1,517 research outputs found
PIT Overload Analysis in Content Centric Networks
Content Centric Networking represents a paradigm shift in the evolution and definition of modern network protocols. Many research efforts have been made with the purpose of proving the feasibility and the scalability of this proposal. Our main contribution is to provide an analysis of the Pending Interest Table memory requirements in real deployment scenarios, especially considering the impact of distributed denial of service attacks. In fact, the state that the protocol maintains for each resource request makes the routers more prone to resources exhaustion issues than in traditional stateless solutions. Our results are derived by using a full custom simulator and considering the different node architectures that have been proposed as valid reference models. The main outcomes point out differentiated weaknesses in each architecture we investigated and underline the need for improvements in terms of security and scalabilit
Backscatter from the Data Plane --- Threats to Stability and Security in Information-Centric Networking
Information-centric networking proposals attract much attention in the
ongoing search for a future communication paradigm of the Internet. Replacing
the host-to-host connectivity by a data-oriented publish/subscribe service
eases content distribution and authentication by concept, while eliminating
threats from unwanted traffic at an end host as are common in today's Internet.
However, current approaches to content routing heavily rely on data-driven
protocol events and thereby introduce a strong coupling of the control to the
data plane in the underlying routing infrastructure. In this paper, threats to
the stability and security of the content distribution system are analyzed in
theory and practical experiments. We derive relations between state resources
and the performance of routers and demonstrate how this coupling can be misused
in practice. We discuss new attack vectors present in its current state of
development, as well as possibilities and limitations to mitigate them.Comment: 15 page
Security for the Industrial IoT: The Case for Information-Centric Networking
Industrial production plants traditionally include sensors for monitoring or
documenting processes, and actuators for enabling corrective actions in cases
of misconfigurations, failures, or dangerous events. With the advent of the
IoT, embedded controllers link these `things' to local networks that often are
of low power wireless kind, and are interconnected via gateways to some cloud
from the global Internet. Inter-networked sensors and actuators in the
industrial IoT form a critical subsystem while frequently operating under harsh
conditions. It is currently under debate how to approach inter-networking of
critical industrial components in a safe and secure manner.
In this paper, we analyze the potentials of ICN for providing a secure and
robust networking solution for constrained controllers in industrial safety
systems. We showcase hazardous gas sensing in widespread industrial
environments, such as refineries, and compare with IP-based approaches such as
CoAP and MQTT. Our findings indicate that the content-centric security model,
as well as enhanced DoS resistance are important arguments for deploying
Information Centric Networking in a safety-critical industrial IoT. Evaluation
of the crypto efforts on the RIOT operating system for content security reveal
its feasibility for common deployment scenarios.Comment: To be published at IEEE WF-IoT 201
ADN: An Information-Centric Networking Architecture for the Internet of Things
Forwarding data by name has been assumed to be a necessary aspect of an
information-centric redesign of the current Internet architecture that makes
content access, dissemination, and storage more efficient. The Named Data
Networking (NDN) and Content-Centric Networking (CCNx) architectures are the
leading examples of such an approach. However, forwarding data by name incurs
storage and communication complexities that are orders of magnitude larger than
solutions based on forwarding data using addresses. Furthermore, the specific
algorithms used in NDN and CCNx have been shown to have a number of
limitations. The Addressable Data Networking (ADN) architecture is introduced
as an alternative to NDN and CCNx. ADN is particularly attractive for
large-scale deployments of the Internet of Things (IoT), because it requires
far less storage and processing in relaying nodes than NDN. ADN allows things
and data to be denoted by names, just like NDN and CCNx do. However, instead of
replacing the waist of the Internet with named-data forwarding, ADN uses an
address-based forwarding plane and introduces an information plane that
seamlessly maps names to addresses without the involvement of end-user
applications. Simulation results illustrate the order of magnitude savings in
complexity that can be attained with ADN compared to NDN.Comment: 10 page
Content-Centric Networking at Internet Scale through The Integration of Name Resolution and Routing
We introduce CCN-RAMP (Routing to Anchors Matching Prefixes), a new approach
to content-centric networking. CCN-RAMP offers all the advantages of the Named
Data Networking (NDN) and Content-Centric Networking (CCNx) but eliminates the
need to either use Pending Interest Tables (PIT) or lookup large Forwarding
Information Bases (FIB) listing name prefixes in order to forward Interests.
CCN-RAMP uses small forwarding tables listing anonymous sources of Interests
and the locations of name prefixes. Such tables are immune to Interest-flooding
attacks and are smaller than the FIBs used to list IP address ranges in the
Internet. We show that no forwarding loops can occur with CCN-RAMP, and that
Interests flow over the same routes that NDN and CCNx would maintain using
large FIBs. The results of simulation experiments comparing NDN with CCN-RAMP
based on ndnSIM show that CCN-RAMP requires forwarding state that is orders of
magnitude smaller than what NDN requires, and attains even better performance
eComVes: Enhancing ComVes using Data Piggybacking for Resource Discovery at the Network Edge
Over the past few years, Augmented Reality (AR) and Virtual Reality (VR) have emerged as highly popular technologies that demand rapid and efficient processing of data with low latency and high bandwidth, in order to enable seamless real-time interaction between users and the virtual environment. This presents challenges for network infrastructure design, which can be addressed through edge computing. However, edge computing also presents challenges, such as selecting the appropriate edge server for computing tasks in dynamic networks with rapidly changing resource availability. Named Data Networking (NDN) is a potential future Internet architecture that could provide a balanced distribution of edge services across servers, thereby preventing service disruptions. In this study, eComVes, a novel strategy that enhances ComVes, is proposed for information-centric edge applications that adopt a correction mechanism to ensure service execution on the highest resourced server. This mechanism allows users and intermediate routers to learn about the servers’ resource status directly from the server without using any explicit control messages or probing. We evaluated the performance of the eComVes against ComVes and observed an improvement in the success ratio with maintaining consistent response time, indicating an improvement in load balance across the servers
A Case for Time Slotted Channel Hopping for ICN in the IoT
Recent proposals to simplify the operation of the IoT include the use of
Information Centric Networking (ICN) paradigms. While this is promising,
several challenges remain. In this paper, our core contributions (a) leverage
ICN communication patterns to dynamically optimize the use of TSCH (Time
Slotted Channel Hopping), a wireless link layer technology increasingly popular
in the IoT, and (b) make IoT-style routing adaptive to names, resources, and
traffic patterns throughout the network--both without cross-layering. Through a
series of experiments on the FIT IoT-LAB interconnecting typical IoT hardware,
we find that our approach is fully robust against wireless interference, and
almost halves the energy consumed for transmission when compared to CSMA. Most
importantly, our adaptive scheduling prevents the time-slotted MAC layer from
sacrificing throughput and delay
- …