51 research outputs found
Internames: a name-to-name principle for the future Internet
We propose Internames, an architectural framework in which names are used to
identify all entities involved in communication: contents, users, devices,
logical as well as physical points involved in the communication, and services.
By not having a static binding between the name of a communication entity and
its current location, we allow entities to be mobile, enable them to be reached
by any of a number of basic communication primitives, enable communication to
span networks with different technologies and allow for disconnected operation.
Furthermore, with the ability to communicate between names, the communication
path can be dynamically bound to any of a number of end-points, and the
end-points themselves could change as needed. A key benefit of our architecture
is its ability to accommodate gradual migration from the current IP
infrastructure to a future that may be a ubiquitous Information Centric
Network. Basic building blocks of Internames are: i) a name-based Application
Programming Interface; ii) a separation of identifiers (names) and locators;
iii) a powerful Name Resolution Service (NRS) that dynamically maps names to
locators, as a function of time/location/context/service; iv) a built-in
capacity of evolution, allowing a transparent migration from current networks
and the ability to include as particular cases current specific architectures.
To achieve this vision, shared by many other researchers, we exploit and expand
on Information Centric Networking principles, extending ICN functionality
beyond content retrieval, easing send-to-name and push services, and allowing
to use names also to route data in the return path. A key role in this
architecture is played by the NRS, which allows for the co-existence of
multiple network "realms", including current IP and non-IP networks, glued
together by a name-to-name overarching communication primitive.Comment: 6 page
Mediator-assisted multi-source routing in information-centric networks
Among the new communication paradigms recently proposed, information-centric networking (ICN) is able to natively support content awareness at the network layer shifting the focus from hosts (as in traditional IP networks) to information objects. In this paper, we exploit the intrinsic content-awareness ICN features to design a novel multi-source routing mechanism. It involves a new network entity, the ICN mediator, responsible for locating and delivering the requested information objects that are chunked and stored at different locations. Our approach imposes very limited signalling overhead, especially for large chunk size (MBytes). Simulations show significant latency reduction compared to traditional routing approaches
Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey
Internet usage has changed from its first design. Hence, the current Internet
must cope with some limitations, including performance degradation,
availability of IP addresses, and multiple security and privacy issues.
Nevertheless, to unsettle the current Internet's network layer i.e., Internet
Protocol with ICN is a challenging, expensive task. It also requires worldwide
coordination among Internet Service Providers , backbone, and Autonomous
Services. Additionally, history showed that technology changes e.g., from 3G to
4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes
a long coexistence period between the old and new technology. Similarly, we
believe that the process of replacement of the current Internet will surely
transition through the coexistence of IP and ICN. Although the tremendous
amount of security and privacy issues of the current Internet taught us the
importance of securely designing the architectures, only a few of the proposed
architectures place the security-by-design. Therefore, this article aims to
provide the first comprehensive Security and Privacy analysis of the
state-of-the-art coexistence architectures. Additionally, it yields a
horizontal comparison of security and privacy among three deployment approaches
of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical
comparison among ten considered security and privacy features. As a result of
our analysis, emerges that most of the architectures utterly fail to provide
several SP features including data and traffic flow confidentiality,
availability and communication anonymity. We believe this article draws a
picture of the secure combination of current and future protocol stacks during
the coexistence phase that the Internet will definitely walk across
PIT Overload Analysis in Content Centric Networks
Content Centric Networking represents a paradigm shift in the evolution and definition of modern network protocols. Many research efforts have been made with the purpose of proving the feasibility and the scalability of this proposal. Our main contribution is to provide an analysis of the Pending Interest Table memory requirements in real deployment scenarios, especially considering the impact of distributed denial of service attacks. In fact, the state that the protocol maintains for each resource request makes the routers more prone to resources exhaustion issues than in traditional stateless solutions. Our results are derived by using a full custom simulator and considering the different node architectures that have been proposed as valid reference models. The main outcomes point out differentiated weaknesses in each architecture we investigated and underline the need for improvements in terms of security and scalabilit
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for todayâs Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (â0.7%) compared to traditional countermeasures (â4.1% in probabilistic and â3.7% in freshness) without compromising legitimate requests.This work has been supported by FCT - Fundação para a CiĂȘncia e Tecnologia within the R&D Units Project Scope: UIDB/00319/2020
NDN content store and caching policies: performance evaluation
Among various factors contributing to performance of named data networking (NDN), the organization of caching is a key factor and has benefited from intense studies by the networking research community. The performed studies aimed at (1) finding the best strategy to adopt for content caching; (2) specifying the best location, and number of content stores (CS) in the network; and (3) defining the best cache replacement policy. Accessing and comparing the performance of the proposed solutions is as essential as the development of the proposals themselves. The present work aims at evaluating and comparing the behavior of four caching policies (i.e., random, least recently used (LRU), least frequently used (LFU), and first in first out (FIFO)) applied to NDN. Several network scenarios are used for simulation (2 topologies, varying the percentage of nodes of the content stores (5â100), 1 and 10 producers, 32 and 41 consumers). Five metrics are considered for the performance evaluation: cache hit ratio (CHR), network traffic, retrieval delay, interest re-transmissions, and the number of upstream hops. The content request follows the ZipfâMandelbrot distribution (with skewness factor α=1.1 and α=0.75). LFU presents better performance in all considered metrics, except on the NDN testbed, with 41 consumers, 1 producer and a content request rate of 100 packets/s. For the level of content store from 50% to 100%, LRU presents a notably higher performance. Although the network behavior is similar for both skewness factors, when α=0.75, the CHR is significantly reduced, as expected.This work has been supported by FCT â Fundação para a CiĂȘncia e Tecnologia within the R&D Units Project Scope: UIDB/00319/2020
Improved Caching Strategies for Publish/Subscribe Internet Networking
MEng thesisThe systemic structure of TCP/IP is outdated; a new scheme for data transportation is needed in order to make the internet more adaptive to modern demands of mobility, information-driven demand, ever-increasing quantity of users and data, and performance requirements. While an information centric networking system addresses these issues, one required component for publish subscribe or content-addressed internet networking systems to work properly is an improved caching system. This allows the publish subscribe internet networking to dynamically route packets to mobile users, as an improvement over pure hierarchical or pure distributed caching systems. To this end, I proposed, implemented, and analyzed the workings of a superdomain caching system. The superdomain caching system is a hybrid of hierarchical and dynamic caching systems designed to continue reaping the benefits of the caching system for mobile users (who may move between neighboring domains in the midst of a network transaction) while minimizing the latency inherent in any distributed caching system to improve upon the content-addressed system
Generalized Virtual Networking: an enabler for Service Centric Networking and Network Function Virtualization
In this paper we introduce the Generalized Virtual Networking (GVN) concept.
GVN provides a framework to influence the routing of packets based on service
level information that is carried in the packets. It is based on a protocol
header inserted between the Network and Transport layers, therefore it can be
seen as a layer 3.5 solution. Technically, GVN is proposed as a new transport
layer protocol in the TCP/IP protocol suite. An IP router that is not GVN
capable will simply process the IP destination address as usual. Similar
concepts have been proposed in other works, and referred to as Service Oriented
Networking, Service Centric Networking, Application Delivery Networking, but
they are now generalized in the proposed GVN framework. In this respect, the
GVN header is a generic container that can be adapted to serve the needs of
arbitrary service level routing solutions. The GVN header can be managed by GVN
capable end-hosts and applications or can be pushed/popped at the edge of a GVN
capable network (like a VLAN tag). In this position paper, we show that
Generalized Virtual Networking is a powerful enabler for SCN (Service Centric
Networking) and NFV (Network Function Virtualization) and how it couples with
the SDN (Software Defined Networking) paradigm
Information-centric communication in mobile and wireless networks
Information-centric networking (ICN) is a new communication paradigm that has been proposed to cope with drawbacks of host-based communication protocols, namely scalability and security. In this thesis, we base our work on Named Data Networking (NDN), which is a popular ICN architecture, and investigate NDN in the context of wireless and mobile ad hoc networks.
In a first part, we focus on NDN efficiency (and potential improvements) in wireless environments by investigating NDN in wireless one-hop communication, i.e., without any routing protocols. A basic requirement to initiate informationcentric communication is the knowledge of existing and available content names. Therefore, we develop three opportunistic content discovery algorithms and evaluate them in diverse scenarios for different node densities and content distributions. After content names are known, requesters can retrieve content opportunistically from any neighbor node that provides the content. However, in case of short contact times to content sources, content retrieval may be disrupted. Therefore, we develop a requester application that keeps meta information of disrupted content retrievals and enables resume operations when a new content source has been found. Besides message efficiency, we also evaluate power consumption of information-centric broadcast and unicast communication. Based on our findings, we develop two mechanisms to increase efficiency of information-centric wireless one-hop communication. The first approach called Dynamic Unicast (DU) avoids broadcast communication whenever possible since broadcast transmissions result in more duplicate Data transmissions, lower data rates and higher energy consumption on mobile nodes, which are not interested in overheard Data, compared to unicast communication. Hence, DU uses broadcast communication only until a content source has been found and then retrieves content directly via unicast from the same source. The second approach called RC-NDN targets efficiency of wireless broadcast communication by reducing the number of duplicate Data transmissions. In particular, RC-NDN is a Data encoding scheme for content sources that increases diversity in wireless broadcast transmissions such that multiple concurrent requesters can profit from each othersâ (overheard) message transmissions.
If requesters and content sources are not in one-hop distance to each other, requests need to be forwarded via multi-hop routing. Therefore, in a second part of this thesis, we investigate information-centric wireless multi-hop communication. First, we consider multi-hop broadcast communication in the context of rather static community networks. We introduce the concept of preferred forwarders, which relay Interest messages slightly faster than non-preferred forwarders to reduce redundant duplicate message transmissions. While this approach works well in static networks, the performance may degrade in mobile networks if preferred forwarders may regularly move away. Thus, to enable routing in mobile ad hoc networks, we extend DU for multi-hop communication. Compared to one-hop communication, multi-hop DU requires efficient path update mechanisms (since multi-hop paths may expire quickly) and new forwarding strategies to maintain NDN benefits (request aggregation and caching) such that only a few messages need to be transmitted over the entire end-to-end path even in case of multiple concurrent requesters. To perform quick retransmission in case of collisions or other transmission errors, we implement and evaluate retransmission timers from related work and compare them to CCNTimer, which is a new algorithm that enables shorter content retrieval times in information-centric wireless multi-hop communication. Yet, in case of intermittent connectivity between requesters and content sources, multi-hop routing protocols may not work because they require continuous end-to-end paths. Therefore, we present agent-based content retrieval (ACR) for delay-tolerant networks. In ACR, requester nodes can delegate content retrieval to mobile agent nodes, which move closer to content sources, can retrieve content and return it to requesters. Thus, ACR exploits the mobility of agent nodes to retrieve content from remote locations. To enable delay-tolerant communication via agents, retrieved content needs to be stored persistently such that requesters can verify its authenticity via original publisher signatures. To achieve this, we develop a persistent caching concept that maintains received popular content in repositories and deletes unpopular content if free space is required. Since our persistent caching concept can complement regular short-term caching in the content store, it can also be used for network caching to store popular delay-tolerant content at edge routers (to reduce network traffic and improve network performance) while real-time traffic can still be maintained and served from the content store
- âŠ