情報指向ネットワークにおけるトラヒック制御方式に関する研究

関西大

Enhanced Forwarding Strategies in Information Centric Networking

Content Centric Networking (CCN), a Clean Slate architecture to Information Centric Networking (ICN) , uses new approaches to routing named content, achieving scalability, security and performance. This thesis proposes a design of an effective multi-path forwarding strategy and performs an evaluation of this strategy in a set of scenarios that consider large scale deployments. The evaluations show improved performance in terms of user application throughput, delays, adoptability and scalability against adverse conditions (such as differing background loads and mobility) compared to the originally proposed forwarding strategies. Secondly, this thesis proposes an analytical model based on Markov Modulated Rate Process (MMRP) to characterize multi-path data transfers in CCN. The results show a close resemblance in performance between the analytical model and the simulation model

Enabling Correct Interest Forwarding and Retransmissions in a Content Centric Network

We show that the mechanisms used in the name data networking (NDN) and the original content centric networking (CCN) architectures may not detect Interest loops, even if the network in which they operate is static and no faults occur. Furthermore, we show that no correct Interest forwarding strategy can be defined that allows Interest aggregation and attempts to detect Interest looping by identifying Interests uniquely. We introduce SIFAH (Strategy for Interest Forwarding and Aggregation with Hop-Counts), the first Interest forwarding strategy shown to be correct under any operational conditions of a content centric network. SIFAH operates by having forwarding information bases (FIBs) store the next hops and number of hops to named content, and by having each Interest state the name of the requested content and the hop count from the router forwarding an Interest to the content. We present the results of simulation experiments using the ndnSIM simulator comparing CCN and NDN with SIFAH. The results of these experiments illustrate the negative impact of undetected Interest looping when Interests are aggregated in CCN and NDN, and the performance advantages of using SIFAH

Side-channel timing attack on content privacy of named data networking

Tese de Doutoramento em Engenharia Electrónica e de ComputadoresA diversity of current applications, such as Netflix, YouTube, and social media, have used the Internet mainly as a content distribution network. Named Data Networking (NDN) is a network paradigm that attempts to answer today’s applications need by naming the content. NDN promises an optimized content distribution through a named content-centric design. One of the NDN key features is the use of in-network caching to improve network efficiency in terms of content distribution. However, the cached contents may put the consumer privacy at risk. Since the time response of cached contents is different from un-cached contents, the adversary may distinguish the cached contents (targets) from un-cached ones, through the side-channel timing responses. The scope of attack can be towards the content, the name, or the signature. For instance, the adversary may obtain the call history, the callee or caller location on a trusted Voice over NDN (VoNDN) and the popularity of contents in streaming applications (e.g. NDNtube, NDNlive) through side-channel timing responses of the cache. The side-channel timing attack can be mitigated by manipulating the time of the router responses. The countermeasures proposed by other researches, such as additional delay, random/probabilistic caching, group signatures, and no-caching can effectively be used to mitigate the attack. However, the content distribution may be affected by pre-configured countermeasures which may go against the goal of the original NDN paradigm. In this work, the detection and defense (DaD) approach is proposed to mitigate the attack efficiently and effectively. With the DaD usage, an attack can be detected by a multi-level detection mechanism, in order to apply the countermeasures against the adversarial faces. Also, the detections can be used to determine the severity of the attack. In order to detect the behavior of an adversary, a brute-force timing attack was implemented and simulated with the following applications and testbeds: i. a trusted application that mimics the VoNDN and identifies the cached certificate on a worldwide NDN testbed, and ii. a streaming-like NDNtube application to identify the popularity of videos on the NDN testbed and AT&T company. In simulation primary results showed that the multi-level detection based on DaD mitigated the attack about 39.1% in best-route, and 36.6% in multicast communications. Additionally, the results showed that DaD preserves privacy without compromising the efficiency benefits of in-network caching in NDNtube and VoNDN applications.Várias aplicações atuais, como o Netflix e o YouTube, têm vindo a usar a Internet como uma rede de distribuição de conteúdos. O Named Data Networking (NDN) é um paradigma recente nas redes de comunicações que tenta responder às necessidades das aplicações modernas, através da nomeação dos conteúdos. O NDN promete uma otimização da distribuição dos conteúdos usando uma rede centrada nos conteúdos. Uma das características principais do NDN é o uso da cache disponivel nos nós da rede para melhorar a eficiência desta em termos de distribuição de conteúdos. No entanto, a colocação dos conteúdos em cache pode colocar em risco a privacidade dos consumidores. Uma vez que a resposta temporal de um conteúdo em cache é diferente do de um conteúdo que não está em cache, o adversário pode distinguir os conteúdos que estão em cache dos que não estão em cache, através das respostas de side-channel. O objectivo do ataque pode ser direcionado para o conteúdo, o nome ou a assinatura da mensagem. Por exemplo, o adversário pode obter o histórico de chamadas, a localização do callee ou do caller num serviço seguro de voz sobre NDN (VoNDN) e a popularidade do conteúdos em aplicações de streaming (e.g. NDNtube, NDNlive) através das respostas temporais de side-channel. O side-channel timing attack pode ser mitigado manipulando o tempo das respostas dos routers. As contramedidas propostas por outros pesquisadores, tais como o atraso adicional, o cache aleatório /probabilístico, as assinaturas de grupo e não fazer cache, podem ser efetivamente usadas para mitigar um ataque. No entanto, a distribuição de conteúdos pode ser afetada por contramedidas pré-configuradas que podem ir contra o propósito original do paradigma NDN. Neste trabalho, a abordagem de detecção e defesa (DaD) é proposta para mitigar o ataque de forma eficiente e eficaz. Com o uso do DaD, um ataque pode ser detectado por um mecanismo de detecção multi-nível, a fim de aplicar as contramedidas contra as interfaces dos adversários. Além disso, as detecções podem ser usadas para determinar a gravidade do ataque. A fim de detectar o comportamento de um adversário, um timing attack de força-bruta foi implementado e simulado com as seguintes aplicações e plataformas (testbeds): i. uma aplicação segura que implementa o VoNDN e identifica o certificado em cache numa plataforma NDN mundial; e ii. uma aplicação de streaming do tipo NDNtube para identificar a popularidade de vídeos na plataforma NDN da empresa AT&T. Os resultados da simulação mostraram que a detecção multi-nível oferecida pelo DaD atenuou o ataque cerca de 39,1% em best-route e 36,5% em comunicações multicast. Para avaliar o efeito nos pedidos legítimos, comparou-se o DaD com uma contramedida estática, tendo-se verificado que o DaD foi capaz de preservar todos os pedidos legítimos

Queuing Modelling and Performance Analysis of Content Transfer in Information Centric Networks

With the rapid development of multimedia services and wireless technology, new generation of network traffic like short-form video and live streaming have put tremendous pressure on the current network infrastructure. To meet the high bandwidth and low latency needs of this new generation of traffic, the focus of Internet architecture has moved from host-centric end-to-end communication to requester-driven content retrieval. This shift has motivated the development of Information-Centric Networking (ICN), a promising new paradigm for the future Internet. ICN aims to improve information retrieval on the Internet by identifying and routing data using unified names. In-network caching and the use of a pending interest table (PIT) are two key features of ICN that are designed to efficiently handle bulk data dissemination and retrieval, as well as reduce bandwidth consumption. Performance analysis has been and continues to be key research interests of ICN. This thesis starts with the evaluation of content delivery delays in ICN. The main component of delay is composed of propagation delay, transmission delay,processing delay and queueing delay. To characterize the main components of content delivery delay, queueing network theory has been exploited to coordinate with cache miss rate in modelling the content delivery time in ICN. Moreover, different topologies and network conditions have been taken into account to evaluate the performance of content transfer in ICN. ICN is intrinsically compatible with wireless networks. To evaluate the performance of content transfer in wireless networks, an analytical model to evaluate the mean service time based on consumer and provider mobility has been proposed. The accuracy of the analytical model is validated through extensive simulation experiments. Finally, the analytical model is used to evaluate the impact of key metrics, such as the cache size, content size and content popularity on the performance of PIT and content transfer in ICN. Pending interest table (PIT) is one of the essential components of the ICN forwarding plane, which is responsible for stateful routing in ICN. It also aggregates the same interests to alleviate request flooding and network congestion. The aggregation feature of PIT improves performance of content delivery in ICN. Thus, having an analytical model to characterize the impact of PIT on content delivery time could allow for a more precise evaluation of content transfer performance. In parallel, if the size of the PIT is not properly determined, the interest drop rate may be too high, resulting in a reduction in quality of service for consumers as their requests have to be retransmitted. Furthermore, PIT is a costly resource as it requires to operate at wirespeed in the forwarding plane. Therefore, in order to ensure that interests drop rate less than the requirement, an analytical model of PIT occupancy has been developed to determine the minimum PIT size. In this thesis, the proposed analytical models are used to efficiently and accurately evaluate the performance of ICN content transfer and investigate the key component of ICN forwarding plane. Leveraging the insights discovered by these analytical models, the minimal PIT size and proper interest timeout can be determined to enhance the performance of ICN. To widen the outcomes achieved in the thesis, several interesting yet challenging research directions are pointed out

The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions

In recent years, the current Internet has experienced an unexpected paradigm shift in the usage model, which has pushed researchers towards the design of the Information-Centric Networking (ICN) paradigm as a possible replacement of the existing architecture. Even though both Academia and Industry have investigated the feasibility and effectiveness of ICN, achieving the complete replacement of the Internet Protocol (IP) is a challenging task. Some research groups have already addressed the coexistence by designing their own architectures, but none of those is the final solution to move towards the future Internet considering the unaltered state of the networking. To design such architecture, the research community needs now a comprehensive overview of the existing solutions that have so far addressed the coexistence. The purpose of this paper is to reach this goal by providing the first comprehensive survey and classification of the coexistence architectures according to their features (i.e., deployment approach, deployment scenarios, addressed coexistence requirements and architecture or technology used) and evaluation parameters (i.e., challenges emerging during the deployment and the runtime behaviour of an architecture). We believe that this paper will finally fill the gap required for moving towards the design of the final coexistence architecture.Comment: 23 pages, 16 figures, 3 table