Privacy-Aware Caching in Information-Centric Networking

Information-Centric Networking (ICN) is an emerging networking paradigm where named and routable data (content) is the focal point. Users send explicit requests (interests) which specify content by name, and the network handles routing these interests to some entity capable of satisfying them with the appropriate data response (producer). One key feature of ICN is opportunistic in-network content caching. This property facilitates efficient content distribution by reducing bandwidth consumption, lessening network congestion, and improving the content retrieval latency by users (consumers). Unfortunately, the same feature is also detrimental to privacy of content consumers and producers. Simple to implement, and difficult to detect, timing attacks can exploit ICN routers as “oracles” and allow an adversary to learn whether a nearby consumer recently requested certain content. The attack leverages a timing side channel that relies on router caches and is implemented by requesting a few packets from each piece of content being probed. Similarly, probing attacks that target content producers can be used to discover whether certain content has been recently distributed. After analyzing the scope and feasibility of such attacks, we propose and evaluate some efficient countermeasures that offer quantifiable privacy guarantees while retaining the benefits of ICN.

[1]  Edward W. Felten,et al.  Timing attacks on Web privacy , 2000, CCS.

[2]  Zachary Weinberg,et al.  I Still Know What You Visited Last Summer: Leaking Browsing History via User Interaction and Side Channel Attacks , 2011, 2011 IEEE Symposium on Security and Privacy.

[3]  Gene Tsudik,et al.  Network-Layer Trust in Named-Data Networking , 2014, CCRV.

[4]  Tobias Lauinger,et al.  Security & Scalability of Content-Centric Networking , 2010 .

[5]  Markus Jakobsson,et al.  Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks , 2007, IEEE Security & Privacy.

[6]  Enrico Tronci,et al.  Formal Models of Timing Attacks on Web Privacy , 2002, TOSCA.

[7]  J. J. Garcia-Luna-Aceves,et al.  Understanding optimal caching and opportunistic caching at "the edge" of information-centric networks , 2014, ICN '14.

[8]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[9]  Aziz Mohaisen,et al.  Timing Attacks on Access Privacy in Information Centric Networks and Countermeasures , 2015, IEEE Transactions on Dependable and Secure Computing.

[10]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[11]  Gene Tsudik,et al.  ANDaNA: Anonymous Named Data Networking Application , 2011, NDSS.

[12]  S WallachDan,et al.  Opportunities and Limits of Remote Timing Attacks , 2009 .

[13]  Gene Tsudik,et al.  AC3N: Anonymous communication in Content-Centric Networking , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[14]  Sebastian Schinzel An Efficient Mitigation Method for Timing Side Channels on the Web , 2011 .

[15]  Enrico Tronci,et al.  Automated analysis of timed security: a case study on web privacy , 2004, International Journal of Information Security.

[16]  Mauro Conti,et al.  Cache Privacy in Named-Data Networking , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[17]  Ge Zhang,et al.  Revealing the Calling History of SIP VoIP Systems by Timing Attacks , 2009, 2009 International Conference on Availability, Reliability and Security.

[18]  Ashwin Machanavajjhala,et al.  Privacy: Theory meets Practice on the Map , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[19]  Ashwin Machanavajjhala,et al.  Publishing Search Logs—A Comparative Study of Privacy Guarantees , 2012, IEEE Transactions on Knowledge and Data Engineering.

[20]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[21]  David C. Plummer,et al.  Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware , 1982, RFC.

[22]  Dan S. Wallach,et al.  Opportunities and Limits of Remote Timing Attacks , 2009, TSEC.

[23]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[24]  Deborah Estrin,et al.  Named Data Networking (NDN) Project , 2010 .

[25]  Dan Boneh,et al.  Exposing private information by timing web applications , 2007, WWW '07.

[26]  Aziz Mohaisen,et al.  Protecting access privacy of cached contents in information centric networks , 2013, ASIA CCS '13.

[27]  Amir Herzberg,et al.  Spying in the Dark: TCP and Tor Traffic Analysis , 2012, Privacy Enhancing Technologies.

[28]  Dario Rossi,et al.  Experiences of VoIP traffic monitoring in a commercial ISP , 2010, Int. J. Netw. Manag..