Enter POF. A major chokepoint for SDN is that it requires coding to program new services on the fowarding plane, meaning if you need a tailored solution because your network is unusual, it takes time for a developer to code it. In essence, OpenFlow is cumbersome. Well, Huawei has a solution for that. They call it protocol oblivious forwarding. In essence, it gives a developer or network administrator the ability to manipulate in-transit packets, based on script written in POF, passing through the forwarding plane, in particular, packet headers. Here are some things you can program: statistics, time stamps, and anomaly flow states, data-path instructions that can create and modify flow tables, MAC learning, active firewall, dynamic load balancing, and controller offloading.
As an analogy, imagine that our transportation system is a network. You have cars and trucks, and they all represent different types of packets. Imagine that they are all pushed to their respective cities and that the cities act as routers or switches. In its current format, there are different types of cars and trucks and different types of cities. Each city gives the cars and trucks a city-specific instruction set, and while all trucks and cars can receive the instructions, not all cities can directly communicate with each other.
Enter Huawei. Huawei has an automated process that changes all cars to red, and all trucks to blue. Huawei then acquires a contract with every city and introduces a common programmable infrastructure such that each city runs on the same software. Customizable at will. Now, as part of this contract, all control of the cities’ commands to cars and trucks are ceded to Huawei’s network controllers. In other words, all Huawei’s network controllers control the flow of car and truck traffic through the cities.
This all seems like a very good thing right? Very efficient. Highly customizable. Now let’s look at Huawei. Huawei is no stranger to controversy and has been accused of some serious and highly questionable actions. Huawei has been accused of corporate espionage and subsequently copyright theft and intellectual property infringement by multiple parties including Motorola and Cisco. Huawei has been identified by Indian intelligence services as possibly having supplied the Taliban with communication equipment. Next, according to Huawei, it’s employee owned, however employees have no idea how much they own, or (more likely) are not allowed to say how much they own as part of government ‘quiet’ censorship.
If you did own 51 percent of the shares of Huawei, per the by-laws, you still have no say in any executive decision-making. Finally, the Huawei board of directors is a cabal of technocrats ending in Ren Zhengfei. Zhengfei has ostensibly played down his role in the PLA. According to some media sources, he was a military technologist retaining rank. Other sources place him as an engineer or communications officer. Additionally, Zhengfei claims to only own 1.5 percent of his employee-owned company.
Huawei’s intent
Call me suspicious, but I have some concerns about Huawei’s intent.
What if Huawei’s general direction and intent is simply one of encirclement of the U.S.? Imagine in smoke-filled back rooms in the tall skyscrapers of Shanghai a meeting with one or two or even five of Huawei’s board members with personnel from the Ministry of Science and Technology (MOST) and the People’s Liberation Army (PLA). Remember MOST? This hypothetical meeting happened about the year 2000. At this meeting, relationships were solidified and outline in terms that both parties could understand.
Someone from the PLA says, “It’s not about controlling the company. Not at all. Why burn a good thing? We would just like access to place items on your architecture as it grows, in addition to information that is returned as part the metrics you collect for marketing.” Sound familiar? What’s different here is that when it comes from the PLA, and by extension from the Chinese Communist Party (CCP) politburo, it really isn’t a request at all. It’s an instruction.
It doesn’t matter if the PRC can’t penetrate the U.S. with Huawei. They just have to establish a significant market share in as many countries as they can. Huawei devices like smartphones are cheap. I purchased one to root in a Central American country for about $90 USD. They run on a Chinese variant of Android. Huawei routers are even cheaper now that they can build them on their SDN architecture and use POF to push them along a HetNet.
It’s very plug and play. In essence, you could extrapolate that every single Huawei device and appliance could very well ping home without the user and communications provider’s knowledge. If you went to travel and used your own device on a foreign country’s architecture, and they used a Huawei device anywhere along it, Huawei has the potential to retrieve data sans user knowledge. In essence, the PRC has an asset that works like a giant sound surveillance system (SOSUS).
Next, imagine that for a moment you could literally infect a network. That a network operated like a giant malware artifact. Appliances, devices, everything in the network operated as a scaled-up version for malware. Not just the nodes infected, but everything. Instead of a botnet, you now have a malnet. Seems like a pretty handy ‘secret weapon.’ Finally, imagine you could use the forwarding plane to run polymorphic code injection at the packet level?
Further, vulnerabilities have already been discovered in SDN. CVE-2014-5035 as identified by the Department of Homeland Security and the National Institute for Standards and Technology’s National Vulnerability Database identifies at least one vulnerability that we can associate with SDN. This vulnerability clearly states the following impact types “allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.” Open daylight is part of the OpenFlow protocol, essentially providing services from a network virtualization perspective. POF will not decrease this risk.
In summary, close scrutiny should be applied to any ‘commercial’ entity that leaves the ‘Great Chinese Firewall.’ It’s likely that any ‘free market’ entity has been carefully vetted by the PRC. Consider, how the Harmonious Fist of China is slowly closing and ask yourself if you really need to be worried about terrorists.
(Featured image courtesy of fastcompany.net)
COMMENTS