Timing Attacks on Access Privacy in Information Centric Networks and Countermeasures

In recently proposed information centric networks (ICN), a user issues “interest” packets to retrieve contents from network by names. Once fetched from origin servers, “data” packets are replicated and cached in all routers along routing and forwarding paths, thus allowing further interests from other users to be fulfilled quickly. However, the way ICN caching and interest fulfillment work poses a great privacy risk: the time difference between responses for an interest of cached and uncached content can be used as an indicator to infer whether or not a near-by user has previously requested the same content as that requested by an adversary. This work introduces the extent to which the problem is applicable in ICN and provides several solutions that try to strike a balance between cost and benefits, and raise the bar for an adversary to apply such attack.

[1]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[2]  N. Saitou,et al.  The neighbor-joining method: a new method for reconstructing phylogenetic trees. , 1987, Molecular biology and evolution.

[3]  Sergey Brin,et al.  The Anatomy of a Large-Scale Hypertextual Web Search Engine , 1998, Comput. Networks.

[4]  Marc Green Toward a Perceptual Science of Multidimensional Data Visualization : Bertin and Beyond , 1998 .

[5]  Donald F. Towsley,et al.  Measurement and modelling of the temporal dependence in packet loss , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[6]  Steven McCanne,et al.  Inference of multicast routing trees and bottleneck bandwidths using end-to-end measurements , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[7]  Edward W. Felten,et al.  Timing attacks on Web privacy , 2000, CCS.

[8]  David R. Cheriton,et al.  An Architecture for Content Routing Support in the Internet , 2001, USITS.

[9]  Donald F. Towsley,et al.  Multicast-based inference of network-internal delay distributions , 2002, TNET.

[10]  Joshua D. Guttman,et al.  Information Flow in Operating Systems: Eager Formal Methods , 2003 .

[11]  Niels Provos,et al.  Preventing Privilege Escalation , 2003, USENIX Security Symposium.

[12]  Fangzhe Chang,et al.  Topology inference in the presence of anonymous routers , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[13]  Trent Jaeger,et al.  Analyzing Integrity Protection in the SELinux Example Policy , 2003, USENIX Security Symposium.

[14]  Robert D. Nowak,et al.  Network delay tomography , 2003, IEEE Trans. Signal Process..

[15]  S. Stoller,et al.  Policy Analysis for Security-Enhanced Linux ∗ , 2003 .

[16]  Michael Walfish,et al.  A layered naming architecture for the internet , 2004, SIGCOMM '04.

[17]  Trent Jaeger,et al.  Toward Automated Information-Flow Integrity Verification for Security-Critical Applications , 2006, NDSS.

[18]  Daniel Stutzbach,et al.  Understanding churn in peer-to-peer networks , 2006, IMC '06.

[19]  I. Stoica,et al.  ROFL: routing on flat labels , 2006, SIGCOMM.

[20]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM '07.

[21]  Paul Barford,et al.  An active measurement system for shared environments , 2007, IMC '07.

[22]  Alfred O. Hero,et al.  Hierarchical Inference of Unicast Network Topologies Based on End-to-End Measurements , 2007, IEEE Transactions on Signal Processing.

[23]  Trent Jaeger,et al.  A logical specification and analysis for SELinux MLS policy , 2007, SACMAT '07.

[24]  Nicholas Hopper,et al.  How much anonymity does network latency leak? , 2007, TSEC.

[25]  Nick Feamster,et al.  Accountable internet protocol (aip) , 2008, SIGCOMM '08.

[26]  Jean-Pierre Seifert,et al.  Model-based behavioral attestation , 2008, SACMAT '08.

[27]  Stephen Smalley,et al.  Configuring the SELinux Policy , 2008 .

[28]  Gail-Joon Ahn,et al.  Systematic Policy Analysis for High-Assurance Services in SELinux , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[29]  Gail-Joon Ahn,et al.  Visualization based policy analysis: case study in SELinux , 2008, SACMAT '08.

[30]  Nicholas Hopper,et al.  Scalable onion routing with torsk , 2009, CCS.

[31]  Martín Casado,et al.  Extending Networking into the Virtualization Layer , 2009, HotNets.

[32]  Gail-Joon Ahn,et al.  Towards System Integrity Protection with Graph-Based Policy Analysis , 2009, DBSec.

[33]  Trent Jaeger,et al.  A logical specification and analysis for SELinux MLS policy , 2010 .

[34]  Karen R. Sollins,et al.  Arguments for an information-centric internetworking architecture , 2010, CCRV.

[35]  Pekka Nikander,et al.  Secure naming in information-centric networks , 2010, ReARCH '10.

[36]  Yanghee Choi,et al.  Host-oblivious security for content-based networks , 2010, CFI.

[37]  Deborah Estrin,et al.  Named Data Networking (NDN) Project , 2010 .

[38]  George C. Polyzos,et al.  A Hybrid Overlay Multicast and Caching Scheme for Information-Centric Networking , 2010, 2010 INFOCOM IEEE Conference on Computer Communications Workshops.

[39]  Yanghee Choi,et al.  Decentralized and autonomous content overlay networking (DACON) with WiFi access points , 2010, CFI.

[40]  Srinivasan Seshan,et al.  XIA: an architecture for an evolvable and trustworthy internet , 2011, HotNets-X.

[41]  Scott Shenker,et al.  Naming in content-oriented architectures , 2011, ICN '11.

[42]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[43]  Scott Shenker,et al.  On preserving privacy in content-oriented networks , 2011, ICN '11.

[44]  Ankit Singla,et al.  Information-centric networking: seeing the forest for the trees , 2011, HotNets-X.

[45]  Yonggang Wen,et al.  Towards name-based trust and security for content-centric network , 2011, 2011 19th IEEE International Conference on Network Protocols.

[46]  Dipankar Raychaudhuri,et al.  MobilityFirst future internet architecture project , 2011, AINTEC '11.

[47]  Ankit Singla,et al.  Intelligent design enables architectural evolution , 2011, HotNets-X.

[48]  Nicola Blefari-Melazzi,et al.  CONET: a content centric inter-networking architecture , 2011, ICN '11.

[49]  Srinivasan Seshan,et al.  XIA: Efficient Support for Evolvable Internetworking , 2012, NSDI.

[50]  Yanghee Choi,et al.  WAVE: Popularity-based and collaborative in-network caching for content-oriented networks , 2012, 2012 Proceedings IEEE INFOCOM Workshops.

[51]  Amir Herzberg,et al.  Spying in the Dark: TCP and Tor Traffic Analysis , 2012, Privacy Enhancing Technologies.

[52]  Pablo Rodriguez,et al.  Privacy risks in named data networking: what is the cost of performance? , 2012, CCRV.

[53]  Nishanth R. Sastry,et al.  A survey of mobility in information-centric networks: challenges and research directions , 2012, NoM '12.

[54]  George Pavlou,et al.  Cache "Less for More" in Information-Centric Networks , 2012, Networking.

[55]  Nicholas Hopper,et al.  Routing around decoys , 2012, CCS.

[56]  Bengt Ahlgren,et al.  A survey of information-centric networking , 2012, IEEE Communications Magazine.

[57]  Van Jacobson,et al.  Networking named content , 2012, Commun. ACM.

[58]  Sapna Singh,et al.  A Trust Based Approach For Secure Access Control In Information Centric Network , 2012 .

[59]  Injong Rhee,et al.  Advertising cached contents in the control plane: Necessity and feasibility , 2012, 2012 Proceedings IEEE INFOCOM Workshops.

[60]  Nicola Blefari-Melazzi,et al.  Transport-layer issues in information centric networks , 2012, ICN '12.

[61]  Mauro Conti,et al.  Cache Privacy in Named-Data Networking , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[62]  Bruce M. Maggs,et al.  Less pain, most of the gain: incrementally deployable ICN , 2013, SIGCOMM.

[63]  Aziz Mohaisen,et al.  Protecting access privacy of cached contents in information centric networks , 2013, ASIA CCS '13.

[64]  Thomas C. Schmidt,et al.  Backscatter from the data plane - Threats to stability and security in information-centric network infrastructure , 2012, Comput. Networks.