50,848 research outputs found
Securing Information-Centric Networking without negating Middleboxes
Information-Centric Networking is a promising networking paradigm that
overcomes many of the limitations of current networking architectures. Various
research efforts investigate solutions for securing ICN. Nevertheless, most of
these solutions relax security requirements in favor of network performance. In
particular, they weaken end-user privacy and the architecture's tolerance to
security breaches in order to support middleboxes that offer services such as
caching and content replication. In this paper, we adapt TLS, a widely used
security standard, to an ICN context. We design solutions that allow session
reuse and migration among multiple stakeholders and we propose an extension
that allows authorized middleboxes to lawfully and transparently intercept
secured communications.Comment: 8th IFIP International Conference on New Technologies, Mobility &
Security, IFIP, 201
Security for the Industrial IoT: The Case for Information-Centric Networking
Industrial production plants traditionally include sensors for monitoring or
documenting processes, and actuators for enabling corrective actions in cases
of misconfigurations, failures, or dangerous events. With the advent of the
IoT, embedded controllers link these `things' to local networks that often are
of low power wireless kind, and are interconnected via gateways to some cloud
from the global Internet. Inter-networked sensors and actuators in the
industrial IoT form a critical subsystem while frequently operating under harsh
conditions. It is currently under debate how to approach inter-networking of
critical industrial components in a safe and secure manner.
In this paper, we analyze the potentials of ICN for providing a secure and
robust networking solution for constrained controllers in industrial safety
systems. We showcase hazardous gas sensing in widespread industrial
environments, such as refineries, and compare with IP-based approaches such as
CoAP and MQTT. Our findings indicate that the content-centric security model,
as well as enhanced DoS resistance are important arguments for deploying
Information Centric Networking in a safety-critical industrial IoT. Evaluation
of the crypto efforts on the RIOT operating system for content security reveal
its feasibility for common deployment scenarios.Comment: To be published at IEEE WF-IoT 201
Backscatter from the Data Plane --- Threats to Stability and Security in Information-Centric Networking
Information-centric networking proposals attract much attention in the
ongoing search for a future communication paradigm of the Internet. Replacing
the host-to-host connectivity by a data-oriented publish/subscribe service
eases content distribution and authentication by concept, while eliminating
threats from unwanted traffic at an end host as are common in today's Internet.
However, current approaches to content routing heavily rely on data-driven
protocol events and thereby introduce a strong coupling of the control to the
data plane in the underlying routing infrastructure. In this paper, threats to
the stability and security of the content distribution system are analyzed in
theory and practical experiments. We derive relations between state resources
and the performance of routers and demonstrate how this coupling can be misused
in practice. We discuss new attack vectors present in its current state of
development, as well as possibilities and limitations to mitigate them.Comment: 15 page
ANDaNA: Anonymous Named Data Networking Application
Content-centric networking -- also known as information-centric networking
(ICN) -- shifts emphasis from hosts and interfaces (as in today's Internet) to
data. Named data becomes addressable and routable, while locations that
currently store that data become irrelevant to applications.
Named Data Networking (NDN) is a large collaborative research effort that
exemplifies the content-centric approach to networking. NDN has some innate
privacy-friendly features, such as lack of source and destination addresses on
packets. However, as discussed in this paper, NDN architecture prompts some
privacy concerns mainly stemming from the semantic richness of names. We
examine privacy-relevant characteristics of NDN and present an initial attempt
to achieve communication privacy. Specifically, we design an NDN add-on tool,
called ANDaNA, that borrows a number of features from Tor. As we demonstrate
via experiments, it provides comparable anonymity with lower relative overhead.Comment: NDSS 2012 - Proceedings of the Network and Distributed System
Security Symposium, San Diego, California, US
To NACK or not to NACK? Negative Acknowledgments in Information-Centric Networking
Information-Centric Networking (ICN) is an internetworking paradigm that
offers an alternative to the current IP\nobreakdash-based Internet
architecture. ICN's most distinguishing feature is its emphasis on information
(content) instead of communication endpoints. One important open issue in ICN
is whether negative acknowledgments (NACKs) at the network layer are useful for
notifying downstream nodes about forwarding failures, or requests for incorrect
or non-existent information. In benign settings, NACKs are beneficial for ICN
architectures, such as CCNx and NDN, since they flush state in routers and
notify consumers. In terms of security, NACKs seem useful as they can help
mitigating so-called Interest Flooding attacks. However, as we show in this
paper, network-layer NACKs also have some unpleasant security implications. We
consider several types of NACKs and discuss their security design requirements
and implications. We also demonstrate that providing secure NACKs triggers the
threat of producer-bound flooding attacks. Although we discuss some potential
countermeasures to these attacks, the main conclusion of this paper is that
network-layer NACKs are best avoided, at least for security reasons.Comment: 10 pages, 7 figure
A formally verified access control mechanism for information centric networks
Communications in Information-Centric Networking place more attention on WHAT data are being exchanged rather than WHO are exchanging them. A well-established approach of information centric networks is the Network of Information (NetInf) architecture, developed as part of the EU FP7 project SAIL. The security of NetInf has been fairly analysed in the literature. In particular, research efforts have been focusing on achieving data integrity and confidentially, source or publisher authenticity and authorization. This paper analyses some work in the literature to enforce authorized access to data in NetInf, highlights a potential security threat and proposes an enhancement to address the discovered threat. The new enhancement has been formally verified using formal method approach based on the Casper/FDR tool
- …