A Light-Weight Forwarding Plane for Content-Centric Networks

We present CCN-DART, a more efficient forwarding approach for content-centric networking (CCN) than named data networking (NDN) that substitutes Pending Interest Tables (PIT) with Data Answer Routing Tables (DART) and uses a novel approach to eliminate forwarding loops. The forwarding state required at each router using CCN-DART consists of segments of the routes between consumers and content providers that traverse a content router, rather than the Interests that the router forwards towards content providers. Accordingly, the size of a DART is proportional to the number of routes used by Interests traversing a router, rather than the number of Interests traversing a router. We show that CCN-DART avoids forwarding loops by comparing distances to name prefixes reported by neighbors, even when routing loops exist. Results of simulation experiments comparing CCN-DART with NDN using the ndnSIM simulation tool show that CCN-DART incurs 10 to 20 times less storage overhead

A multifold approach to address the security issues of stateful forwarding mechanisms in Information-Centric Networks.

Today's Internet dominant usage trends motivate research on more content-oriented future network architectures. Among the emerging future Internet proposals, the promising Information-Centric Networking (ICN) research paradigm aims to redesign the Internet's core protocols to promote a shift in focus from hosts to contents. Among the ICN architectures, the Named-Data Networking (NDN) envisions users' named content requests to be forwarded and recorded by their names in routers along the path from one consumer to 1-or-many sources. The Pending Interest Table (PIT) is the NDN's data-plane component which temporarily records forwarded content requests in routers. On one hand, the PIT stateful mechanism enables properties like requests aggregation, multicast responses delivery and native hop-by-hop control flow. On the other hand, the PIT stateful forwarding behavior can be easily abused by malicious users to mount disruptive distributed denial of service attacks (DDoS), named Interest Flooding Attacks (IFAs). In IFAs, loosely coordinated botnets flood the network with a large amount of hard to satisfy requests with the aim to overload both the network infrastructure and the content producers. Countermeasures against IFA have been proposed since the early attack discovery. However, a fair understanding of the defense mechanisms' real efficacy is missing since those have been tested under simplistic assumptions about the evaluation scenarios. Thus, overall, the IFA security threat still appears easy to launch but hard to mitigate. This dissertation work shapes a better understanding of both the implications of IFAs and the possibilities of improving the state-of-the-art defense mechanisms against these attacks. The contributions of this work include the definition of a more complete and realistic attacker model for IFAs, the design of novel stealthy IFAs built upon the proposed attacker model, a re-assessment of the most-efficient state-of-the-art IFA countermeasures against the novel proposed attacks, the theorization and one concrete design of a novel class of IFA countermeasures to efficiently address the novel stealthy IFAs. Finally, this work also seminally proposes to leverage the latest programmable data-plane technologies to design and test alternative forwarding mechanisms for the NDN which could be less vulnerable to the IFA threat

A More Scalable Approach to Content-Centric Networking

On-demand Content Exchange with Adaptive Naming (OCEAN) is introduced as an alternative to content-centric networkingapproaches (NDN and CCN) that require the maintenance of forwarding state of each Interest traversing a router in a Pending Interest Table (PIT). Content routers in OCEAN maintain data answer routing tables (DART) to support the correct forwarding of Interests and responses to such Interests (content or negative acknowledgments) without divulging the identities of consumers who originate Interests. The size of a DART is proportional to the number of routes used by Interests traversing a router, rather than the number of Interests traversing a router. It is shown that undetected Interest loops cannot occur in OCEAN, while the same is not true for CCN and NDN, and that Interests and responses to Interests are forwarded correctly in the absence of failures. OCEAN attains similar latencies than NDN and CCN but incurs orders of magnitude less storage overhead

A More Scalable Approach to Content Centric Networking

On-demand Content Exchange with Adaptive Naming (OCEAN) is introduced as an alternative to content-centric networkingapproaches (NDN and CCN) that require the maintenance of forwarding state of each Interest traversing a router in a Pending Interest Table (PIT). Content routers in OCEAN maintain data answer routing tables (DART) to support the correct forwarding of Interests and responses to such Interests (content or negative acknowledgments) without divulging the identities of consumers who originate Interests. The size of a DART is proportional to the number of routes used by Interests traversing a router, rather than the number of Interests traversing a router. It is shown that undetected Interest loops cannot occur in OCEAN, while the same is not true for CCN and NDN, and that Interests and responses to Interests are forwarded correctly in the absence of failures. OCEAN attains similar latencies than NDN and CCN but incurs orders of magnitude less storage overhead