Secure Fragmentation for Content-Centric Networks

Content-Centric Networking (CCN) is a communication paradigm that emphasizes content distribution. Named-Data Networking (NDN) is an instantiation of CCN, a candidate Future Internet Architecture. NDN supports human-readable content naming and router-based content caching which lends itself to efficient, secure, and scalable content distribution. Because of NDN's fundamental requirement that each content object must be signed by its producer, fragmentation has been considered incompatible with NDN since it precludes authentication of individual content fragments by routers. The alternative is to perform hop-by-hop reassembly, which incurs prohibitive delays. In this paper, we show that secure and efficient content fragmentation is both possible and even advantageous in NDN and similar content-centric network architectures that involve signed content. We design a concrete technique that facilitates efficient and secure content fragmentation in NDN, discuss its security guarantees and assess performance. We also describe a prototype implementation and compare performance of cut-through with hop-by-hop fragmentation and reassembly.

[1]  Craig Partridge Authentication For Fragments , 2005 .

[2]  Stephen Farrell,et al.  Network of Information (NetInf) - An information-centric networking architecture , 2013, Comput. Commun..

[3]  Dipankar Raychaudhuri,et al.  MobilityFirst future internet architecture project , 2011, AINTEC '11.

[4]  Gene Tsudik Datagram authentication in internet gateways: implications of fragmentation and dynamic routing , 1989, IEEE J. Sel. Areas Commun..

[5]  Nicola Blefari-Melazzi,et al.  Transport-layer issues in information centric networks , 2012, ICN '12.

[6]  Nicola Blefari-Melazzi,et al.  CONET: a content centric inter-networking architecture , 2011, ICN '11.

[7]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM 2007.

[8]  Marc Mosko,et al.  Secure Fragmentation for Content-Centric Networks , 2014, 2015 IEEE 14th International Symposium on Network Computing and Applications.

[9]  Gene Tsudik,et al.  Network-Layer Trust in Named-Data Networking , 2014, CCRV.

[10]  George N. Rouskas,et al.  Choice as a principle in network architecture , 2012, SIGCOMM '12.

[11]  David R. Cheriton,et al.  An Architecture for Content Routing Support in the Internet , 2001, USITS.

[12]  Sheila Frankel,et al.  IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap , 2011, RFC.

[13]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[14]  Robert L. Popp,et al.  Implications of Internet Fragmentation and Transit Network Authentication , 1993 .

[15]  Srinivasan Seshan,et al.  XIA: Efficient Support for Evolvable Internetworking , 2012, NSDI.

[16]  Jeffrey C. Mogul,et al.  Fragmentation considered harmful , 1987, CCRV.

[17]  Andreas Haeberlen,et al.  The Nebula Future Internet Architecture , 2013, Future Internet Assembly.

[18]  Kevin Lahey,et al.  TCP Problems with Path MTU Discovery , 2000, RFC.

[19]  Jörg Ott,et al.  NRC-TR-2007-007 Towards Securing Disruption-Tolerant Networking , 2007 .

[20]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.