Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking

Named-Data Networking (NDN) is a candidate next-generation Internet architecture designed to address some limitations of the current IP-based Internet. NDN uses the pull model for content distribution, whereby content is first explicitly requested before being delivered. Efficiency is obtained via router- based aggregation of closely spaced requests for popular content and content caching in routers. Although it reduces latency and increases bandwidth utilization, router caching makes the network susceptible to new cache-centric attacks, such as content poisoning. In this paper, we propose a ranking algorithm for cached content that allows routers to distinguish good and (likely) bad content. This ranking is based on statistics collected from consumers' actions following delivery of content objects. Experimental results support our assertion that the proposed ranking algorithm can effectively mitigate content poisoning attacks.

[1]  Amit Klein March,et al.  BIND 9 DNS Cache Poisoning , 2007 .

[2]  Dongwon Kim,et al.  Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks , 2010, IEEE Communications Letters.

[3]  Wassim El-Hajj,et al.  Preventing ARP Attacks Using a Fuzzy-Based Stateful ARP Cache , 2007, 2007 IEEE International Conference on Communications.

[4]  Emiliano De Cristofaro,et al.  Privacy in content-oriented networking: threats and countermeasures , 2012, CCRV.

[5]  Nicola Santoro,et al.  Min-max heaps and generalized priority queues , 1986, CACM.

[6]  Ayman I. Kayssi,et al.  Security analysis and solution for thwarting cache poisoning attacks in the Domain Name System , 2012, 2012 19th International Conference on Telecommunications (ICT).

[7]  Mauro Conti,et al.  Cache Privacy in Named-Data Networking , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[8]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[9]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[10]  Gene Tsudik,et al.  DoS and DDoS in Named Data Networking , 2012, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[11]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[12]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[13]  Deborah Estrin,et al.  Named Data Networking (NDN) Project , 2010 .

[14]  Hung-Min Sun,et al.  DepenDNS: Dependable Mechanism against DNS Cache Poisoning , 2009, CANS.

[15]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[16]  Mauro Conti,et al.  Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[17]  Gene Tsudik,et al.  ANDaNA: Anonymous Named Data Networking Application , 2011, NDSS.

[18]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.

[19]  Bengt Ahlgren,et al.  A survey of information-centric networking , 2012, IEEE Communications Magazine.

[20]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[21]  Xiapu Luo,et al.  WSEC DNS: Protecting recursive DNS resolvers from poisoning attacks , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.