Availability, Integrity, and Confidentiality for Content Centric Network internet architectures

The Internet as we know it today, despite being ``the result of a series of accidents of choices'' in Prof. Jon Crowcroft's words, has undoubtedly been an amazing success story. However, it has been constantly challenged by the demands of the overwhelming evolution of data traffic types, non-functional needs of applications and users, and device diversity. The phrase ``future internet architecture'' can be interpreted as referring to a revised set of design principles. As Dr David Clark rightfully suggested, we need to ``allow for the future in the face of the present''. Content Centric Networking (CCN) is one of the candidates for a future internet architecture. Security is one of the most significant considerations while designing a future internet architecture. Availability, Integrity, and Confidentiality (AIC) are considered the three most crucial components of security: 1) availability is the assurance of continuous, reliable, and uninterrupted access to the information by authorized people, 2) integrity is the preservation of information and prevention of any change in it caused via accident or malicious intent, and 3) confidentiality is the ability to keep the information secret from unintended audience, intruders, and adversaries. This thesis discusses AIC related security threats and corresponding remedies for Named Data Networking (NDN) which is a promising example of CCN. It also presents a system dynamics modelling approach to bridge the gap between the technical solutions and business strategy by quantifying some of the qualitative variables salient to technology architects, policymakers, lawmakers, regulators, and internet service providers for the design of a future-proof internet architecture

Public key certificate privacy in VoNDN: voice over named data networks

Scenarios were scripted by the C++11 library in ndnSIM 2.6. The scenario implementations and required tools can be publicly accessible at the author’s GitHub account—https://git.io/JJqEwNamed Data Network (NDN) is a network paradigm that attempts to answer today's needs for distribution. One of the NDN key features is in-network caching to increase content distribution and network efficiency. However, this feature may increase the privacy concerns, as the adversary may identify the call history, and the callee/caller location through side-channel timing responses from the cache of trusted Voice over NDN (VoNDN) application routers. The side-channel timing attack can be mitigated by countermeasures, such as additional unpredictable delay, random caching, group signatures, and no-caching configurations. However, the content distribution may be affected by pre-configured countermeasures, which may be against the original purpose of NDN. In this work, the detection and defense (DaD) approach is proposed to mitigate the attack efficiently and effectively. With the DaD usage, an attack can be detected by a multi-level detection mechanism, in order to apply the countermeasures against the adversarial faces. Also, the detections can be used to determine the severity of the attack. In order to detect the behavior of an adversary, a brute-force timing attack was implemented and simulated of the VoNDN application on NDN-testbed. A trusted application that mimics the VoNDN and identifies the cached certificate on a worldwide NDN-testbed. In simulation primary results showed that the multi-level detection based on DaD mitigated the attack about 39.1% in best-route, and 36.5% in multicast communications. Additionally, the results showed that DaD preserves privacy without compromising the efficiency benefits of in-network caching in the VoNDN application.This work was supported by the Fundacao para a Ciencia e Tecnologia (FCT) within the Research and Development Units Project Scope under Grant UIDB/00319/2020

Investigating Regulative Implications for User-generated Content and a Design Proposal

The rapid increase of the Internet connectivity and the data publishing activity, like user-generated content, has lead Internet Service Providers (ISPs) to establish more efficient mechanisms for content delivery, such as caching. Mechanisms such as content-aware-networks and in-network caching reduce network load, server load, and user response time, thus, manage the network. However, caching of content also raises major implications in terms of legal acts and bills (e.g., data privacy, copyright), dealing with access control, validation scheme, and regulations (e.g., contractual obligation, legal restrictions). In general, user-generated content is linked with sensitive information, such as geographical information, medical and financial information, personal identifiable data, photos, videos, and contact information. Therefore, it is essential to secure data and regulate access. The latter, is gained by including access control mechanisms in the data exchange process, where a user requesting data must prove his access rights. Therefore, a user has to show an access ticket, which includes his rights based on legal and regulative implications. In order to secure any kind of data exchange, authentication of each participating communication entity (e.g., content owner, server, and end-user) is essential, which is part of the proposed two-way authentication handshake in this paper that is performed to generate a secure communication channel. The main contribution of this paper is to show that transmission, storage, and usage of user-generated data in caches within the network is manageable within the legal laws on sensitivity, copyright, and privacy. The scope of studying these laws, acts, and policies is restricted to Switzerland (CH), the European Union (EU), and the United States of America (USA). Finally, a solution is presented including access ticketing and two-way authentication mechanisms based oncommonstandards from IP network