Security, Privacy, and Access Control in Information-Centric Networking: A Survey

Information-Centric Networking (ICN) is a new networking paradigm, which replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet, mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents origin. Content and client security are more intrinsic in the ICN paradigm versus the current host centric paradigm where they have been instrumented as an after thought. By design, the ICN paradigm inherently supports several security and privacy features, such as provenance and identity privacy, which are still not effectively available in the host-centric paradigm. However, given its nascency, the ICN paradigm has several open security and privacy concerns, some that existed in the old paradigm, and some new and unique. In this article, we survey the existing literature in security and privacy research sub-space in ICN. More specifically, we explore three broad areas: security threats, privacy risks, and access control enforcement mechanisms. We present the underlying principle of the existing works, discuss the drawbacks of the proposed approaches, and explore potential future research directions. In the broad area of security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning. In the broad area of privacy, we discuss user privacy and anonymity, name and signature privacy, and content privacy. ICN's feature of ubiquitous caching introduces a major challenge for access control enforcement that requires special attention. In this broad area, we review existing access control mechanisms including encryption-based, attribute-based, session-based, and proxy re-encryption-based access control schemes. We conclude the survey with lessons learned and scope for future work.Comment: 36 pages, 17 figure

The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions

In recent years, the current Internet has experienced an unexpected paradigm shift in the usage model, which has pushed researchers towards the design of the Information-Centric Networking (ICN) paradigm as a possible replacement of the existing architecture. Even though both Academia and Industry have investigated the feasibility and effectiveness of ICN, achieving the complete replacement of the Internet Protocol (IP) is a challenging task. Some research groups have already addressed the coexistence by designing their own architectures, but none of those is the final solution to move towards the future Internet considering the unaltered state of the networking. To design such architecture, the research community needs now a comprehensive overview of the existing solutions that have so far addressed the coexistence. The purpose of this paper is to reach this goal by providing the first comprehensive survey and classification of the coexistence architectures according to their features (i.e., deployment approach, deployment scenarios, addressed coexistence requirements and architecture or technology used) and evaluation parameters (i.e., challenges emerging during the deployment and the runtime behaviour of an architecture). We believe that this paper will finally fill the gap required for moving towards the design of the final coexistence architecture.Comment: 23 pages, 16 figures, 3 table

Bringing Modern Web Applications to Disconnected Networks

Opportunistic networking is one way to realize pervasive applications while placing little demand on network infrastructure, especially for operating in less well connected environments. In contrast to the ubiquitous network access model inherent to many cloud-based applications, for which the web browser forms the user front end, opportunistic applications require installing software on mobile devices. Even though app stores (when accessible) offer scalable distribution mechanisms for applications, a designer needs to support multiple OS platforms and only some of those are suitable for opportunistic operation to begin with. In this paper, we present a web browser-based interaction framework that 1) allows users to interact with opportunistic application content without installing the respective app and 2) even supports users whose mobile OSes do not support opportunistic networking at all via minimal stand-alone infrastructure. We describe our system and protocol design, validate its operation using simulations, and report on our implementation including support for six opportunistic applications.Comment: 13 page

Blockchain-Enabled On-Path Caching for Efficient and Reliable Content Delivery in Information-Centric Networks

As the demand for online content continues to grow, traditional Content Distribution Networks (CDNs) are facing significant challenges in terms of scalability and performance. Information-Centric Networking (ICN) is a promising new approach to content delivery that aims to address these issues by placing content at the center of the network architecture. One of the key features of ICNs is on-path caching, which allows content to be cached at intermediate routers along the path from the source to the destination. On-path caching in ICNs still faces some challenges, such as the scalability of the cache and the management of cache consistency. To address these challenges, this paper proposes several alternative caching schemes that can be integrated into ICNs using blockchain technology. These schemes include Bloom filters, content-based routing, and hybrid caching, which combine the advantages of off-path and on-path cachings. The proposed blockchain-enabled on-path caching mechanism ensures the integrity and authenticity of cached content, and smart contracts automate the caching process and incentivize caching nodes. To evaluate the performance of these caching alternatives, the authors conduct experiments using real-world datasets. The results show that on-path caching can significantly reduce network congestion and improve content delivery efficiency. The Bloom filter caching scheme achieved a cache hit rate of over 90% while reducing the cache size by up to 80% compared to traditional caching. The content-based routing scheme also achieved high cache hit rates while maintaining low latency

Algorithms for advance bandwidth reservation in media production networks

Media production generally requires many geographically distributed actors (e.g., production houses, broadcasters, advertisers) to exchange huge amounts of raw video and audio data. Traditional distribution techniques, such as dedicated point-to-point optical links, are highly inefficient in terms of installation time and cost. To improve efficiency, shared media production networks that connect all involved actors over a large geographical area, are currently being deployed. The traffic in such networks is often predictable, as the timing and bandwidth requirements of data transfers are generally known hours or even days in advance. As such, the use of advance bandwidth reservation (AR) can greatly increase resource utilization and cost efficiency. In this paper, we propose an Integer Linear Programming formulation of the bandwidth scheduling problem, which takes into account the specific characteristics of media production networks, is presented. Two novel optimization algorithms based on this model are thoroughly evaluated and compared by means of in-depth simulation results

Statement: The Metaverse as an Information-Centric Network

This paper discusses challenges and opportunities of considering the Metaverse as an Information-Centric Network (ICN). The Web today essentially represents a data-centric application layer: data named by URLs is manipulated with REST primitives. However, the semantic gap with the underlying host-oriented transport is significant, typically leading to complexity, centralization, and brittleness. Popular interest in "the Metaverse" suggests that the end-user experience of the Web will evolve towards always-on eXtended Reality (XR). With the benefit of a historical perspective, computing advances, and decades of experience with a global network, there is an opportunity to holistically consider the Metaverse not as an application of the current network, but an evolution of the network itself, reducing rather than widening the gap between network architecture and application semantics. An ICN architecture offers the possibility to achieve this with less overhead, low latency, better security, and more disruption tolerance suitable to diverse uses cases, even those facing intermittent connectivity.Comment: The final version of this paper has been accepted for publication in the proceedings of ACM ICN-2023. Please cite the published version (https://doi.org/10.1145/3623565.3623761

Incrementando as redes centradas à informaçãopara uma internet das coisas baseada em nomes

The way we use the Internet has been evolving since its origins. Nowadays, users are more interested in accessing contents and services with high demands in terms of bandwidth, security and mobility. This evolution has triggered the emergence of novel networking architectures targeting current, as well as future, utilisation demands. Information-Centric Networking (ICN) is a prominent example of these novel architectures that moves away from the current host-centric communications and centres its networking functions around content. Parallel to this, new utilisation scenarios in which smart devices interact with one another, as well as with other networked elements, have emerged to constitute what we know as the Internet of Things (IoT). IoT is expected to have a significant impact on both the economy and society. However, fostering the widespread adoption of IoT requires many challenges to be overcome. Despite recent developments, several issues concerning the deployment of IPbased IoT solutions on a large scale are still open. The fact that IoT is focused on data and information rather than on point-topoint communications suggests the adoption of solutions relying on ICN architectures. In this context, this work explores the ground concepts of ICN to develop a comprehensive vision of the principal requirements that should be met by an IoT-oriented ICN architecture. This vision is complemented with solutions to fundamental issues for the adoption of an ICN-based IoT. First, to ensure the freshness of the information while retaining the advantages of ICN’s in-network caching mechanisms. Second, to enable discovery functionalities in both local and large-scale domains. The proposed mechanisms are evaluated through both simulation and prototyping approaches, with results showcasing the feasibility of their adoption. Moreover, the outcomes of this work contribute to the development of new compelling concepts towards a full-fledged Named Network of Things.A forma como usamos a Internet tem vindo a evoluir desde a sua criação. Atualmente, os utilizadores estão mais interessados em aceder a conteúdos e serviços, com elevados requisitos em termos de largura de banda, segurança e mobilidade. Esta evolução desencadeou o desenvolvimento de novas arquiteturas de rede, visando os atuais, bem como os futuros, requisitos de utilização. As Redes Centradas à Informação (Information-Centric Networking - ICN) são um exemplo proeminente destas novas arquiteturas que, em vez de seguirem um modelo de comunicação centrado nos dispositivos terminais, centram as suas funções de rede em torno do próprio conteúdo. Paralelamente, novos cenários de utilização onde dispositivos inteligentes interagem entre si, e com outros elementos de rede, têm vindo a aparecer e constituem o que hoje conhecemos como a Internet das Coisas (Internet of Things - IoT ). É esperado que a IoT tenha um impacto significativo na economia e na sociedade. No entanto, promover a adoção em massa da IoT ainda requer que muitos desafios sejam superados. Apesar dos desenvolvimentos recentes, vários problemas relacionados com a adoção em larga escala de soluções de IoT baseadas no protocolo IP estão em aberto. O facto da IoT estar focada em dados e informação, em vez de comunicações ponto-a-ponto, sugere a adoção de soluções baseadas em arquiteturas ICN. Neste sentido, este trabalho explora os conceitos base destas soluções para desenvolver uma visão completa dos principais requisitos que devem ser satisfeitos por uma solução IoT baseada na arquitetura de rede ICN. Esta visão é complementada com soluções para problemas cruciais para a adoção de uma IoT baseada em ICN. Em primeiro lugar, assegurar que a informação seja atualizada e, ao mesmo tempo, manter as vantagens do armazenamento intrínseco em elementos de rede das arquiteturas ICN. Em segundo lugar, permitir as funcionalidades de descoberta não só em domínios locais, mas também em domínios de larga-escala. Os mecanismos propostos são avaliados através de simulações e prototipagem, com os resultados a demonstrarem a viabilidade da sua adoção. Para além disso, os resultados deste trabalho contribuem para o desenvolvimento de conceitos sólidos em direção a uma verdadeira Internet das Coisas baseada em Nomes.Programa Doutoral em Telecomunicaçõe

Access Control Mechanisms in Named Data Networks:A Comprehensive Survey

Information-Centric Networking (ICN) has recently emerged as a prominent candidate for the Future Internet Architecture (FIA) that addresses existing issues with the host-centric communication model of the current TCP/IP-based Internet. Named Data Networking (NDN) is one of the most recent and active ICN architectures that provides a clean slate approach for Internet communication. NDN provides intrinsic content security where security is directly provided to the content instead of communication channel. Among other security aspects, Access Control (AC) rules specify the privileges for the entities that can access the content. In TCP/IP-based AC systems, due to the client-server communication model, the servers control which client can access a particular content. In contrast, ICN-based networks use content names to drive communication and decouple the content from its original location. This phenomenon leads to the loss of control over the content causing different challenges for the realization of efficient AC mechanisms. To date, considerable efforts have been made to develop various AC mechanisms in NDN. In this paper, we provide a detailed and comprehensive survey of the AC mechanisms in NDN. We follow a holistic approach towards AC in NDN where we first summarize the ICN paradigm, describe the changes from channel-based security to content-based security and highlight different cryptographic algorithms and security protocols in NDN. We then classify the existing AC mechanisms into two main categories: Encryption-based AC and Encryption-independent AC. Each category has different classes based on the working principle of AC (e.g., Attribute-based AC, Name-based AC, Identity-based AC, etc). Finally, we present the lessons learned from the existing AC mechanisms and identify the challenges of NDN-based AC at large, highlighting future research directions for the community.Comment: This paper has been accepted for publication by the ACM Computing Surveys. The final version will be published by the AC

Access Control Mechanisms in Named Data Networks: A Comprehensive Survey

Information-Centric Networking (ICN) has recently emerged as a prominent candidate for the Future Internet Architecture (FIA) that addresses existing issues with the host-centric communication model of the current TCP/IP-based Internet. Named Data Networking (NDN) is one of the most recent and active ICN architectures that provides a clean slate approach for Internet communication. NDN provides intrinsic content security where security is directly provided to the content instead of communication channel. Among other security aspects, Access Control (AC) rules specify the privileges for the entities that can access the content. In TCP/IP-based AC systems, due to the client-server communication model, the servers control which client can access a particular content. In contrast, ICN-based networks use content names to drive communication and decouple the content from its original location. This phenomenon leads to the loss of control over the content causing different challenges for the realization of efficient AC mechanisms. To date, considerable efforts have been made to develop various AC mechanisms in NDN. In this paper, we provide a detailed and comprehensive survey of the AC mechanisms in NDN. We follow a holistic approach towards AC in NDN where we first summarize the ICN paradigm, describe the changes from channel-based security to content-based security and highlight different cryptographic algorithms and security protocols in NDN. We then classify the existing AC mechanisms into two main categories: Encryption-based AC and Encryption-independent AC. Each category has different classes based on the working principle of AC (e.g., Attribute-based AC, Name-based AC, Identity-based AC, etc). Finally, we present the lessons learned from the existing AC mechanisms and identify the challenges of NDN-based AC at large, highlighting future research directions for the community.Comment: This paper has been accepted for publication by the ACM Computing Surveys. The final version will be published by the AC