Privacy in content-oriented networking: threats and countermeasures

As the Internet struggles to cope with scalability, mobility, and security issues, new network architectures are being proposed to better accommodate the needs of modern systems and applications. In particular, Content-Oriented Networking (CON) has emerged as a promising next-generation Internet architecture: it sets to decouple content from hosts, at the network layer, by naming data rather than hosts. CON comes with a potential for a wide range of benefits, including reduced congestion and improved delivery speed by means of content caching, simpler configuration of network devices, and security at the data level. However, it remains an interesting open question whether or not, and to what extent, this emerging networking paradigm bears new privacy challenges. In this paper, we provide a systematic privacy analysis of CON and the common building blocks among its various architectural instances in order to highlight emerging privacy threats, and analyze a few potential countermeasures. Finally, we present a comparison between CON and today's Internet in the context of a few privacy concepts, such as, anonymity, censoring, traceability, and confidentiality.

[1]  Gwendal Simon,et al.  Realistic storage of pending requests in Content-Centric Network routers , 2012, 2012 1st IEEE International Conference on Communications in China (ICCC).

[2]  Nikolaos Laoutaris,et al.  Meta algorithms for hierarchical Web caches , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[3]  Michael Walfish,et al.  A layered naming architecture for the internet , 2004, SIGCOMM '04.

[4]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[5]  UzunErsin,et al.  Privacy in content-oriented networking , 2013 .

[6]  Bengt Ahlgren,et al.  A survey of information-centric networking , 2012, IEEE Communications Magazine.

[7]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[8]  Pablo Rodriguez,et al.  Privacy Implications of Ubiquitous Caching in Named Data Networking Architectures , 2012 .

[9]  Yanghee Choi,et al.  A Survey on content-oriented networking for efficient content delivery , 2011, IEEE Communications Magazine.

[10]  J. Boyan DATA AND INFORMATION COLLECTION ON THE NET The Anonymizer Protecting User Privacy on the Web , 1997 .

[11]  Roger Dingledine Tor and Circumvention: Lessons Learned - (Abstract to Go with Invited Talk) , 2011, CRYPTO.

[12]  Hannes Hartenstein,et al.  A simulation study on the performance of Mobile IPv6 in a WLAN-based cellular network , 2002, Comput. Networks.

[13]  Steven D. Galbraith,et al.  Invisibility and Anonymity of Undeniable and Confirmer Signatures , 2003, CT-RSA.

[14]  Robert Tappan Morris,et al.  User-Relative Names for Globally Connected Personal Devices , 2006, IPTPS.

[15]  Yanghee Choi,et al.  WAVE: Popularity-based and collaborative in-network caching for content-oriented networks , 2012, 2012 Proceedings IEEE INFOCOM Workshops.

[16]  Ben Y. Zhao,et al.  Tapestry: a fault-tolerant wide-area application infrastructure , 2002, CCRV.

[17]  Milton L. Mueller,et al.  The end of the net as we know it? Deep packet inspection and internet governance , 2011, New Media Soc..

[18]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[19]  Yanghee Choi,et al.  Content-Oriented Networking as a Future Internet Infrastructure : Concepts , Strengths , and Application Scenarios , 2008 .

[20]  Claude Castelluccia,et al.  HMIPv6: A hierarchical mobile IPv6 proposal , 2000, MOCO.

[21]  Edward W. Felten,et al.  Timing attacks on Web privacy , 2000, CCS.

[22]  Alexander L. Wolf,et al.  A routing scheme for content-based networking , 2004, IEEE INFOCOM 2004.

[23]  Pekka Nikander,et al.  Secure naming in information-centric networks , 2010, ReARCH '10.

[24]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM '07.

[25]  Mauro Conti,et al.  Cache Privacy in Named-Data Networking , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[26]  George Pavlou,et al.  Probabilistic in-network caching for information-centric networks , 2012, ICN '12.

[27]  Bengt Ahlgren,et al.  Secure Naming for a Network of Information , 2010, 2010 INFOCOM IEEE Conference on Computer Communications Workshops.

[28]  Dario Rossi,et al.  On sizing CCN content stores by exploiting topological information , 2012, 2012 Proceedings IEEE INFOCOM Workshops.

[29]  Sem C. Borst,et al.  Distributed Caching Algorithms for Content Distribution Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[30]  Mark Allman Personal Namespaces , 2007, HotNets.

[31]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[32]  Aleksandar Kuzmanovic,et al.  Pollution attacks and defenses for Internet caching systems , 2008, Comput. Networks.

[33]  Walid Dabbous,et al.  Spying the World from Your Laptop: Identifying and Profiling Content Providers and Big Downloaders in BitTorrent , 2010, LEET.

[34]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[35]  Felix C. Freiling,et al.  Supporting Mobility in Content-Based Publish/Subscribe Middleware , 2003, Middleware.

[36]  Scott Shenker,et al.  ROFL: routing on flat labels , 2006, SIGCOMM 2006.

[37]  Walid Dabbous,et al.  One Bad Apple Spoils the Bunch: Exploiting P2P Applications to Trace and Profile Tor Users , 2011, LEET.

[38]  Gene Tsudik,et al.  ANDaNA: Anonymous Named Data Networking Application , 2011, NDSS.

[39]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[40]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[41]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[42]  Stefan Lindskog,et al.  How the Great Firewall of China is Blocking Tor , 2012, FOCI.

[43]  Sasu Tarkoma,et al.  LANES: an inter-domain data-oriented routing architecture , 2009, ReArch '09.

[44]  Gene Tsudik,et al.  DoS and DDoS in Named Data Networking , 2012, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[45]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[46]  Dario Rossi,et al.  A dive into the caching performance of Content Centric Networking , 2012, 2012 IEEE 17th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD).

[47]  Jedidiah R. Crandall,et al.  ConceptDoppler: a weather tracker for internet censorship , 2007, CCS '07.

[48]  William Adjie-Winoto,et al.  The design and implementation of an intentional naming system , 2000, OPSR.

[49]  David R. Cheriton,et al.  An Architecture for Content Routing Support in the Internet , 2001, USITS.

[50]  Vitaly Shmatikov,et al.  The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.

[51]  Pablo Rodriguez,et al.  Privacy risks in named data networking: what is the cost of performance? , 2012, CCRV.

[52]  Gene Tsudik,et al.  Securing instrumented environments over content-centric networking: the case of lighting control and NDN , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[53]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[54]  V. Jacobson,et al.  Securing Network Content , 2009 .

[55]  Pablo Rodriguez,et al.  Deep diving into BitTorrent locality , 2009, 2011 Proceedings IEEE INFOCOM.

[56]  Scott Shenker,et al.  On preserving privacy in content-oriented networks , 2011, ICN '11.

[57]  深度 Do Not Track真的有用吗 , 2013 .

[58]  Martín Abadi,et al.  Host Fingerprinting and Tracking on the Web: Privacy and Security Implications , 2012, NDSS.

[59]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[60]  Åke Arvidsson,et al.  On the effects of caching in access aggregation networks , 2012, ICN '12.

[61]  Luigi Iannone,et al.  LISP-DHT: towards a DHT to map identifiers onto locators , 2008, CoNEXT '08.

[62]  Pablo Rodriguez,et al.  Deep diving into BitTorrent locality , 2011, INFOCOM.

[63]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..