Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking

Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. In CCN, named content becomes a first-class entity. CCN focuses on content distribution, which dominates current Internet traffic and is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on distributed denial-of-service (DDoS) attacks; in particular we address interest flooding, an attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.Comment: The IEEE Conference on Local Computer Networks (LCN 2013

ADN: An Information-Centric Networking Architecture for the Internet of Things

Forwarding data by name has been assumed to be a necessary aspect of an information-centric redesign of the current Internet architecture that makes content access, dissemination, and storage more efficient. The Named Data Networking (NDN) and Content-Centric Networking (CCNx) architectures are the leading examples of such an approach. However, forwarding data by name incurs storage and communication complexities that are orders of magnitude larger than solutions based on forwarding data using addresses. Furthermore, the specific algorithms used in NDN and CCNx have been shown to have a number of limitations. The Addressable Data Networking (ADN) architecture is introduced as an alternative to NDN and CCNx. ADN is particularly attractive for large-scale deployments of the Internet of Things (IoT), because it requires far less storage and processing in relaying nodes than NDN. ADN allows things and data to be denoted by names, just like NDN and CCNx do. However, instead of replacing the waist of the Internet with named-data forwarding, ADN uses an address-based forwarding plane and introduces an information plane that seamlessly maps names to addresses without the involvement of end-user applications. Simulation results illustrate the order of magnitude savings in complexity that can be attained with ADN compared to NDN.Comment: 10 page

A Light-Weight Forwarding Plane for Content-Centric Networks

We present CCN-DART, a more efficient forwarding approach for content-centric networking (CCN) than named data networking (NDN) that substitutes Pending Interest Tables (PIT) with Data Answer Routing Tables (DART) and uses a novel approach to eliminate forwarding loops. The forwarding state required at each router using CCN-DART consists of segments of the routes between consumers and content providers that traverse a content router, rather than the Interests that the router forwards towards content providers. Accordingly, the size of a DART is proportional to the number of routes used by Interests traversing a router, rather than the number of Interests traversing a router. We show that CCN-DART avoids forwarding loops by comparing distances to name prefixes reported by neighbors, even when routing loops exist. Results of simulation experiments comparing CCN-DART with NDN using the ndnSIM simulation tool show that CCN-DART incurs 10 to 20 times less storage overhead

Content-Centric Networking at Internet Scale through The Integration of Name Resolution and Routing

We introduce CCN-RAMP (Routing to Anchors Matching Prefixes), a new approach to content-centric networking. CCN-RAMP offers all the advantages of the Named Data Networking (NDN) and Content-Centric Networking (CCNx) but eliminates the need to either use Pending Interest Tables (PIT) or lookup large Forwarding Information Bases (FIB) listing name prefixes in order to forward Interests. CCN-RAMP uses small forwarding tables listing anonymous sources of Interests and the locations of name prefixes. Such tables are immune to Interest-flooding attacks and are smaller than the FIBs used to list IP address ranges in the Internet. We show that no forwarding loops can occur with CCN-RAMP, and that Interests flow over the same routes that NDN and CCNx would maintain using large FIBs. The results of simulation experiments comparing NDN with CCN-RAMP based on ndnSIM show that CCN-RAMP requires forwarding state that is orders of magnitude smaller than what NDN requires, and attains even better performance

Named Multipath Depth-First Search: An SDN-based Routing Strategy for Efficient Failure Handling and Content Delivery in NDN

Information-centric networking (ICN) architectures, such as named data networking (NDN), have emerged as potential solutions for efficiently retrieving and delivering content. However, challenges remain regarding routing scalability, resilience, and caching efficiency. Software-defined networking (SDN) offers opportunities to optimize NDN implementations through centralized control and programmability. In this paper, we propose Named Multipath DFS, an SDN-based routing and caching scheme for NDN networks. NMDFS leverages a centralized controller to pre-compute multipath routes and implement coordinated caching. We evaluate NMDFS on an emulated topology testbed against default NDN and Named-data link state routing. The results demonstrate significant improvements with NMDFS, reducing overhead signalling costs by 94% and 78%, respectively, compared with other schemes. Round-trip latencies for content retrieval were reduced by up to 98%. The SDN controller’s global network view and control are leveraged to optimize content caching through packet loss-driven adaptation and eliminate redundant messaging, leading to substantial performance gains