Network-Layer Trust in Named-Data Networking

In contrast to today's IP-based host-oriented Internet architecture, Information-Centric Networking (ICN) emphasizes content by making it directly addressable and routable. Named Data Networking (NDN) architecture is an instance of ICN that is being developed as a candidate next-generation Internet architecture. By opportunistically caching content within the network, NDN appears to be well-suited for large-scale content distribution and for meeting the needs of increasingly mobile and bandwidth-hungry applications that dominate today's Internet. One key feature of NDN is the requirement for each content object to be digitally signed by its producer. Thus, NDN should be, in principle, immune to distributing fake (aka "poisoned") content. However, in practice, this poses two challenges for detecting fake content in NDN routers: (1) overhead due to signature verification and certificate chain traversal, and (2) lack of trust context, i.e., determining which public keys are trusted to verify which content. Because of these issues, NDN does not force routers to verify content signatures, which makes the architecture susceptible to content poisoning attacks. This paper explores root causes of, and some cures for, content poisoning attacks in NDN. In the process, it becomes apparent that meaningful mitigation of content poisoning is contingent upon a network-layer trust management architecture, elements of which we construct, while carefully justifying specific design choices. This work represents the initial effort towards comprehensive trust management for NDN.

[1]  Alexander Afanasyev,et al.  journal homepage: www.elsevier.com/locate/comcom , 2022 .

[2]  Deborah Estrin,et al.  Named Data Networking (NDN) Project 2011 - 2012 Annual Report , 2012 .

[3]  Scott Shenker,et al.  Naming in content-oriented architectures , 2011, ICN '11.

[4]  Mischa Schwartz,et al.  ACM SIGCOMM computer communication review , 2001, CCRV.

[5]  Gene Tsudik,et al.  DoS and DDoS in Named Data Networking , 2012, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[6]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[7]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.

[8]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[9]  Deborah Estrin,et al.  Named Data Networking (NDN) Project , 2010 .

[10]  Gene Tsudik,et al.  Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking , 2014 .

[11]  Bruce M. Maggs,et al.  Less pain, most of the gain: incrementally deployable ICN , 2013, SIGCOMM.

[12]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM 2007.

[13]  Ashok Narayanan,et al.  Self-verifying names for read-only named data , 2012, 2012 Proceedings IEEE INFOCOM Workshops.

[14]  Ankit Singla,et al.  Information-centric networking: seeing the forest for the trees , 2011, HotNets-X.

[15]  Klara Nahrstedt,et al.  A trust management framework for service-oriented environments , 2009, WWW '09.

[16]  Mauro Conti,et al.  Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[17]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[18]  Rodrigo Roman,et al.  Trust management systems for wireless sensor networks: Best practices , 2010, Comput. Commun..

[19]  Mauro Conti,et al.  A lightweight mechanism for detection of cache pollution attacks in Named Data Networking , 2013, Comput. Networks.

[20]  G. Pulla,et al.  A SURVEY ON TRUST MANAGEMENT FOR MOBILE AD HOC NETWORKS , 2010 .

[21]  Gene Tsudik,et al.  DoS & DDoS in Named Data Networking , 2013 .

[22]  Timothy W. Finin,et al.  Coping with Node Misbehaviors in Ad Hoc Networks: A Multi-dimensional Trust Management Approach , 2010, 2010 Eleventh International Conference on Mobile Data Management.

[23]  Yacine Challal,et al.  Certification-based trust models in mobile ad hoc networks: A survey and taxonomy , 2012, J. Netw. Comput. Appl..

[24]  S. Challa,et al.  Trust Management in Wireless Sensor Networks , 2007 .

[25]  David Mazières,et al.  Separating key management from file system security , 1999, SOSP.

[26]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[27]  V. Jacobson,et al.  Securing Network Content , 2009 .