Exploiting Path Diversity for Thwarting Pollution Attacks in Named Data Networking

Guo, Haoran; Wang, Xiaodong; Chang, Kun; Tian, Ye

doi:10.1109/tifs.2016.2574307

Cited by 41 publications

(13 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We expect that FEC-based TLDA can provide more enhanced performance of efficient and reliable delivery of Meta part segments. Furthermore, we will extend TLDA such that it provides protection against content pollution attack [31][32][33][34] on the network nodes. In the future works, we will verify the advantage of our mechanism with large scale scenario by using ndnSIM [35] which is a recently developed NDN simulator.…”

Section: Discussionmentioning

confidence: 99%

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

Seo

Youn

2018

Security and Communication Networks

View full text Add to dashboard Cite

Content-Centric Networking (CCN) is a new networking paradigm for the future Internet, which shifts the communication paradigm from host-centric to data-centric. In CCN, contents are routed by their unique names and they are stored in network nodes by units of segment during transmission for future usage. Since contents are stored in network nodes in a distributed manner, security is built into CCN data packets by embedding a public key signature to enable any content requesters to verify authenticity and integrity of contents. However, the use of public key signatures for authenticating CCN data packets incurs significant overhead regarding computation and communication, which limits universal utilization of CCN. Furthermore, this can lead to a new kind of DDoS attacks. Even though CCN adopts an aggregate signature method based on Merkle Hash Tree (MHT) in its reference implementation, it still incurs large amount of overhead. This paper presents TLDA, an efficient Two-Layered Data Authentication mechanism, which can considerably reduce overhead of computation and communication for authenticating data segments in CCN. For efficiency of computation and communication, TLDA newly introduces the concept of authentication Meta part consisting of data segments' hash values. To a great extent TLDA not only reduces the computation and communication overhead compared with CCN's basic authentication method, but also provides robustness against transmission loss and out-of-order transmission.We have implemented TLDA and demonstrated that it provides 74.3% improved throughput and 36.557% reduced communication overhead compared to those of the original CCNx library developed by PARC when transmitting a 128Mbyte content in units of 1Kbyte segment with RSA-2048 and SHA-256 as its signature algorithm and hash algorithm, respectively.

show abstract

Section: Discussionmentioning

confidence: 99%

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

Seo

Youn

2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…For example, Sourlas et al [5] proposed an autonomic cache management architecture, in which a distributed manager makes the (re)placement decisions depending on the popularity and locality of content data while minimizing the total network traffic and response time. On the other hand, several researchers have investigated a new scheme for security-aware ICN systems that is a prototyping scratch and/or a promising blueprint [9]- [13]. Xie et al [9] proposed a locality-disruption pollution attack to make a named data networking (NDN) system that is called the cache shield method, which is a traditional and familiar ICN model and more robust by increasing the attack cost.…”

Section: Related Workmentioning

confidence: 99%

“…Li et al [11] proposed and evaluated a lightweight mechanism for integrity verification and access control against poisoning attacks on an NDN system. Mauri et al [12] and Guo et al [13] proposed and analyzed a unified model to profile the attacker's strategy for polluting an NDN framework.…”

Section: Related Workmentioning

confidence: 99%

Secure Caching Scheme by Using Blockchain for Information-Centric Network-Based Wireless Sensor Networks

Mori

2018

Journal of Signal Processing

View full text Add to dashboard Cite

This paper addresses a secure caching scheme for information-centric network (ICN)-based wireless sensor networks (WSNs). In order to achieve the above mechanism, we utilize both the public-key cryptography technique and the blockchain technique, which enable data to be safely gathered and the decentralized and crossverified sensing data to be copied and stored. In addition, we propose a protocol design for introducing the proposed structure into an ICN-based WSN system. Furthermore, we formulate statistical models and demonstrate numerical results by performing computer simulations and hardware-based experiments.

show abstract

“…There are many malicious requests for ICN architectures related to naming, routing, caching, and unauthorized access . In this paper, we are concerned with unauthorized access attacks.…”

Section: Introductionmentioning

confidence: 99%

“…More discussions about related work and generic centralized and decentralized access control mechanisms can be found in our earlier conference paper …”

mentioning

confidence: 99%

Preventing unauthorized access in information centric networking

AbdAllah

Zulkernine

Hassanein

2018

Security and Privacy

View full text Add to dashboard Cite

The increasing traffic volume and new requirements of highly scalable and efficient distribution of contents exceed the capabilities of the current Internet architecture. Information centric networking (ICN) is a new communication paradigm for the next generation internet (NGI), which focuses mainly on contents. ICN has in-network caching capability, which enables any node to cache any content coming from any publisher. ICN subscribers are able to access contents from different distributed locations. This capability maximizes the problem of unauthorized access to ICN contents. In this paper, we propose a decentralized elliptic curve-based access control (ECAC) protocol for ICN architectures. In this protocol, fewer public messages are needed for access control enforcement between ICN subscribers and ICN nodes than the existing access control protocols. ECAC protocol depends on ICN self-certifying naming scheme. We perform security analysis on ECAC for the following attacks: man-in-the-middle, forward security, replay attacks, integrity, and privacy violations. We also evaluate communication, computational, and storage overhead for performance analysis to ECAC. Based on our results that are obtained under various scenarios, ECAC efficiently prevents unauthorized access to ICN contents. KEYWORDS access control, elliptic curve cryptography, information centric networking, unauthorized access attacks INTRODUCTIONThe Internet is changing from Internet of hosts to Internet of things, Internet of media, Internet of service, and Internet of people. These new Internets require highly scalable and efficient contents distribution. Information centric networking (ICN) is one of the alternatives for these new Internets. The number of objects in ICN is expected to be several orders of magnitude higher than the number of nodes in current Internet architectures. According to Cisco Visual Networking Index, there will be almost 4.1 billion Internet users and 26.3 billion network devices and connections globally, the average fixed broadband connection speed will increase to 47.7 Mbps, and IP video will represent 82% of all traffic by 2020. 38 Different architectures have been proposed for ICN such as data oriented network architecture (DONA), network of information (NetInf), named data networking (NDN), and publish subscribe internet technology (PURSUIT). 39 All ICN architectures have some commonly shared concepts, which can be classified as follows: information object, naming, routing, caching, security, and application programming interface. [40][41][42][43][44][45][46] In-network caching is a major attribute of ICN, which allows any node to cache any content. This attribute is one of the major differences between ICN and non-ICN architectures. In the current Internet architectures, contents are stored at specific points, which simplifies the access control mechanisms. Network security administrator can deploy their security modules More discussions about related work and generic centralized and decentralized access control mecha...

show abstract

Exploiting Path Diversity for Thwarting Pollution Attacks in Named Data Networking

Cited by 41 publications

References 34 publications

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

Secure Caching Scheme by Using Blockchain for Information-Centric Network-Based Wireless Sensor Networks

Preventing unauthorized access in information centric networking

Contact Info

Product

Resources

About