260 research outputs found
Security, Privacy, and Access Control in Information-Centric Networking: A Survey
Information-Centric Networking (ICN) is a new networking paradigm, which
replaces the widely used host-centric networking paradigm in communication
networks (e.g., Internet, mobile ad hoc networks) with an information-centric
paradigm, which prioritizes the delivery of named content, oblivious of the
contents origin. Content and client security are more intrinsic in the ICN
paradigm versus the current host centric paradigm where they have been
instrumented as an after thought. By design, the ICN paradigm inherently
supports several security and privacy features, such as provenance and identity
privacy, which are still not effectively available in the host-centric
paradigm. However, given its nascency, the ICN paradigm has several open
security and privacy concerns, some that existed in the old paradigm, and some
new and unique. In this article, we survey the existing literature in security
and privacy research sub-space in ICN. More specifically, we explore three
broad areas: security threats, privacy risks, and access control enforcement
mechanisms.
We present the underlying principle of the existing works, discuss the
drawbacks of the proposed approaches, and explore potential future research
directions. In the broad area of security, we review attack scenarios, such as
denial of service, cache pollution, and content poisoning. In the broad area of
privacy, we discuss user privacy and anonymity, name and signature privacy, and
content privacy. ICN's feature of ubiquitous caching introduces a major
challenge for access control enforcement that requires special attention. In
this broad area, we review existing access control mechanisms including
encryption-based, attribute-based, session-based, and proxy re-encryption-based
access control schemes. We conclude the survey with lessons learned and scope
for future work.Comment: 36 pages, 17 figure
The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions
In recent years, the current Internet has experienced an unexpected paradigm
shift in the usage model, which has pushed researchers towards the design of
the Information-Centric Networking (ICN) paradigm as a possible replacement of
the existing architecture. Even though both Academia and Industry have
investigated the feasibility and effectiveness of ICN, achieving the complete
replacement of the Internet Protocol (IP) is a challenging task.
Some research groups have already addressed the coexistence by designing
their own architectures, but none of those is the final solution to move
towards the future Internet considering the unaltered state of the networking.
To design such architecture, the research community needs now a comprehensive
overview of the existing solutions that have so far addressed the coexistence.
The purpose of this paper is to reach this goal by providing the first
comprehensive survey and classification of the coexistence architectures
according to their features (i.e., deployment approach, deployment scenarios,
addressed coexistence requirements and architecture or technology used) and
evaluation parameters (i.e., challenges emerging during the deployment and the
runtime behaviour of an architecture). We believe that this paper will finally
fill the gap required for moving towards the design of the final coexistence
architecture.Comment: 23 pages, 16 figures, 3 table
Bringing Modern Web Applications to Disconnected Networks
Opportunistic networking is one way to realize pervasive applications while
placing little demand on network infrastructure, especially for operating in
less well connected environments. In contrast to the ubiquitous network access
model inherent to many cloud-based applications, for which the web browser
forms the user front end, opportunistic applications require installing
software on mobile devices. Even though app stores (when accessible) offer
scalable distribution mechanisms for applications, a designer needs to support
multiple OS platforms and only some of those are suitable for opportunistic
operation to begin with. In this paper, we present a web browser-based
interaction framework that 1) allows users to interact with opportunistic
application content without installing the respective app and 2) even supports
users whose mobile OSes do not support opportunistic networking at all via
minimal stand-alone infrastructure. We describe our system and protocol design,
validate its operation using simulations, and report on our implementation
including support for six opportunistic applications.Comment: 13 page
Blockchain-Enabled On-Path Caching for Efficient and Reliable Content Delivery in Information-Centric Networks
As the demand for online content continues to grow, traditional Content Distribution Networks (CDNs) are facing significant challenges in terms of scalability and performance. Information-Centric Networking (ICN) is a promising new approach to content delivery that aims to address these issues by placing content at the center of the network architecture. One of the key features of ICNs is on-path caching, which allows content to be cached at intermediate routers along the path from the source to the destination. On-path caching in ICNs still faces some challenges, such as the scalability of the cache and the management of cache consistency. To address these challenges, this paper proposes several alternative caching schemes that can be integrated into ICNs using blockchain technology. These schemes include Bloom filters, content-based routing, and hybrid caching, which combine the advantages of off-path and on-path cachings. The proposed blockchain-enabled on-path caching mechanism ensures the integrity and authenticity of cached content, and smart contracts automate the caching process and incentivize caching nodes. To evaluate the performance of these caching alternatives, the authors conduct experiments using real-world datasets. The results show that on-path caching can significantly reduce network congestion and improve content delivery efficiency. The Bloom filter caching scheme achieved a cache hit rate of over 90% while reducing the cache size by up to 80% compared to traditional caching. The content-based routing scheme also achieved high cache hit rates while maintaining low latency
Algorithms for advance bandwidth reservation in media production networks
Media production generally requires many geographically distributed actors (e.g., production houses, broadcasters, advertisers) to exchange huge amounts of raw video and audio data. Traditional distribution techniques, such as dedicated point-to-point optical links, are highly inefficient in terms of installation time and cost. To improve efficiency, shared media production networks that connect all involved actors over a large geographical area, are currently being deployed. The traffic in such networks is often predictable, as the timing and bandwidth requirements of data transfers are generally known hours or even days in advance. As such, the use of advance bandwidth reservation (AR) can greatly increase resource utilization and cost efficiency. In this paper, we propose an Integer Linear Programming formulation of the bandwidth scheduling problem, which takes into account the specific characteristics of media production networks, is presented. Two novel optimization algorithms based on this model are thoroughly evaluated and compared by means of in-depth simulation results
Statement: The Metaverse as an Information-Centric Network
This paper discusses challenges and opportunities of considering the
Metaverse as an Information-Centric Network (ICN). The Web today essentially
represents a data-centric application layer: data named by URLs is manipulated
with REST primitives. However, the semantic gap with the underlying
host-oriented transport is significant, typically leading to complexity,
centralization, and brittleness. Popular interest in "the Metaverse" suggests
that the end-user experience of the Web will evolve towards always-on eXtended
Reality (XR). With the benefit of a historical perspective, computing advances,
and decades of experience with a global network, there is an opportunity to
holistically consider the Metaverse not as an application of the current
network, but an evolution of the network itself, reducing rather than widening
the gap between network architecture and application semantics. An ICN
architecture offers the possibility to achieve this with less overhead, low
latency, better security, and more disruption tolerance suitable to diverse
uses cases, even those facing intermittent connectivity.Comment: The final version of this paper has been accepted for publication in
the proceedings of ACM ICN-2023. Please cite the published version
(https://doi.org/10.1145/3623565.3623761
Incrementando as redes centradas à informaçãopara uma internet das coisas baseada em nomes
The way we use the Internet has been evolving since its origins. Nowadays,
users are more interested in accessing contents and services with high demands
in terms of bandwidth, security and mobility. This evolution has triggered
the emergence of novel networking architectures targeting current, as
well as future, utilisation demands. Information-Centric Networking (ICN) is a
prominent example of these novel architectures that moves away from the current
host-centric communications and centres its networking functions around
content.
Parallel to this, new utilisation scenarios in which smart devices interact with
one another, as well as with other networked elements, have emerged to constitute
what we know as the Internet of Things (IoT). IoT is expected to have
a significant impact on both the economy and society. However, fostering the
widespread adoption of IoT requires many challenges to be overcome. Despite
recent developments, several issues concerning the deployment of IPbased
IoT solutions on a large scale are still open.
The fact that IoT is focused on data and information rather than on point-topoint
communications suggests the adoption of solutions relying on ICN architectures.
In this context, this work explores the ground concepts of ICN
to develop a comprehensive vision of the principal requirements that should
be met by an IoT-oriented ICN architecture. This vision is complemented with
solutions to fundamental issues for the adoption of an ICN-based IoT. First,
to ensure the freshness of the information while retaining the advantages of
ICN’s in-network caching mechanisms. Second, to enable discovery functionalities
in both local and large-scale domains. The proposed mechanisms are
evaluated through both simulation and prototyping approaches, with results
showcasing the feasibility of their adoption. Moreover, the outcomes of this
work contribute to the development of new compelling concepts towards a
full-fledged Named Network of Things.A forma como usamos a Internet tem vindo a evoluir desde a sua criação.
Atualmente, os utilizadores estão mais interessados em aceder a conteúdos
e serviços, com elevados requisitos em termos de largura de banda, segurança
e mobilidade. Esta evolução desencadeou o desenvolvimento de novas
arquiteturas de rede, visando os atuais, bem como os futuros, requisitos de
utilização. As Redes Centradas à Informação (Information-Centric Networking
- ICN) são um exemplo proeminente destas novas arquiteturas que, em vez
de seguirem um modelo de comunicação centrado nos dispositivos terminais,
centram as suas funções de rede em torno do próprio conteúdo.
Paralelamente, novos cenários de utilização onde dispositivos inteligentes interagem
entre si, e com outros elementos de rede, têm vindo a aparecer e
constituem o que hoje conhecemos como a Internet das Coisas (Internet of
Things - IoT ). É esperado que a IoT tenha um impacto significativo na economia
e na sociedade. No entanto, promover a adoção em massa da IoT ainda
requer que muitos desafios sejam superados. Apesar dos desenvolvimentos
recentes, vários problemas relacionados com a adoção em larga escala de
soluções de IoT baseadas no protocolo IP estão em aberto.
O facto da IoT estar focada em dados e informação, em vez de comunicações
ponto-a-ponto, sugere a adoção de soluções baseadas em arquiteturas
ICN. Neste sentido, este trabalho explora os conceitos base destas soluções
para desenvolver uma visão completa dos principais requisitos que devem ser
satisfeitos por uma solução IoT baseada na arquitetura de rede ICN. Esta visão
é complementada com soluções para problemas cruciais para a adoção
de uma IoT baseada em ICN. Em primeiro lugar, assegurar que a informação
seja atualizada e, ao mesmo tempo, manter as vantagens do armazenamento
intrínseco em elementos de rede das arquiteturas ICN. Em segundo lugar,
permitir as funcionalidades de descoberta não só em domínios locais, mas
também em domínios de larga-escala. Os mecanismos propostos são avaliados
através de simulações e prototipagem, com os resultados a demonstrarem
a viabilidade da sua adoção. Para além disso, os resultados deste
trabalho contribuem para o desenvolvimento de conceitos sólidos em direção
a uma verdadeira Internet das Coisas baseada em Nomes.Programa Doutoral em Telecomunicaçõe
Access Control Mechanisms in Named Data Networks:A Comprehensive Survey
Information-Centric Networking (ICN) has recently emerged as a prominent
candidate for the Future Internet Architecture (FIA) that addresses existing
issues with the host-centric communication model of the current TCP/IP-based
Internet. Named Data Networking (NDN) is one of the most recent and active ICN
architectures that provides a clean slate approach for Internet communication.
NDN provides intrinsic content security where security is directly provided to
the content instead of communication channel. Among other security aspects,
Access Control (AC) rules specify the privileges for the entities that can
access the content. In TCP/IP-based AC systems, due to the client-server
communication model, the servers control which client can access a particular
content. In contrast, ICN-based networks use content names to drive
communication and decouple the content from its original location. This
phenomenon leads to the loss of control over the content causing different
challenges for the realization of efficient AC mechanisms. To date,
considerable efforts have been made to develop various AC mechanisms in NDN. In
this paper, we provide a detailed and comprehensive survey of the AC mechanisms
in NDN. We follow a holistic approach towards AC in NDN where we first
summarize the ICN paradigm, describe the changes from channel-based security to
content-based security and highlight different cryptographic algorithms and
security protocols in NDN. We then classify the existing AC mechanisms into two
main categories: Encryption-based AC and Encryption-independent AC. Each
category has different classes based on the working principle of AC (e.g.,
Attribute-based AC, Name-based AC, Identity-based AC, etc). Finally, we present
the lessons learned from the existing AC mechanisms and identify the challenges
of NDN-based AC at large, highlighting future research directions for the
community.Comment: This paper has been accepted for publication by the ACM Computing
Surveys. The final version will be published by the AC
Access Control Mechanisms in Named Data Networks: A Comprehensive Survey
Information-Centric Networking (ICN) has recently emerged as a prominent
candidate for the Future Internet Architecture (FIA) that addresses existing
issues with the host-centric communication model of the current TCP/IP-based
Internet. Named Data Networking (NDN) is one of the most recent and active ICN
architectures that provides a clean slate approach for Internet communication.
NDN provides intrinsic content security where security is directly provided to
the content instead of communication channel. Among other security aspects,
Access Control (AC) rules specify the privileges for the entities that can
access the content. In TCP/IP-based AC systems, due to the client-server
communication model, the servers control which client can access a particular
content. In contrast, ICN-based networks use content names to drive
communication and decouple the content from its original location. This
phenomenon leads to the loss of control over the content causing different
challenges for the realization of efficient AC mechanisms. To date,
considerable efforts have been made to develop various AC mechanisms in NDN. In
this paper, we provide a detailed and comprehensive survey of the AC mechanisms
in NDN. We follow a holistic approach towards AC in NDN where we first
summarize the ICN paradigm, describe the changes from channel-based security to
content-based security and highlight different cryptographic algorithms and
security protocols in NDN. We then classify the existing AC mechanisms into two
main categories: Encryption-based AC and Encryption-independent AC. Each
category has different classes based on the working principle of AC (e.g.,
Attribute-based AC, Name-based AC, Identity-based AC, etc). Finally, we present
the lessons learned from the existing AC mechanisms and identify the challenges
of NDN-based AC at large, highlighting future research directions for the
community.Comment: This paper has been accepted for publication by the ACM Computing
Surveys. The final version will be published by the AC
- …