Enhancing Cache Robustness in Named Data Networks

Information-centric networks (ICNs) are a category of network architectures that focus on content, rather than hosts, to more effectively support the needs of today’s users. One major feature of such networks is in-network storage, which is realized by the presence of content storage routers throughout the network. These content storage routers cache popular content object chunks close to the consumers who request them in order to reduce latency for those end users and to decrease overall network congestion. Because of their prominence, network storage devices such as content storage routers will undoubtedly be major targets for malicious users. Two primary goals of attackers are to increase cache pollution and decrease hit rate by legitimate users. This would effectively reduce or eliminate the advantages of having in-network storage. Therefore, it is crucial to defend against these types of attacks. In this thesis, we study a specific ICN architecture called Named Data Networking (NDN) and simulate several attack scenarios on different network topologies to ascertain the effectiveness of different cache replacement algorithms, such as LRU and LFU (specifically, LFU-DA.) We apply our new per-face popularity with dynamic aging (PFP-DA) scheme to the content storage routers in the network and measure both cache pollution percentages as well as hit rate experienced by legitimate consumers. The current solutions in the literature that relate to reducing the effects of cache pollution largely focus on detection of attacker behavior. Since this behavior is very unpredictable, it is not guaranteed that any detection mechanisms will work well if the attackers employ smart attacks. Furthermore, current solutions do not consider the effects of a particularly aggressive attack against any single or small set of faces (interfaces.) Therefore, we have developed three related algorithms, namely PFP, PFP-DA, and Parameterized PFP-DA. PFP ensures that interests that ingress over any given face do not overwhelm the calculated popularity of a content object chunk. PFP normalizes the ranks on all faces and uses the collective contributions of these faces to determine the overall popularity, which in turn determines what content stays in the cache and what is evicted. PFP-DA adds recency to the original PFP algorithm and ensures that content object chunks do not remain in the cache longer than their true, current popularity dictates. Finally, we explore PFP-β, a parameterized version of PFP-DA, in which a β parameter is provided that causes the popularity calculations to take on Zipf-like characteristics, which in turn reduces the numeric distance between top rated items, and lower rated items, favoring items with multi-face contribution over those with single-face contributions and those with contributions over very few faces. We explore how the PFP-based schemes can reduce impact of contributions over any given face or small number of faces on an NDN content storage router. This in turn, reduces the impact that even some of the most aggressive attackers can have when they overwhelm one or a few faces, by normalizing the contributions across all contributing faces for a given content object chunk. During attack scenarios, we conclude that PFP-DA performs better than both LRU and LFU-DA in terms of resisting the effects of cache pollution and maintaining strong hit rates. We also demonstrate that PFP-DA performs better even when no attacks are being leveraged against the content store. This opens the door for further research both within and outside of ICN-based architectures as a means to enhance security and overall performance.Ph.D.College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/145175/1/John Baugh Final Dissertation.pdfDescription of John Baugh Final Dissertation.pdf : Dissertatio

Availability, Integrity, and Confidentiality for Content Centric Network internet architectures

The Internet as we know it today, despite being ``the result of a series of accidents of choices'' in Prof. Jon Crowcroft's words, has undoubtedly been an amazing success story. However, it has been constantly challenged by the demands of the overwhelming evolution of data traffic types, non-functional needs of applications and users, and device diversity. The phrase ``future internet architecture'' can be interpreted as referring to a revised set of design principles. As Dr David Clark rightfully suggested, we need to ``allow for the future in the face of the present''. Content Centric Networking (CCN) is one of the candidates for a future internet architecture. Security is one of the most significant considerations while designing a future internet architecture. Availability, Integrity, and Confidentiality (AIC) are considered the three most crucial components of security: 1) availability is the assurance of continuous, reliable, and uninterrupted access to the information by authorized people, 2) integrity is the preservation of information and prevention of any change in it caused via accident or malicious intent, and 3) confidentiality is the ability to keep the information secret from unintended audience, intruders, and adversaries. This thesis discusses AIC related security threats and corresponding remedies for Named Data Networking (NDN) which is a promising example of CCN. It also presents a system dynamics modelling approach to bridge the gap between the technical solutions and business strategy by quantifying some of the qualitative variables salient to technology architects, policymakers, lawmakers, regulators, and internet service providers for the design of a future-proof internet architecture

Up-to-date Key Retrieval for Information Centric Networking

Information Centric Networking (ICN) leverages in-network caching to provide efficient data distribution and better performance by replicating contents in multiple nodes to bring content nearer the users. Since contents are stored and replicated into node caches, the content validity must be assured end-to-end. Each content object carries a digital signature to provide a proof of its integrity, authenticity, and provenance. However, the use of digital signatures requires a key management infrastructure to manage the key life cycle. To perform a proper signature verification, a node needs to know whether the signing key is valid or it has been revoked. This paper discusses how to retrieve up-to-date signing keys in the ICN scenario. In the usual public key infrastructure, the Certificate Revocation Lists (CRL) or the Online Certificate Status Protocol (OCSP) enable applications to obtain the revocation status of a certificate. However, the push-based distribution of Certificate Revocation Lists and the request/response paradigm of Online Certificate Status Protocol should be fit in the mechanism of named-data. We consider three possible approaches to distribute up-to-date keys in a similar way to the current CRL and OCSP. Then, we suggest a fourth protocol leveraging a set of distributed notaries, which naturally fits the ICN scenario. Finally, we evaluate the number and size of exchanged messages of each solution, and then we compare the methods considering the perceived latency by the end nodes and the throughput on the network links

The use of computational intelligence for security in named data networking

Information-Centric Networking (ICN) has recently been considered as a promising paradigm for the next-generation Internet, shifting from the sender-driven end-to-end communication paradigma to a receiver-driven content retrieval paradigm. In ICN, content -rather than hosts, like in IP-based design- plays the central role in the communications. This change from host-centric to content-centric has several significant advantages such as network load reduction, low dissemination latency, scalability, etc. One of the main design requirements for the ICN architectures -since the beginning of their design- has been strong security. Named Data Networking (NDN) (also referred to as Content-Centric Networking (CCN) or Data-Centric Networking (DCN)) is one of these architectures that are the focus of an ongoing research effort that aims to become the way Internet will operate in the future. Existing research into security of NDN is at an early stage and many designs are still incomplete. To make NDN a fully working system at Internet scale, there are still many missing pieces to be filled in. In this dissertation, we study the four most important security issues in NDN in order to defense against new forms of -potentially unknown- attacks, ensure privacy, achieve high availability, and block malicious network traffics belonging to attackers or at least limit their effectiveness, i.e., anomaly detection, DoS/DDoS attacks, congestion control, and cache pollution attacks. In order to protect NDN infrastructure, we need flexible, adaptable and robust defense systems which can make intelligent -and real-time- decisions to enable network entities to behave in an adaptive and intelligent manner. In this context, the characteristics of Computational Intelligence (CI) methods such as adaption, fault tolerance, high computational speed and error resilient against noisy information, make them suitable to be applied to the problem of NDN security, which can highlight promising new research directions. Hence, we suggest new hybrid CI-based methods to make NDN a more reliable and viable architecture for the future Internet.Information-Centric Networking (ICN) ha sido recientemente considerado como un paradigma prometedor parala nueva generación de Internet, pasando del paradigma de la comunicación de extremo a extremo impulsada por el emisora un paradigma de obtención de contenidos impulsada por el receptor. En ICN, el contenido (más que los nodos, como sucede en redes IPactuales) juega el papel central en las comunicaciones. Este cambio de "host-centric" a "content-centric" tiene varias ventajas importantes como la reducción de la carga de red, la baja latencia, escalabilidad, etc. Uno de los principales requisitos de diseño para las arquitecturas ICN (ya desde el principiode su diseño) ha sido una fuerte seguridad. Named Data Networking (NDN) (también conocida como Content-Centric Networking (CCN) o Data-Centric Networking (DCN)) es una de estas arquitecturas que son objetode investigación y que tiene como objetivo convertirse en la forma en que Internet funcionará en el futuro. Laseguridad de NDN está aún en una etapa inicial. Para hacer NDN un sistema totalmente funcional a escala de Internet, todavía hay muchas piezas que faltan por diseñar. Enesta tesis, estudiamos los cuatro problemas de seguridad más importantes de NDN, para defendersecontra nuevas formas de ataques (incluyendo los potencialmente desconocidos), asegurar la privacidad, lograr una alta disponibilidad, y bloquear los tráficos de red maliciosos o al menos limitar su eficacia. Estos cuatro problemas son: detección de anomalías, ataques DoS / DDoS, control de congestión y ataques de contaminación caché. Para solventar tales problemas necesitamos sistemas de defensa flexibles, adaptables y robustos que puedantomar decisiones inteligentes en tiempo real para permitir a las entidades de red que se comporten de manera rápida e inteligente. Es por ello que utilizamos Inteligencia Computacional (IC), ya que sus características (la adaptación, la tolerancia a fallos, alta velocidad de cálculo y funcionamiento adecuado con información con altos niveles de ruido), la hace adecuada para ser aplicada al problema de la seguridad ND

5G Security Challenges and Solutions: A Review by OSI Layers

The Fifth Generation of Communication Networks (5G) envisions a broader range of servicescompared to previous generations, supporting an increased number of use cases and applications. Thebroader application domain leads to increase in consumer use and, in turn, increased hacker activity. Dueto this chain of events, strong and efficient security measures are required to create a secure and trustedenvironment for users. In this paper, we provide an objective overview of5G security issues and theexisting and newly proposed technologies designed to secure the5G environment. We categorize securitytechnologies usingOpen Systems Interconnection (OSI)layers and, for each layer, we discuss vulnerabilities,threats, security solutions, challenges, gaps and open research issues. While we discuss all sevenOSIlayers, the most interesting findings are in layer one, the physical layer. In fact, compared to other layers,the physical layer between the base stations and users’ device presents increased opportunities for attackssuch as eavesdropping and data fabrication. However, no singleOSI layer can stand on its own to provideproper security. All layers in the5G must work together, providing their own unique technology in an effortto ensure security and integrity for5G data

We are the Change that we Seek: Information Interactions During a Change of Viewpoint

There has been considerable hype about filter bubbles and echo chambers influencing the views of information consumers. The fear is that these technologies are undermining democracy by swaying opinion and creating an uninformed, polarised populace. The literature in this space is mostly techno-centric, addressing the impact of technology. In contrast, our work is the first research in the information interaction field to examine changing viewpoints from a human-centric perspective. It provides a new understanding of view change and how we might support informed, autonomous view change behaviour. We interviewed 18 participants about a self-identified change of view, and the information touchpoints they engaged with along the way. In this paper we present the information types and sources that informed changes of viewpoint, and the ways in which our participants interacted with that information. We describe our findings in the context of the techno-centric literature and suggest principles for designing digital information environments that support user autonomy and reflection in viewpoint formation

Service Provisioning in Edge-Cloud Continuum Emerging Applications for Mobile Devices

Disruptive applications for mobile devices can be enhanced by Edge computing facilities. In this context, Edge Computing (EC) is a proposed architecture to meet the mobility requirements imposed by these applications in a wide range of domains, such as the Internet of Things, Immersive Media, and Connected and Autonomous Vehicles. EC architecture aims to introduce computing capabilities in the path between the user and the Cloud to execute tasks closer to where they are consumed, thus mitigating issues related to latency, context awareness, and mobility support. In this survey, we describe which are the leading technologies to support the deployment of EC infrastructure. Thereafter, we discuss the applications that can take advantage of EC and how they were proposed in the literature. Finally, after examining enabling technologies and related applications, we identify some open challenges to fully achieve the potential of EC, and also research opportunities on upcoming paradigms for service provisioning. This survey is a guide to comprehend the recent advances on the provisioning of mobile applications, as well as foresee the expected next stages of evolution for these applications