144 research outputs found
Backscatter from the Data Plane --- Threats to Stability and Security in Information-Centric Networking
Information-centric networking proposals attract much attention in the
ongoing search for a future communication paradigm of the Internet. Replacing
the host-to-host connectivity by a data-oriented publish/subscribe service
eases content distribution and authentication by concept, while eliminating
threats from unwanted traffic at an end host as are common in today's Internet.
However, current approaches to content routing heavily rely on data-driven
protocol events and thereby introduce a strong coupling of the control to the
data plane in the underlying routing infrastructure. In this paper, threats to
the stability and security of the content distribution system are analyzed in
theory and practical experiments. We derive relations between state resources
and the performance of routers and demonstrate how this coupling can be misused
in practice. We discuss new attack vectors present in its current state of
development, as well as possibilities and limitations to mitigate them.Comment: 15 page
Security for the Industrial IoT: The Case for Information-Centric Networking
Industrial production plants traditionally include sensors for monitoring or
documenting processes, and actuators for enabling corrective actions in cases
of misconfigurations, failures, or dangerous events. With the advent of the
IoT, embedded controllers link these `things' to local networks that often are
of low power wireless kind, and are interconnected via gateways to some cloud
from the global Internet. Inter-networked sensors and actuators in the
industrial IoT form a critical subsystem while frequently operating under harsh
conditions. It is currently under debate how to approach inter-networking of
critical industrial components in a safe and secure manner.
In this paper, we analyze the potentials of ICN for providing a secure and
robust networking solution for constrained controllers in industrial safety
systems. We showcase hazardous gas sensing in widespread industrial
environments, such as refineries, and compare with IP-based approaches such as
CoAP and MQTT. Our findings indicate that the content-centric security model,
as well as enhanced DoS resistance are important arguments for deploying
Information Centric Networking in a safety-critical industrial IoT. Evaluation
of the crypto efforts on the RIOT operating system for content security reveal
its feasibility for common deployment scenarios.Comment: To be published at IEEE WF-IoT 201
HoPP: Robust and Resilient Publish-Subscribe for an Information-Centric Internet of Things
This paper revisits NDN deployment in the IoT with a special focus on the
interaction of sensors and actuators. Such scenarios require high
responsiveness and limited control state at the constrained nodes. We argue
that the NDN request-response pattern which prevents data push is vital for IoT
networks. We contribute HoP-and-Pull (HoPP), a robust publish-subscribe scheme
for typical IoT scenarios that targets IoT networks consisting of hundreds of
resource constrained devices at intermittent connectivity. Our approach limits
the FIB tables to a minimum and naturally supports mobility, temporary network
partitioning, data aggregation and near real-time reactivity. We experimentally
evaluate the protocol in a real-world deployment using the IoT-Lab testbed with
varying numbers of constrained devices, each wirelessly interconnected via IEEE
802.15.4 LowPANs. Implementations are built on CCN-lite with RIOT and support
experiments using various single- and multi-hop scenarios
Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking
Content-Centric Networking (CCN) is an emerging networking paradigm being
considered as a possible replacement for the current IP-based host-centric
Internet infrastructure. In CCN, named content becomes a first-class entity.
CCN focuses on content distribution, which dominates current Internet traffic
and is arguably not well served by IP. Named-Data Networking (NDN) is an
example of CCN. NDN is also an active research project under the NSF Future
Internet Architectures (FIA) program. FIA emphasizes security and privacy from
the outset and by design. To be a viable Internet architecture, NDN must be
resilient against current and emerging threats. This paper focuses on
distributed denial-of-service (DDoS) attacks; in particular we address interest
flooding, an attack that exploits key architectural features of NDN. We show
that an adversary with limited resources can implement such attack, having a
significant impact on network performance. We then introduce Poseidon: a
framework for detecting and mitigating interest flooding attacks. Finally, we
report on results of extensive simulations assessing proposed countermeasure.Comment: The IEEE Conference on Local Computer Networks (LCN 2013
Content-Centric Networking at Internet Scale through The Integration of Name Resolution and Routing
We introduce CCN-RAMP (Routing to Anchors Matching Prefixes), a new approach
to content-centric networking. CCN-RAMP offers all the advantages of the Named
Data Networking (NDN) and Content-Centric Networking (CCNx) but eliminates the
need to either use Pending Interest Tables (PIT) or lookup large Forwarding
Information Bases (FIB) listing name prefixes in order to forward Interests.
CCN-RAMP uses small forwarding tables listing anonymous sources of Interests
and the locations of name prefixes. Such tables are immune to Interest-flooding
attacks and are smaller than the FIBs used to list IP address ranges in the
Internet. We show that no forwarding loops can occur with CCN-RAMP, and that
Interests flow over the same routes that NDN and CCNx would maintain using
large FIBs. The results of simulation experiments comparing NDN with CCN-RAMP
based on ndnSIM show that CCN-RAMP requires forwarding state that is orders of
magnitude smaller than what NDN requires, and attains even better performance
Information Centric Networking in the IoT: Experiments with NDN in the Wild
This paper explores the feasibility, advantages, and challenges of an
ICN-based approach in the Internet of Things. We report on the first NDN
experiments in a life-size IoT deployment, spread over tens of rooms on several
floors of a building. Based on the insights gained with these experiments, the
paper analyses the shortcomings of CCN applied to IoT. Several interoperable
CCN enhancements are then proposed and evaluated. We significantly decreased
control traffic (i.e., interest messages) and leverage data path and caching to
match IoT requirements in terms of energy and bandwidth constraints. Our
optimizations increase content availability in case of IoT nodes with
intermittent activity. This paper also provides the first experimental
comparison of CCN with the common IoT standards 6LoWPAN/RPL/UDP.Comment: 10 pages, 10 figures and tables, ACM ICN-2014 conferenc
Management of Content-Centric Networking
National audienceInformation-Centric Networks are very promising alternatives to the current Internet architecture. These new network architectures expose multiple positive features heavily studied around the globe today such as in-network caching to save resources, opportunistic routing for easy mobility and authentication of content. However, their management plane and security issues have received much less attention so far. As the Future Internet will be built on these networks, there is an urgent need for a next-generation management framework to manage ICN networks and in fact to constitute their missing management and security plane, which is essential for their success as clean-slate technologies. Indeed, these new networks need to redesign existing solutions for network monitoring, security, configuration, interoperability or accountability. This tutorial aims at surveying the key challenges in management and monitoring of ICN networks. We will more precisely focus on the Content-Centric Networking architecture and describe a recent advance in this field which is a proposal of CCN firewall
A Case for Time Slotted Channel Hopping for ICN in the IoT
Recent proposals to simplify the operation of the IoT include the use of
Information Centric Networking (ICN) paradigms. While this is promising,
several challenges remain. In this paper, our core contributions (a) leverage
ICN communication patterns to dynamically optimize the use of TSCH (Time
Slotted Channel Hopping), a wireless link layer technology increasingly popular
in the IoT, and (b) make IoT-style routing adaptive to names, resources, and
traffic patterns throughout the network--both without cross-layering. Through a
series of experiments on the FIT IoT-LAB interconnecting typical IoT hardware,
we find that our approach is fully robust against wireless interference, and
almost halves the energy consumed for transmission when compared to CSMA. Most
importantly, our adaptive scheduling prevents the time-slotted MAC layer from
sacrificing throughput and delay
- …