The use of computational intelligence for security in named data networking

Information-Centric Networking (ICN) has recently been considered as a promising paradigm for the next-generation Internet, shifting from the sender-driven end-to-end communication paradigma to a receiver-driven content retrieval paradigm. In ICN, content -rather than hosts, like in IP-based design- plays the central role in the communications. This change from host-centric to content-centric has several significant advantages such as network load reduction, low dissemination latency, scalability, etc. One of the main design requirements for the ICN architectures -since the beginning of their design- has been strong security. Named Data Networking (NDN) (also referred to as Content-Centric Networking (CCN) or Data-Centric Networking (DCN)) is one of these architectures that are the focus of an ongoing research effort that aims to become the way Internet will operate in the future. Existing research into security of NDN is at an early stage and many designs are still incomplete. To make NDN a fully working system at Internet scale, there are still many missing pieces to be filled in. In this dissertation, we study the four most important security issues in NDN in order to defense against new forms of -potentially unknown- attacks, ensure privacy, achieve high availability, and block malicious network traffics belonging to attackers or at least limit their effectiveness, i.e., anomaly detection, DoS/DDoS attacks, congestion control, and cache pollution attacks. In order to protect NDN infrastructure, we need flexible, adaptable and robust defense systems which can make intelligent -and real-time- decisions to enable network entities to behave in an adaptive and intelligent manner. In this context, the characteristics of Computational Intelligence (CI) methods such as adaption, fault tolerance, high computational speed and error resilient against noisy information, make them suitable to be applied to the problem of NDN security, which can highlight promising new research directions. Hence, we suggest new hybrid CI-based methods to make NDN a more reliable and viable architecture for the future Internet.Information-Centric Networking (ICN) ha sido recientemente considerado como un paradigma prometedor parala nueva generación de Internet, pasando del paradigma de la comunicación de extremo a extremo impulsada por el emisora un paradigma de obtención de contenidos impulsada por el receptor. En ICN, el contenido (más que los nodos, como sucede en redes IPactuales) juega el papel central en las comunicaciones. Este cambio de "host-centric" a "content-centric" tiene varias ventajas importantes como la reducción de la carga de red, la baja latencia, escalabilidad, etc. Uno de los principales requisitos de diseño para las arquitecturas ICN (ya desde el principiode su diseño) ha sido una fuerte seguridad. Named Data Networking (NDN) (también conocida como Content-Centric Networking (CCN) o Data-Centric Networking (DCN)) es una de estas arquitecturas que son objetode investigación y que tiene como objetivo convertirse en la forma en que Internet funcionará en el futuro. Laseguridad de NDN está aún en una etapa inicial. Para hacer NDN un sistema totalmente funcional a escala de Internet, todavía hay muchas piezas que faltan por diseñar. Enesta tesis, estudiamos los cuatro problemas de seguridad más importantes de NDN, para defendersecontra nuevas formas de ataques (incluyendo los potencialmente desconocidos), asegurar la privacidad, lograr una alta disponibilidad, y bloquear los tráficos de red maliciosos o al menos limitar su eficacia. Estos cuatro problemas son: detección de anomalías, ataques DoS / DDoS, control de congestión y ataques de contaminación caché. Para solventar tales problemas necesitamos sistemas de defensa flexibles, adaptables y robustos que puedantomar decisiones inteligentes en tiempo real para permitir a las entidades de red que se comporten de manera rápida e inteligente. Es por ello que utilizamos Inteligencia Computacional (IC), ya que sus características (la adaptación, la tolerancia a fallos, alta velocidad de cálculo y funcionamiento adecuado con información con altos niveles de ruido), la hace adecuada para ser aplicada al problema de la seguridad ND

Traffic and resource management in content-centric networks (design and evaluation)

Dans les dernières années, l utilisation d Internet a sensiblement changé en passant d un modèle de communication centré sur les machines á un centré sur les contenus. La plus part de services utilisés par les clients d Internet aujourd hui sont déjà centré sur les contenus même et pas sur leurs emplacement. Dans ce contexte, beaucoup de projets de recherche proposent un changement de l architecture de l Internet, en mettent des contenu identifié par leur nom au centre du réseau. Ce group de proposition est identifiés sous le nom de Information Centric Networking (ICN). Cette thèse se focalise sur la proposition Content-Centric Network (CCN). Dans une premier temps, nous analysons les performance du modèle de communication CCN en se concentrent sur le partage de la bande passante et de la mémoire et en proposant des formules pour la caractérisation du temps de transfert. Deuxièmement, nous proposons un protocole de contrôle de congestion et des mécanismes de forwarding pour CCN. En particulier on présent un premier mécanisme de contrôle de congestion, Interest Control Protocol (ICP), qui utilise une fenêtre contrôlé avec le mécanisme Additive Increase Multiplicative Decrease au récepteur. En complément avec ça, nous présentons un mécanisme distribué (hop-by-hop) pour obtenir une détection/réaction à la congestion plus rapide. Nous proposons aussi une modification d'ICP en implémentant le mécanisme Remote Adaptive Active Queue Management pour exploiter efficacement le multi-chemin. En fin, nous présentons un mécanisme de forwarding distribué qui base ses décisions sur des mesure de qualité d interface par chaque préfixe disponible dans les tableaux de routage.The advent of the World Wide Web has radically changed Internet usage from host-to-host to service access and data retrieval. The majority of services used by Internet s clients are content-centric (e.g. web). However, the original Internet revolves around host-to-host communication for which it was conceived. Even if Internet has been able to address the challenges offered by new applications, there is an evident mismatch between the architecture and its current usage. Many projects in national research agencies propose to redesign the Internet architecture around named data. Such research efforts are identified under the name of Information Centric Networking. This thesis focuses on the Content-Centric Networking (CCN) proposition. We first analyze the CCN communication model with particular focus on the bandwidth and storage sharing performance, We compute closed formulas for data delivery time, that we use in the second part of the thesis as guideline for network protocol design. Second, we propose some CCN congestion control and forwarding mechanisms. We present a first window based receiver driven flow control protocol, Interest Control Protocol (ICP). We also introduce a hop-by-hop congestion control mechanism to obtain early congestion detection and reaction. We then extend the original ICP congestion control protocol implementing a Remote Adaptive Active Queue Management mechanism in order to efficiently exploit heterogeneous (joint/disjoint) network paths. Finally, we introduce a distributed forwarding mechanism that bases its decisions on per prefix and per interface quality measurement without impacting the system scalability.PARIS-Télécom ParisTech (751132302) / SudocSudocFranceF