Secure producer mobility in information-centric network

One of the fundamental requirements of the next generation 5G networks is to support seamless mobility over an heterogeneous access network by design. The shift from host-based to content-based location-independent communication makes Information-Centric Networking (ICN) an appealing technology to provide not only mobility, but also security and storage as native properties of the network architecture. Previous work in ICN literature focused on name-based mobility management solutions and particularly on the challenges of producer mobility, which involves an interaction between forwarding and control plane. In this paper, we consider the security implications of producer mobility in ICN and we highlight the importance of securing producer to network interactions. We focus on the problem of prefix hijacking: a class of attacks that can be exploited to threaten both the security of the ICN networks and the privacy of its users. To prevent this class of attacks, we propose a fully distributed and very low-overhead protocol for name prefix attestation based on hash-chaining. First results show order of magnitudes improvement in verification latency with respect to signature verification, the leading alternative approach to thwart prefix hijacking attacks.

[1]  Mauro Conti,et al.  A lightweight mechanism for detection of cache pollution attacks in Named Data Networking , 2013, Comput. Networks.

[2]  Lixia Zhang,et al.  Kite: a mobility support scheme for NDN , 2014, ICN '14.

[3]  Patrick Crowley,et al.  Named data networking , 2014, CCRV.

[4]  Aytac Azgin,et al.  A Scalable Mobility-Centric Architecture for Named Data Networking , 2014, ArXiv.

[5]  Archan Misra,et al.  TeleMIP: telecommunications-enhanced mobile IP architecture for fast intradomain mobility , 2000, IEEE Wirel. Commun..

[6]  Bart Preneel,et al.  Cryptographic hash functions , 2010, Eur. Trans. Telecommun..

[7]  Jihoon Lee,et al.  Device mobility management in content-centric networking , 2012, IEEE Communications Magazine.

[8]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[9]  Evangelos Kranakis,et al.  S-RIP: A Secure Distance Vector Routing Protocol , 2004, ACNS.

[10]  Alexander Afanasyev,et al.  A survey of mobility support in Named Data Networking , 2016, 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[11]  Giovanni Pau,et al.  MAP-Me: Managing Anchor-less Producer Mobility in Information-Centric Networks , 2016, ArXiv.

[12]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[13]  Hyunsoo Yoon,et al.  Mobility support in content centric networks , 2012, ICN '12.

[14]  Gene Tsudik,et al.  Interest-Based Access Control for Content Centric Networks , 2015, ICN.

[15]  Frederik Hermans,et al.  Global source mobility in the content-centric networking architecture , 2012, NoM '12.

[16]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[17]  Grenville J. Armitage,et al.  Securing BGP — A Literature Survey , 2011, IEEE Communications Surveys & Tutorials.

[18]  Markus Jakobsson,et al.  Almost Optimal Hash Sequence Traversal , 2002, Financial Cryptography.

[19]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[20]  Jeffrey A. Cichonski,et al.  Guide to LTE Security , 2017 .

[21]  Yanghee Choi,et al.  Publisher mobility support in content centric networks , 2014, The International Conference on Information Networking 2014 (ICOIN2014).

[22]  Jussi Kangasharju,et al.  MobiCCN: Mobility support with greedy routing in Content-Centric Networks , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[23]  Chieh-Yih Wan,et al.  Design, implementation, and evaluation of cellular IP , 2000, IEEE Wirel. Commun..

[24]  Seong-Moo Yoo,et al.  Black hole attack in mobile Ad Hoc networks , 2004, ACM-SE 42.

[25]  Gene Tsudik,et al.  Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking , 2014 .

[26]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[27]  Mauro Conti,et al.  Security and Privacy Analysis of NSF Future Internet Architectures , 2016, ArXiv.

[28]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[29]  Dawei Li,et al.  SCOM: A Scalable Content Centric Network Architecture with Mobility Support , 2013, 2013 IEEE 9th International Conference on Mobile Ad-hoc and Sensor Networks.