Denial-of-service in content centric (named data) networking: a tutorial and state-of-the-art survey

Content centric networking (CCN) is a paradigm shift from current Internet protocol-address-based communication model to content-oriented model in computer networks. Like traditional networks, it is identified that CCN is also vulnerable to many security threats including denial-of-service (DoS). This fact has recently caught a considerable attention in research community while different proposals of defense are being published. In this paper, we provide a literature review on different types of possible DoS attacks in CCN and their proposed countermeasures. DoS attacks can be triggered in CCN to exhaust resources within a CCN router or the ultimate content source(s). Two characteristics of CCN, that is, state maintenance of forwarded requests in a router using pending interest table and the fact that a response (content) follows the same path in reverse direction through which the corresponding request (interest) travels have been taken as major advantages to fight against DoS attacks in CCN under different proposed approaches. This survey makes a contribution by (a) highlighting state-of-the-art work in a tutorial manner on the exploration of different DoS attacks and their countermeasures in CCN, (b) identifying some potential problems of current CCN features and existing proposals of defense, and (c) forecasting and providing an overview of a few possible future techniques to help researchers fight against CCN-DoS attacks. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Gwendal Simon,et al.  Realistic storage of pending requests in Content-Centric Network routers , 2012, 2012 1st IEEE International Conference on Communications in China (ICCC).

[2]  Young-Bae Ko,et al.  A recent popularity based dynamic cache management for Content Centric Networking , 2012, 2012 Fourth International Conference on Ubiquitous and Future Networks (ICUFN).

[3]  Julian Jang,et al.  A survey of emerging threats in cybersecurity , 2014, J. Comput. Syst. Sci..

[4]  Hongke Zhang,et al.  Decoupling malicious Interests from Pending Interest Table to mitigate Interest Flooding Attacks , 2013, 2013 IEEE Globecom Workshops (GC Wkshps).

[5]  Seongmin Kim,et al.  Threat of DoS by interest flooding attack in content-centric networking , 2013, The International Conference on Information Networking 2013 (ICOIN).

[6]  Muhammad Aamir,et al.  A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques , 2013 .

[7]  Pablo Rodriguez,et al.  Privacy risks in named data networking: what is the cost of performance? , 2012, CCRV.

[8]  Marwan Krunz,et al.  An overview of web caching replacement algorithms , 2004, IEEE Communications Surveys & Tutorials.

[9]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[10]  Mauro Conti,et al.  Cache Privacy in Named-Data Networking , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[11]  Mengjun Xie,et al.  Enhancing cache robustness for content-centric networking , 2012, 2012 Proceedings IEEE INFOCOM.

[12]  Zhen Chen,et al.  Parallelizing FIB Lookup in Content Centric Networking , 2012, 2012 Third International Conference on Networking and Distributed Computing.

[13]  Gene Tsudik,et al.  Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking , 2014 .

[14]  Nikos Fotiou,et al.  A Survey of Information-Centric Networking Research , 2014, IEEE Communications Surveys & Tutorials.

[15]  Chong-kwon Kim,et al.  A DoS Detection Method Based on Composition Self-Similarity , 2012, KSII Trans. Internet Inf. Syst..

[16]  Siti Mariyam Shamsuddin,et al.  A Survey of Web Caching and Prefetching , 2011 .

[17]  Aleksandar Kuzmanovic,et al.  Pollution attacks and defenses for Internet caching systems , 2008, Comput. Networks.

[18]  Hongke Zhang,et al.  Modeling denial‐of‐service against pending interest table in named data networking , 2014, Int. J. Commun. Syst..

[19]  Mauro Conti,et al.  A lightweight mechanism for detection of cache pollution attacks in Named Data Networking , 2013, Comput. Networks.

[20]  Riccardo Sisto,et al.  PIT overload analysis in content centric networks , 2013, ICN '13.

[21]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM 2007.

[22]  Tobias Lauinger,et al.  Security & Scalability of Content-Centric Networking , 2010 .

[23]  Gene Tsudik,et al.  Secure Fragmentation for Content-Centric Networks , 2015, NCA.

[24]  Zheng Wang,et al.  Analysis of Flooding DoS Attacks Utilizing DNS Name Error Queries , 2012, KSII Trans. Internet Inf. Syst..

[25]  Gene Tsudik,et al.  DoS and DDoS in Named Data Networking , 2012, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[26]  George Pavlou,et al.  Cache "less for more" in information-centric networks (extended version) , 2013, Comput. Commun..

[27]  Jihoon Lee,et al.  How to Make Content Centric Network (CCN) More Robust against DoS/DDoS Attack , 2013, IEICE Trans. Commun..

[28]  David R. Cheriton,et al.  An Architecture for Content Routing Support in the Internet , 2001, USITS.

[29]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[30]  Gene Tsudik,et al.  DoS & DDoS in Named Data Networking , 2013 .

[31]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[32]  Lan Wang,et al.  OSPFN: An OSPF Based Routing Protocol for Named Data Networking , 2012 .

[33]  Kai Wang,et al.  Content-Centric Networking: Effect of Content Caching on Mitigating DoS Attack , 2012 .

[34]  Thomas C. Schmidt,et al.  Backscatter from the data plane - Threats to stability and security in information-centric network infrastructure , 2012, Comput. Networks.

[35]  Thomas Engel,et al.  Security Monitoring for Content-Centric Networking , 2012, DPM/SETOP.

[36]  Thomas Engel,et al.  A semantic firewall for Content-Centric Networking , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[37]  Alexander Afanasyev,et al.  journal homepage: www.elsevier.com/locate/comcom , 2022 .

[38]  Jia Chen,et al.  RDAI: Router-Based Data Aggregates Identification Mechanism for Named Data Networking , 2013, 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[39]  Pekka Nikander,et al.  LIPSIN: line speed publish/subscribe inter-networking , 2009, SIGCOMM '09.

[40]  Bin Liu,et al.  Mitigate DDoS attacks in NDN by interest traceback , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[41]  Alexander Afanasyev,et al.  Adaptive forwarding in named data networking , 2012, CCRV.

[42]  James F. Kurose,et al.  Information-centric networking: The evolution from circuits to packets to content , 2014, Comput. Networks.

[43]  Gene Tsudik,et al.  Elements of Trust in Named-Data Networking , 2014, ArXiv.

[44]  Massimo Gallo,et al.  Bandwidth and storage sharing performance in information centric networking , 2011, ICN '11.

[45]  Ding Zhang,et al.  On Performance of Cache Policies in Named Data Networking , 2013 .

[46]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.

[47]  Bengt Ahlgren,et al.  A survey of information-centric networking , 2012, IEEE Communications Magazine.

[48]  Jun Bi,et al.  Interest cash: an application-based countermeasure against interest flooding for dynamic content in named data networking , 2014, CFI '14.

[49]  Yoo Chung Distributed denial of service is a scalability problem , 2012, CCRV.

[50]  Gene Tsudik,et al.  Secure Fragmentation for Content-Centric Networks (extended version) , 2014 .

[51]  László Böszörményi,et al.  A survey of Web cache replacement strategies , 2003, CSUR.

[52]  Mauro Conti,et al.  Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[53]  Hongke Zhang,et al.  Detecting and mitigating interest flooding attacks in content-centric network , 2014, Secur. Commun. Networks.

[54]  Jianqiang Tang,et al.  Identifying Interest Flooding in Named Data Networking , 2013, 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing.

[55]  Emiliano De Cristofaro,et al.  Privacy in content-oriented networking: threats and countermeasures , 2012, CCRV.

[56]  Hongke Zhang,et al.  Cooperative-Filter: countering Interest flooding attacks in named data networking , 2014, Soft Comput..

[57]  Giacomo Morabito,et al.  From content delivery today to information centric networking , 2013, Comput. Networks.

[58]  Guoqiang Zhang,et al.  Caching in information centric networking: A survey , 2013, Comput. Networks.