Dohyung Kim
Abstract
In Named-Data Networking (NDN), content is cached in network nodes and served for future requests. This property of NDN allows attackers to inject poisoned content into the network and isolate users from valid content sources. Since a digital signature is embedded in every piece of content in NDN architecture, poisoned content is discarded if routers perform signature verification; however, if every content is verified by every router, it would be overly expensive to do. In our preliminary work, we have suggested a content verification scheme that minimizes unnecessary verification and favors already verified content in the content store, which reduces the verification overhead by as much as 90% without failing to detect every piece of poisoned content. Under this scheme, however, routers are vulnerable to <italic>verification attack</italic>, in which a large amount of unverified content is accessed to exhaust system resources. In this paper, we carefully look at the possible concerns of our preliminary work, including <italic>verification attack</italic>, and present a simple but effective solution. The proposed solution mitigates the weakness of our preliminary work and allows this paper to be deployed for real-world applications.
- [1] , “Efficient content verification in named data networking,” in Proc. 2nd Int. Conf. Inf.-Centric Netw.,
Sep. 2015 , pp. 109–116.Google Scholar
- [2] , “Networking named content,” in Proc. ACM CoNEXT,
2009 , pp. 1–12.Google Scholar - [3] , “DoS and DDoS in named data networking,” in Proc. IEEE ICCCN,
Aug. 2012 , pp. 1–7.Google Scholar - [4] , “Needle in a haystack: Mitigating content poisoning in named-data networking,” in Proc. NDSS Workshop Secur. Emerg. Netw. Technol. (SENT),
Feb. 2014 .Google Scholar - [5] , “Network-layer trust in named-data networking,” ACM Comput. Commun. Rev., vol. 44, no. 5, pp. 12–19, 2014.Google ScholarDigital Library
- [6] Ns-3 network simulator, accessed on Jan. 21, 2016. [Online]. Available: http://www.nsnam.orgGoogle Scholar
- [7] , “Enhancing cache robustness for content-centric networking,” in Proc. IEEE INFOCOM,
Mar. 2012 , pp. 2426–2434.Google Scholar - [8] , “A lightweight mechanism for detection of cache pollution attacks in named data networking,” Elsevier Comput. Netw., vol. 57, no. 16, pp. 3178–3191, 2013.Google ScholarDigital Library
- [9] . (Feb. 2014). “Elements of trust in named-data networking.” [Online]. Available: https://arxiv.org/abs/1402.3332Google Scholar
- [10] , “Mitigating poisoned content with forwarding strategy,”
Colorado State Univ., Fort Collins, CO, USA, Tech. Rep. 15-101, 2015. [Online]. Available: http://www.cs.colostate.edu/TechReports/Reports/2015/tr15–101.pdfGoogle Scholar
- [11] . (Mar. 2016). “Security, privacy, and access control in information-centric networking: A survey.” [Online]. Available: https://arxiv.org/abs/1603.03409Google Scholar
- [12] , “To NACK or not to NACK? Negative acknowledgments in information-centric networking,” in Proc. IEEE Int. Conf. Comput. Commun. Netw. (ICCCN),
Aug. 2015 , pp. 1–10.Google Scholar - [13] , “Check before storing: What is the performance price of content integrity verification in LRU caching?” ACM SIGCOMM Comput. Commun. Rev., vol. 43, no. 3, pp. 59–67, 2013.Google ScholarDigital Library
- [14] , “Public key management in named data networking,”
NDN,
Univ. California, Los Angeles, CA, USA, Tech. Rep. NDN-0029, 2015.Google Scholar
- [15] , “Content discovery for information-centric networking,” Comput. Netw., vol. 83, pp. 1–14, 2015.Google ScholarDigital Library
- [16] , “Inform: A dynamic interest forwarding mechanism for information centric networking,” in Proc. ACM SIGCOMM Workshop Inf.-Centric Netw.,
2013 , pp. 9–14.Google Scholar - [17] , “Named data networking (NDN) project,”
NDN Project, Los Angeles, CA, USA, Tech. Rep. NDN-0001, 2010.Google Scholar
- [18] , “NFD developers guide,”
NDN Project, Los Angeles, CA, USA, Tech. Rep. NDN-0021, 2014.Google Scholar
- [19] , “ndnSIM: NDN simulator for NS-3,”
Univ. California, Los Angeles, CA, USA, Tech. Rep. NDN-0005, 2012.Google Scholar
- [20] , “Citations and the Zipf–Mandelbrot’s law,” Complex Syst., vol. 11, pp. 487–499, 1997.Google Scholar
- [21] , “Impact of traffic mix on caching performance in a content-centric network,” in Proc. IEEE Conf. Comput. Commun. Workshops (INFOCOM WKSHPS),
Jul. 2012 , pp. 310–315.Google Scholar - [22] , “Caching strategies to improve disk system performance,” Computer, vol. 27, no. 3, pp. 38–46, Mar. 1994.Google ScholarDigital Library
- [23] , “Hierarchical Web caching systems: Modeling, design and experimental results,” IEEE J. Sel. Areas Commun., vol. 20, no. 7, pp. 1305–1314, Sep. 2002.Google ScholarDigital Library
- [24] , “Web cache replacement policies: A pragmatic approach,” IEEE Netw., vol. 20, no. 1, pp. 28–34, Jan./Feb. 2006.Google Scholar
- [25] (2008). Youtube Traces From the Campus Network. [Online]. Available: http://traces.cs.umass.edu/index.php/NetworkGoogle Scholar
- [26] , “Characterizing temporal locality and its impact on Web server performance,” in Proc. IEEE Int. Conf. Comput. Commun. Netw. (ICCCN),
Nov. 2000 , pp. 434–441.Google Scholar - [27] , “Impact of traffic mix on caching performance in a content-centric network,” in Proc. IEEE Conf. Parallel Distrib. Inf. Syst.,
Mar. 1996 , pp. 92–103.Google Scholar
Index Terms
- Security of Cached Content in NDN
Recommendations
Investigating Impact of Fake-Type Content Poisoning Attack on NDN
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and SecurityInformation-centric networking (ICN) has been widely studied as a new network architecture for efficient content delivery. However, the threat of content poisoning attack (CPA) has been pointed out. In the CPA, a malicious user degrades the cache hit ...
Comparing NDN and CDN Performance for Content Distribution Service in Community Wireless Mesh Network
AINTEC '14: Proceedings of the 10th Asian Internet Engineering ConferenceContent distribution has recently become a predominant service on the current Internet while the early Internet architecture was not designed for scalable content delivery. In this paper, we address the issue of content delivery in community wireless ...
Comments