PIT overload analysis in content centric networks

Virgilio, Matteo; Marchetto, Guido; Sisto, Riccardo

doi:10.1145/2491224.2491225

Cited by 46 publications

(45 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, So et al [12] consider a hash flooding denial-of-service (DoS) attack in which an attacker maliciously introduces hash collisions to degrade an NDN router's performance. Virgilio et al [13] show that the PIT component in an NDN router is vulnerable to a distributed DoS (DDoS) attack that seeks to exhaust the PIT's memory with forged Interests.…”

Section: Related Workmentioning

confidence: 99%

Exploiting Path Diversity for Thwarting Pollution Attacks in Named Data Networking

Guo

Wang

Chang

et al. 2016

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

With information becoming a first-class citizen on the Internet, Information-centric Networking (ICN) is considered as a promising direction for the future Internet. Named Data Networking (NDN) is a prominent example of emerging ICN architectures. Unfortunately, NDN is vulnerable to various attacks targeting its in-network caching mechanism. In this paper, we focus on the false-locality pollution attack, in which an adversary repeatedly requests a number of unpopular data objects to waste the precious cache space on the NDN router and to reduce normal users' hit ratios. With simulation experiments, we show that such an attack can cause considerable damage to the NDN network. To detect and mitigate such an attack, we introduce an algorithm that exploits the diversity of the Interest traversing paths within an ISP's point-of-presence (PoP) network. We also propose inexpensive methodologies based on the probabilistic counting and Bloom filter techniques to implement the algorithm on an NDN router. The experimental results indicate that our proposed algorithm is effective in thwarting false-locality pollution. We also experiment with strategies that the adversary may utilize against our anti-pollution algorithm and demonstrate that such strategies are either ineffective or impractical in the real world. Index Terms-Future Internet architecture, cache pollution attack, network securityThe authors are with the Anhui Key Laboratory on High Performance Computing and Application,

show abstract

Section: Related Workmentioning

confidence: 99%

Exploiting Path Diversity for Thwarting Pollution Attacks in Named Data Networking

Guo

Wang

Chang

et al. 2016

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…This is accomplished using three tables: A content store (CS) lists the COs that are cached locally; a Pending Interest Table (PIT) keeps forwarding state for each forwarded Interest (i.e., a request for a CO or service) processed by a router; and a forwarding information base (FIB) lists the next hops to known name prefixes. The inherent limitations with this approach are the need to lookup very large FIBs and PITs [7], [18], [21], [22], [24] and vulnerabilities to DDoS (distributed denial of service) attacks introduced by PITs [24].…”

Section: Introductionmentioning

confidence: 99%

“…We have also shown [10], [11] that Interest aggregation combined with the Interest-loop detection mechanisms used in NDN and CCNx can lead to Interests being aggregated while traversing forwarding loops without such loops being detected. Furthermore, using PITs makes routers vulnerable to Interest-flooding attacks [22], [23], [24] in which malicious users can send malicious Interests aimed at making the size of PITs explode.…”

Section: Introductionmentioning

confidence: 99%

Efficient multicasting in Content-Centric Networks using locator-based Forwarding state

Garcia-Luna-Aceves

Barijough

2017

2017 International Conference on Computing, Networking and Communications (ICNC)

View full text Add to dashboard Cite

“…The large storage requirements of maintaining PITs in NDN or CCN deployments at Internet scale has been addressed by a number of authors [6], [15], [16]. By some estimates, the number of PIT entries needed for NDN and CCN to operate at Internet scale is O (10 6 ).…”

Section: Introductionmentioning

confidence: 99%

“…Interest flooding attacks [2], [16] can be mounted in which end users simply send Interests requesting valid or invalid content corresponding to routable content-name prefixes at rates that overload PITs.…”

Section: Introductionmentioning

confidence: 99%

New Directions in Content Centric Networking

Garcia-Luna-Aceves

2015

2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems

View full text Add to dashboard Cite

Abstract-We revisit some of the basic premises of the Content-Centric networking (CCN) and Named-Data Networking (NDN) architectures, which have been proposed as alternatives to the IP Internet architecture in order to support more efficient access to content available in the Internet. We address the large overhead incurred in NDN and CCN by maintaining forwarding state for each Interest traversing a router and for each content-name prefix known to each router. We introduce a new approach designed to provide orders of magnitude reduction in the complexity of the data plane to make content-centric networking much more viable at Internet scale.

show abstract

PIT overload analysis in content centric networks

Cited by 46 publications

References 14 publications

Exploiting Path Diversity for Thwarting Pollution Attacks in Named Data Networking

Exploiting Path Diversity for Thwarting Pollution Attacks in Named Data Networking

Efficient multicasting in Content-Centric Networks using locator-based Forwarding state

New Directions in Content Centric Networking

Contact Info

Product

Resources

About