha A, Udzir NI, Sani NFBM, bin Shamsuddin S (2013) A review on impacts of cloud computing and digital forensics. International Journal of Cyber-Security and Digital Forensics 2(2):77–94

    Google Scholar 

  7. Daryabar F, Dehghantanha A, Choo KKR (2016) Cloud storage forensics: Mega as a case study. Australian Journal of Forensic Sciences pp 1–14

    Google Scholar 

  8. Daryabar F, Dehghantanha A, Eterovic-Soric B, Choo KKR (2016) Forensic investigation of OneDrive, box, GoogleDrive and dropbox applications on android and iOS devices. Australian Journal of Forensic Sciences 48(6):615–642, DOI 10.1080/00450618.2015.1110620, URL https://doi.org/10.1080%2F00450618.2015.1110620

  9. Daryabar F, Dehghantanha A, Eterovic-Soric B, Choo KKR (2016) Forensic investigation of OneDrive, box, GoogleDrive and dropbox applications on android and iOS devices. Australian Journal of Forensic Sciences 48(6):615–642, DOI 10.1080/00450618.2015.1110620, URL https://doi.org/10.1080%2F00450618.2015.1110620

  10. Dehghantanha A, Dargahi T (2017) Chapter 14 - residual cloud forensics: Cloudme and 360yunpan as case studies. In: Choo KKR, Dehghantanha A (eds) Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, Syngress, pp 247–283, DOI http://dx.doi.org/10.1016/B978-0-12-805303-4.00014-9, URL http://www.sciencedirect.com/science/article/pii/B9780128053034000149

  11. Dezfouli FN, Dehghantanha A, Eterovic-Soric B, Choo KKR (2015) Investigating social networking applications on smartphones detecting facebook, twitter, linkedin and google+ artefacts on android and ios platforms. Australian Journal of Forensic Sciences 48(4):469–488, DOI 10.1080/00450618.2015.1066854, URL https://doi.org/10.1080%2F00450618.2015.1066854

  12. Do Q, Martini B, Choo KKR (2015) A forensically sound adversary model for mobile devices. PLOS ONE 10(9):e0138,449, DOI 10.1371/journal.pone.0138449, URL https://doi.org/10.1371%2Fjournal.pone.0138449

  13. Do Q, Martini B, Choo KKR (2016) Is the data on your wearable device secure? an android wear smartwatch case study. Software: Practice and Experience 47(3):391–403, DOI 10.1002/spe.2414, URL https://doi.org/10.1002%2Fspe.2414

  14. Fahdi MA, Clarke N, Furnell S (2013) Challenges to digital forensics: A survey of researchers: practitioners attitudes and opinions. In: 2013 Information Security for South Africa, Institute of Electrical and Electronics Engineers (IEEE), DOI 10.1109/issa.2013.6641058, URL https://doi.org/10.1109%2Fissa.2013.6641058

  15. Gebhardt T, Reiser HP (2013) Network forensics for cloud computing. In: IFIP International Conference on Distributed Applications and Interoperable Systems, Springer, pp 29–42

    Google Scholar 

  16. Jarraya Y, Madi T, Debbabi M (2014) A survey and a layered taxonomy of software-defined networking. IEEE Communications Surveys & Tutorials 16(4):1955–1980, DOI 10.1109/comst.2014.2320094, URL https://doi.org/10.1109%2Fcomst.2014.2320094

  17. Josiah D, T SA (2013) Design and implementation of frost: Digital forensic tools for the openstack cloud computing platform. Digital Investigation 10:S87–S95

    Google Scholar 

  18. Kaur K, Singh J, Ghumman NS (2014) Mininet as software defined networking testing platform. In: International Conference on Communication, Computing & Systems (ICCCS

    Google Scholar 

  19. Kent K, Chevalier S, Grance T, Dang H (2006) Guide to integrating forensic techniques into incident response. Tech. rep., DOI 10.6028/nist.sp.800-86, URL https://doi.org/10.6028%2Fnist.sp.800-86

  20. Khondoker R, Zaalouk A, Marx R, Bayarou K (2014) Feature-based comparison and selection of software defined networking (SDN) controllers. In: 2014 World Congress on Computer Applications and Information Systems (WCCAIS), Institute of Electrical and Electronics Engineers (IEEE), DOI 10.1109/wccais.2014.6916572, URL https://doi.org/10.1109%2Fwccais.2014.6916572

  21. Kreutz D, Ramos FMV, Verissimo PE, Rothenberg CE, Azodolmolky S, Uhlig S (2015) Software-defined networking: a comprehensive survey. In: Proceedings of the IEEE, 103(1):14–76, DOI 10.1109/JPROC.2014.2371999, URL https://doi.org/10.1109/JPROC.2014.2371999

  22. Martini B, Choo KKR (2012) An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 9(2):71–80, DOI 10.1016/j.diin.2012.07.001, URL https://doi.org/10.1016%2Fj.diin.2012.07.001

  23. Martini B, Choo KKR (2013) Cloud storage forensics: ownCloud as a case study. Digital Investigation 10(4):287–299, DOI 10.1016/j.diin.2013.08.005, URL https://doi.org/10.1016%2Fj.diin.2013.08.005

  24. Martini B, Choo KKR (2014) Distributed filesystem forensics: XtreemFS as a case study. Digital Investigation 11(4):295–313, DOI 10.1016/j.diin.2014.08.002, URL https://doi.org/10.1016%2Fj.diin.2014.08.002

  25. Martini B, Choo KKR (2014) Remote programmatic vCloud forensics: A six-step collection process and a proof of concept. In: 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Institute of Electrical and Electronics Engineers (IEEE), DOI 10.1109/trustcom.2014.124, URL https://doi.org/10.1109%2Ftrustcom.2014.124

  26. Marty R (2011) Cloud application logging for forensics. In: Proceedings of the 2011 ACM Symposium on Applied Computing, ACM, pp 178–184

    Google Scholar 

  27. Mohtasebi S, Dehghantanha A, Choo KK (2017) Chapter 12 - investigating storage as a service cloud platform: pcloud as a case study. In: Choo KKR, Dehghantanha A (eds) Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, Syngress, pp 185–204, DOI http://dx.doi.org/10.1016/B978-0-12-805303-4.00013-7, URL http://www.sciencedirect.com/science/article/pii/B9780128053034000137

  28. Mohtasebi S, Dehghantanha A, Choo KK (2017) Chapter 13 - cloud storage forensics: Analysis of data remnants on spideroak, justcloud, and pcloud. In: Choo KKR, Dehghantanha A (eds) Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, Syngress, pp 205–246, DOI http://dx.doi.org/10.1016/B978-0-12-805303-4.00013-7, URL http://www.sciencedirect.com/science/article/pii/B9780128053034000137

  29. Nunes BAA, Mendonca M, Nguyen XN, Obraczka K, Turletti T (2014) A survey of software-defined networking: Past, present, and future of programmable networks. IEEE Communications Surveys & Tutorials 16(3):1617–1634, DOI 10.1109/surv.2014.012214.00180, URL https://doi.org/10.1109%2Fsurv.2014.012214.00180

  30. Pichan A, Lazarescu M, Soh ST (2015) Cloud forensics: Technical challenges, solutions and comparative analysis. Digital Investigation 13:38–57

    Google Scholar 

  31. Qi H, Li K (2016) Software Defined Networking Applications in Distributed Datacenters. Springer International Publishing, DOI 10.1007/978-3-319-33135-5, URL https://doi.org/10.1007%2F978-3-319-33135-5

  32. Rahman NHA, Cahyani NDW, Choo KKR (2016) Cloud incident handling and forensic-by-design: cloud storage as a case study. Concurrency and Computation: Practice and Experience DOI 10.1002/cpe.3868, URL https://doi.org/10.1002%2Fcpe.3868

  33. Rodney M (1999) What is forensic computing? Australian Institute of Criminology Canberra

    Google Scholar 

  34. Röpke C, Holz T (2015) SDN rootkits: Subverting network operating systems of software-defined networks. In: Research in Attacks, Intrusions, and Defenses, Springer Nature, pp 339–356, DOI 10.1007/978-3-319-26362-5_16, URL https://doi.org/10.1007%2F978-3-319-26362-5_16

  35. Saad S, Traore I (2010) Method ontology for intelligent network forensics analysis. In: 2010 Eighth International Conference on Privacy, Security and Trust, Institute of Electrical and Electronics Engineers (IEEE), DOI 10.1109/pst.2010.5593235, URL https://doi.org/10.1109%2Fpst.2010.5593235

  36. Scanlon M, Farina J, Kechadi MT (2014) BitTorrent sync: Network investigation methodology. In: 2014 Ninth International Conference on Availability, Reliability and Security, Institute of Electrical and Electronics Engineers (IEEE), DOI 10.1109/ares.2014.11, URL https://doi.org/10.1109%2Fares.2014.11

  37. Scanlon M, Farina J, Khac NAL, Kechadi T (2014) Leveraging decentralization to extend the digital evidence acquisition window: Case study on bittorrent sync. Journal of Digital Forensics, Security and Law 9(2):85–99

    Google Scholar 

  38. Shariati M, Dehghantanha A, Choo KKR (2015) SugarSync forensic analysis. Australian Journal of Forensic Sciences 48(1):95–117, DOI 10.1080/00450618.2015.1021379, URL https://doi.org/10.1080%2F00450618.2015.1021379

  39. Shields C, Frieder O, Maloof M (2011) A system for the proactive, continuous, and efficient collection of digital forensic evidence. Digital Investigation 8:S3–S13, DOI 10.1016/j.diin.2011.05.002, URL https://doi.org/10.1016%2Fj.diin.2011.05.002

  40. Sibiya G, Venter HS, Fogwill T (2015) Digital forensics in the cloud: The state of the art. In: 2015 IST-Africa Conference, Institute of Electrical and Electronics Engineers (IEEE), DOI 10.1109/istafrica.2015.7190540, URL https://doi.org/10.1109%2Fistafrica.2015.7190540

  41. Simou S, Kalloniatis C, Kavakli E, Gritzalis S (2014) Cloud forensics: identifying the major issues and challenges. In: International Conference on Advanced Information Systems Engineering, Springer, pp 271–284

    Google Scholar 

  42. Staab S, Studer R (eds) (2009) Handbook on Ontologies. Springer Nature, DOI 10.1007/978-3-540-92673-3, URL https://doi.org/10.1007%2F978-3-540-92673-3

  43. Teing YY, Dehghantanha A, Choo KKR, Dargahi T, Conti M (2016) Forensic investigation of cooperative storage cloud service: Symform as a case study. Journal of Forensic Sciences DOI 10.1111/1556-4029.13271, URL https://doi.org/10.1111%2F1556-4029.13271

  44. Teing YY, Dehghantanha A, Choo KKR, Yang LT (2016) Forensic investigation of p2p cloud storage services and backbone for IoT networks: BitTorrent sync as a case study. Computers & Electrical Engineering DOI 10.1016/j.compeleceng.2016.08.020, URL https://doi.org/10.1016%2Fj.compeleceng.2016.08.020

  45. Teing YY, Ali D, Choo K, Abdullah MT, Muda Z (2017) Greening cloud-enabled big data storage forensics: Syncany as a case study. IEEE Transactions on Sustainable Computing DOI 10.1109/tsusc.2017.2687103, URL https://doi.org/10.1109%2Ftsusc.2017.2687103

  46. Thethi N, Keane A (2014) Digital forensics investigations in the cloud. In: Advance Computing Conference (IACC), 2014 IEEE International, IEEE, pp 1475–1480

    Google Scholar 

  47. Turnbull B, Randhawa S (2015) Automated event and social network extraction from digital evidence sources with ontological mapping. Digital Investigation 13:94–106, DOI 10.1016/j.diin.2015.04.004, URL https://doi.org/10.1016%2Fj.diin.2015.04.004

  48. Zawoad S, Hasan R (2013) Cloud forensics: a meta-study of challenges, approaches, and open problems. arXiv preprint arXiv:13026312

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, School of Computing, Science and Engineering, University of Salford, Salford, UK

    Mudit Kalpesh Pandya

  2. Shiraz University of Technology, Shiraz, Iran

    Sajad Homayoun

  3. Department of Computer Science, University of Sheffield, Sheffield, UK

    Ali Dehghantanha

Authors
  1. Mudit Kalpesh Pandya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sajad Homayoun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ali Dehghantanha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Dehghantanha .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Sheffield, Sheffield, United Kingdom

    Ali Dehghantanha

  2. Department of Mathematics, University of Padua, Padua, Italy

    Mauro Conti

  3. Department of Computer Science, University of Salford, Manchester, United Kingdom

    Tooska Dargahi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Pandya, M.K., Homayoun, S., Dehghantanha, A. (2018). Forensics Investigation of OpenFlow-Based SDN Platforms. In: Dehghantanha, A., Conti, M., Dargahi, T. (eds) Cyber Threat Intelligence. Advances in Information Security, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-319-73951-9_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-73951-9_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-73950-2

  • Online ISBN: 978-3-319-73951-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation