Security Monitoring for Content-Centric Networking

Goergen, David; Cholez, Thibault; Jérôme, François; Engel, Thomas

doi:10.1007/978-3-642-35890-6_20

Cited by 21 publications

(19 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The hierarchical structure of names can be used in this context to serve as the basis for a hierarchical public key infrastructure (PKI), so that the use of a namespace is certified by the authority controlling the superordinate namespace. For this work, we assume such a PKI and for more details on the security part of CCN refer to [6,15,27]. These related works also studied how CCN can withstand different attack scenarios and analyzed the risk induced by cached content.…”

Section: Overviewmentioning

confidence: 99%

Mobility support for content centric networking

2014

View full text Add to dashboard Cite

The current Internet architecture was designed more than 30 years ago for a very different set of services than those used today. Several new architectures have been proposed for a Future Internet to better meet today's and future requirements. Content centric networking (CCN) is a prominent information centric networking (ICN) architecture which gains worldwide attention by researchers and the focus of this article. CCN, like other ICN architectures, is based on the idea of naming content instead of hosts, allowing routers to cache popular content. It has been shown that CCN can support point-to-point real-time conversations, for example voice or video calls. However, it has not been defined how node mobility can be achieved in such a scenario with real-time requirements. This article illustrates the problems of mobility in CCN for real-time applications and proposes three different solutions. A testbed has been established to emulate the handover procedures of the different proposals and analyze the quality of experience (QoE) score during handover. The results show that the presented approaches can reduce the handover delay time and also reduce signaling overhead in CCN.

show abstract

Section: Overviewmentioning

confidence: 99%

Mobility support for content centric networking

2014

View full text Add to dashboard Cite

show abstract

“…Bianchi et al [23] and Detti et al [24] analyze the cost of content integrity verification with the Least Recently Used (LRU) caching strategy. Goergen et al [25] propose a CCN/NDN firewall to filter CCN packets according to content names. Cache pollution attacks and defenses are extensively discussed in [26]- [28].…”

Section: Related Workmentioning

confidence: 99%

“…C ← ENC P (C); 10: end if 11: else if ((i ∈ R † C ) && (C is 1-cacheable)) then 12: {y 1 , y 2 , · · · , y 2l } ← X † || X; 13: else if (C is all-cacheable) then 14: {y 1 , y 2 , · · · , y 2l } ← X || X; 15: end if {The rest of the algorithm (steps [16][17][18][19][20][21][22][23][24][25] is the same as steps 10-19 in Algorithm 1. }…”

Section: Algorithm 3 Live Signing Algorithm With Content Encryptionmentioning

confidence: 99%

LIVE: Lightweight Integrity Verification and Content Access Control for Named Data Networking

Zhang

Zheng

et al. 2015

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Named data networking (NDN) is a new paradigm for the future Internet wherein interest and data packets carry content names rather than the current IP paradigm of source and destination addresses. Security is built into NDN by embedding a public key signature in each data packet to enable verification of authenticity and integrity of the content. However, existing heavyweight signature generation and verification algorithms prevent universal integrity verification among NDN nodes, which may result in content pollution and denial of service attacks. Furthermore, caching and location-independent content access disables the capability of a content provider to control content access, e.g., who can cache a content and which end user or device can access it. We propose a lightweight integrity verification (LIVE) architecture, an extension to the NDN protocol, to address these two issues seamlessly. LIVE enables universal content signature verification in NDN with lightweight signature generation and verification algorithms. Furthermore, it allows a content provider to control content access in NDN nodes by selectively distributing integrity verification tokens to authorized nodes. We evaluate the effectiveness of LIVE with open source CCNx project. Our paper shows that LIVE only incurs average 10% delay in accessing contents. Compared with traditional public key signature schemes, the verification delay is reduced by over 20 times in LIVE.

show abstract

“…A monitoring approach for instrumentation of CCN routers is discussed by Goergen et al using which the flooding attacks can be detected through monitoring of network traffic anomalies for the following parameters: number of bytes received per second, number of bytes sent per second, number of data packets received per second, number of data packets sent per second, number of interests received per second, and number of interests sent per second.…”

Section: Countermeasures Of Ccn‐dos Attacksmentioning

confidence: 99%

“…A monitoring approach for instrumentation of CCN routers is discussed by Goergen et al [37] using which the flooding attacks can be detected through monitoring of network traffic anomalies for the following parameters:…”

Section: Monitoring Of Traffic Anomaliesmentioning

confidence: 99%

Denial‐of‐service in content centric (named data) networking: a tutorial and state‐of‐the‐art survey

Aamir¹,

Zaidi

2014

Security Comm Networks

View full text Add to dashboard Cite

Content centric networking (CCN) is a paradigm shift from current Internet protocol‐address‐based communication model to content‐oriented model in computer networks. Like traditional networks, it is identified that CCN is also vulnerable to many security threats including denial‐of‐service (DoS). This fact has recently caught a considerable attention in research community while different proposals of defense are being published. In this paper, we provide a literature review on different types of possible DoS attacks in CCN and their proposed countermeasures. DoS attacks can be triggered in CCN to exhaust resources within a CCN router or the ultimate content source(s). Two characteristics of CCN, that is, state maintenance of forwarded requests in a router using pending interest table and the fact that a response (content) follows the same path in reverse direction through which the corresponding request (interest) travels have been taken as major advantages to fight against DoS attacks in CCN under different proposed approaches. This survey makes a contribution by (a) highlighting state‐of‐the‐art work in a tutorial manner on the exploration of different DoS attacks and their countermeasures in CCN, (b) identifying some potential problems of current CCN features and existing proposals of defense, and (c) forecasting and providing an overview of a few possible future techniques to help researchers fight against CCN‐DoS attacks. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Security Monitoring for Content-Centric Networking

Cited by 21 publications

References 8 publications

Mobility support for content centric networking

Mobility support for content centric networking

LIVE: Lightweight Integrity Verification and Content Access Control for Named Data Networking

Denial‐of‐service in content centric (named data) networking: a tutorial and state‐of‐the‐art survey

Contact Info

Product

Resources

About