Content-Centric and Named-Data Networking Security: The Good, The Bad and The Rest

Named Data Networking and Content-Centric Networking (NDN and CCN, respectively) are closely related networking architectures which, unlike host-centric IP, emphasize content by explicitly naming it, and by making content names addressable and routable in the network. They support innetwork (router-side) content caching, thus facilitating efficient and scalable content distribution, for which IP is comparatively poorly suited. These architectures also include new network-layer security features, such as signed content. While avoiding certain security problems of today’s Internet, NDN and CCN trigger some new security and privacy issues. This paper overviews the security landscape of NDN/CCN, and focuses on two main areas of concern: (1) Interest Flooding Attacks, and (2)Producer, Consumer, and Content Privacy. We argue that, despite many attempts to fix these problems, they have not been fully addressed, and discuss the challenges that inhibit comprehensive solutions.

[1]  Diego Perino,et al.  A reality check for content centric networking , 2011, ICN '11.

[2]  Gene Tsudik,et al.  AC3N: Anonymous communication in Content-Centric Networking , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[3]  Alexander Afanasyev,et al.  SNAMP: Secure namespace mapping to scale NDN forwarding , 2015, 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[4]  A. Serhrouchni,et al.  Named-Data security scheme for Named Data Networking , 2012, 2012 Third International Conference on The Network of the Future (NOF).

[5]  Lan Wang,et al.  OSPFN: An OSPF Based Routing Protocol for Named Data Networking , 2012 .

[6]  Yonggang Wen,et al.  Towards name-based trust and security for content-centric network , 2011, 2011 19th IEEE International Conference on Network Protocols.

[7]  Mauro Conti,et al.  Privacy-Aware Caching in Information-Centric Networking , 2019, IEEE Transactions on Dependable and Secure Computing.

[8]  Bin Liu,et al.  Mitigate DDoS attacks in NDN by interest traceback , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[9]  Yang Su,et al.  Protecting router cache privacy in named data networking , 2015, 2015 IEEE/CIC International Conference on Communications in China (ICCC).

[10]  Mauro Conti,et al.  Cache Privacy in Named-Data Networking , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[11]  Christopher A. Wood,et al.  Flexible end-to-end content security in CCN , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[12]  Gene Tsudik,et al.  Network-Layer Trust in Named-Data Networking , 2014, CCRV.

[13]  V. Jacobson,et al.  Securing Network Content , 2009 .

[14]  Gene Tsudik,et al.  Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking , 2014 .

[15]  Mauro Conti,et al.  Covert ephemeral communication in named data networking , 2014, AsiaCCS.

[16]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[17]  Jianqing Zhang,et al.  Toward content-centric privacy in ICN: attribute-based encryption and routing , 2013, SIGCOMM 2013.

[18]  Sérgio Donizetti Zorzo,et al.  An access control mechanism to ensure privacy in named data networking using attribute-based encryption with immediate revocation of privileges , 2015, 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC).

[19]  Mauro Conti,et al.  Security and Privacy Analysis of National Science Foundation Future Internet Architectures , 2018, IEEE Communications Surveys & Tutorials.

[20]  Luigi V. Mancini,et al.  Violating Consumer Anonymity: Geo-Locating Nodes in Named Data Networking , 2015, ACNS.

[21]  Gene Tsudik,et al.  Living in a PIT-less World: A Case Against Stateful Forwarding in Content-Centric Networking , 2015, ArXiv.

[22]  Stefan Lindskog,et al.  Spoiled Onions: Exposing Malicious Tor Exit Relays , 2014, Privacy Enhancing Technologies.

[23]  Gene Tsudik,et al.  DoS and DDoS in Named Data Networking , 2012, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[24]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.

[25]  Patrick Crowley,et al.  Scalable NDN Forwarding: Concepts, Issues and Principles , 2012, 2012 21st International Conference on Computer Communications and Networks (ICCCN).

[26]  Xinyi Zhang,et al.  An On-demand Multi-Path Interest Forwarding strategy for content retrievals in CCN , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[27]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[28]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[29]  Mauro Conti,et al.  Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[30]  Gene Tsudik,et al.  ANDaNA: Anonymous Named Data Networking Application , 2011, NDSS.

[31]  Deborah Estrin,et al.  Named Data Networking (NDN) Project , 2010 .

[32]  Ashok Narayanan,et al.  Self-verifying names for read-only named data , 2012, 2012 Proceedings IEEE INFOCOM Workshops.

[33]  Aziz Mohaisen,et al.  Protecting access privacy of cached contents in information centric networks , 2013, ASIA CCS '13.

[34]  Tamer Refaei,et al.  Neutralizing interest flooding attacks in Named Data Networks using cryptographic route tokens , 2016, 2016 IEEE 15th International Symposium on Network Computing and Applications (NCA).

[35]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.