Interest cash: an application-based countermeasure against interest flooding for dynamic content in named data networking

As a design of information-centric network architecture, Named Data Networking (NDN) provides content-based security. The signature binding the name with the content is the key point of content-based security in NDN. However, signing a content will introduce a significant computation overhead, especially for dynamically generated content. Adversaries can take advantages of such computation overhead to deplete the resources of the content provider. In this paper, we propose Interest Cash, an application-based countermeasure against Interest Flooding for dynamic content. Interest Cash requires a content consumer to solve a puzzle before it sends an Interest. The content consumer should provide a solution to this puzzle as cash to get the signing service from the content provider. The experiment shows that an adversary has to use more than 300 times computation resources of the content provider to commit a successful attack when Interest Cash is used.

[1]  Deborah Estrin,et al.  Named Data Networking (NDN) Project , 2010 .

[2]  Diego Perino,et al.  A reality check for content centric networking , 2011, ICN '11.

[3]  Hongke Zhang,et al.  Detecting and mitigating interest flooding attacks in content-centric network , 2014, Secur. Commun. Networks.

[4]  Jianqiang Tang,et al.  Identifying Interest Flooding in Named Data Networking , 2013, 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing.

[5]  Ari Juels,et al.  $evwu Dfw , 1998 .

[6]  Bin Liu,et al.  Mitigate DDoS attacks in NDN by interest traceback , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[7]  Dong Jin,et al.  Reconstructing Hash Reversal based Proof of Work Schemes , 2011, LEET.

[8]  Mauro Conti,et al.  Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[9]  Gene Tsudik,et al.  DoS & DDoS in Named Data Networking , 2013 .

[10]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.

[11]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[12]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .