Closing the Floodgate with Stateless Content-Centric Networking

Ghali, Cesar; Tsudik, Gene; Uzun, Ersin; Wood, Christopher A.

doi:10.1109/icccn.2017.8038367

Cited by 10 publications

(8 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A fundamentally different approach has been proposed in [25] which questions the necessity of the stateful nature of ICN. Given IFA's attack mechanism, the authors show that if the NDN protocol is modified into a stateless fashion, the IFA attack becomes much less efficient.…”

Section: B Interest Flooding Attackmentioning

confidence: 99%

“…While simulations may be very useful, real-life experimentation is crucial to evaluate the efficiency of a solution in practice. The real deployment of an NDN network, coupled with the legacy Internet based on IP, is extremely time consuming but worth considering; this explains why almost all prior works on IFA detection and mitigation, see for instance [25]- [27], and in general on solutions for NDN security issues, see for instance [30], [31] did not make this final step. But, as shown in the present paper, the efficiency of a detection method measured in a completely simulated environment may hardly transfer into real life.…”

Section: Common Limitations Of Prior Workmentioning

confidence: 99%

“…guarantees that the test δ (22) is in K α0 . Using the decision threshold given in (25), the power function of the UMP test (22) is given by:…”

Section: Generalized Likelihood Ratio Testmentioning

confidence: 99%

See 2 more Smart Citations

Reliable Detection of Interest Flooding Attack in Real Deployment of Named Data Networking

Nguyen

Mai

Cogranne

et al. 2019

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Named Data Networking (NDN) is a disruptive yet promising architecture for the future Internet, in which the content diffusion mechanisms are shifted from the conventional host-centric to content-centric ones so that the data delivery can be significantly improved. After a decade of research and development, NDN and the related NDN Forwarding Deamon (NFD) implementations are now mature enough to enable stakeholders, such as telcos, to consider them for a real deployment. Consequently, NDN and IP will likely cohabit, and the Future Internet may be formed of isolated administrative domains, each deploying one of these two network paradigms. The security question of the resulting architecture naturally arises. In this paper, we consider the case of Denial of Service. Even though the Interest Flooding Attack (IFA) has been largely studied and mitigated through NACK packets in pure NDN networks, we demonstrate in this paper through experimental assessments that there are still some ways to mount such an attack, and especially in the context of coupling NDN with IP, that can hardly be addressed by current solutions. Subsequently, we leverage hypothesis testing theory to develop a Generalized Likelihood Ratio Test (GLRT) adapted to evolved IFA attacks. Simulations show the relevance of the proposed model for guaranteeing the prescribed Probability of False Alarm (PFA) and highlights the trade-off between detection power and delay. Finally, we consider a real deployment scenario where NDN is coupled with IP to carry HTTP traffic. We show that the model of IFA attacks is not very accurate in practice and further develops a sequential detector to keep a high detection accuracy. By considering data from the testbed, we show the efficiency of the overall detection method.

show abstract

Section: B Interest Flooding Attackmentioning

confidence: 99%

Section: Common Limitations Of Prior Workmentioning

confidence: 99%

See 1 more Smart Citation

Reliable Detection of Interest Flooding Attack in Real Deployment of Named Data Networking

Nguyen

Mai

Cogranne

et al. 2019

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…Interest Flooding Attacks are considered as a major security problem in NDN [19,20]. Most popular countermeasures involve some form of pushback mechanism (e.g., Reference [20]), but researchers have gone as far as proposing to eliminate the PIT structure in order to mitigate such attacks [21].…”

Section: Motivationmentioning

confidence: 99%

Reputation-Based Trust Approaches in Named Data Networking

2019

View full text Add to dashboard Cite

Information-Centric Networking (ICN) has arisen as an architectural solution that responds to the needs of today’s overloaded Internet, departing from the traditional host-centric access paradigm. In this paper we focus on Named Data Networking (NDN), the most prominent ICN architecture. In the NDN framework, disseminated content is at the core of the design and providing trusted content is essential. In this paper, we provide an overview of reputation-based trust approaches, present their design trade-offs and argue that these approaches can consolidate NDN trust and security by working complementary to the existing credential-based schemes. Finally, we discuss future research directions and challenges.

show abstract

“…On the other hand, stateless CCN architecture is proposed, 25 in which the stateful information per interest is removed for mitigating DDoS attack. However, the removal of the stateful information will cause problems for adaptive routing.…”

Section: Dos/ddos Mitigation In Icnmentioning

confidence: 99%

Dual‐collaborative DoS/DDoS mitigation approach in information‐centric mobile Internet

Chen

Jia

Liu

2019

Int J Communication

View full text Add to dashboard Cite

The amount of wireless traffic is increasing at an overwhelming speed.Information-centric networking (ICN) has been proposed as a promising Future Internet Architecture, which can reduce network traffic by putting data objects toward the edge. It is expected that in information-centric mobile Internet (ICMI), the wireless traffic can be significantly reduced. Yet, DoS/DDoS attack becomes a critical issue in ICMI by causing wireless gateway blockade. To tackle the problem, we propose a dual-collaborative DoS/DDoS mitigation approach (DCMA) and advanced DCMA to protect wireless gateways. In the algorithm, the attackers' visiting information including international mobile equipment identity (IMEI) and data object name (DON) are analyzed jointly to accurately identify potential attackers through the collaboration between the Internet and mobile network. In addition, the attacker's behaviors are analyzed centrally, and security strategies are applied distributively throughout wireless edge through the collaboration between wireless core network (CN) and radio access network (RAN). Extensive simulations are performed to verify the effectiveness of the proposed algorithms. The results demonstrate that advanced DCMA can achieve high DDoS and attacker detection probability and small false positive probability. KEYWORDS collaborative, DoS/DDoS mitigation, information centric, mobile InternetInt J Commun Syst. 2020;33:e4241.wileyonlinelibrary.com/journal/dac wireless radio access network (RAN) and core network (CN) to further improve user experience. With the assistance of wireless heterogeneous networks, wireless users can access to the Internet service ubiquitously. On the other hand, the design of the Internet has been shifted from a host-centric architecture toward an information-centric architecture for the support of scalable content retrieval, security, mobility, etc. 3 In informationcentric networking (ICN), information objects are named and used for data requesting and transmission as opposed to the IP address used in the current Internet, and the focus for service providing has changed from host-to-host mode to information-centric mode. Currently, the ICN design is actively investigated in several research projects. Some of the representative ICN architectures are data-oriented network architecture (DONA) 4 developed from UC Berkeley, named data networking (NDN) 5 based on content-centric networking (CCN) architecture supported by the US Future Internet Architecture program, publish-subscribe Internet technology (PURSUIT) 6 funded by EU Framework 7 Program, and smart identifier network (SINET) 7 supported by the China National Basic Research Program. While the above ICN architectures mainly differ in naming, information request, and content data transmitting methodologies, caching functionality is adopted for all the ICN architecture.Since ICN can greatly aid networks for achieving the end-to-end QoS through pushing content toward the network edge, the application of ICN in wireless networks has been investigated....

show abstract

Closing the Floodgate with Stateless Content-Centric Networking

Cited by 10 publications

References 47 publications

Reliable Detection of Interest Flooding Attack in Real Deployment of Named Data Networking

Reliable Detection of Interest Flooding Attack in Real Deployment of Named Data Networking

Reputation-Based Trust Approaches in Named Data Networking

Dual‐collaborative DoS/DDoS mitigation approach in information‐centric mobile Internet

Contact Info

Product

Resources

About