hubertdcruze
commented
7 months ago Thank you for your suggestions. Impersonating an SDN controller without possessing its cryptographic identity would be a challenging task. Modern SDN environments employ strong authentication and encryption mechanisms to secure communications between the controller and network devices. However, attackers may attempt to circumvent these protections using several strategies.
Is "An attacker can impersonate the role of the SDN controller in the network. An attacker can impersonate the role of another SDN controller in the network." an intended threat? I feel like this should be caveated that the attacker does not possess the cryptographic credentials to completely impersonate the SDN controller, otherwise this feels confusing. Maybe something like:
"An attacker can impersonate the role of an SDN controller in the network. The attacker will be able to identify as an SDN controller but will lack the cryptographic identity of the SDN controller."