831 research outputs found
Backscatter from the Data Plane --- Threats to Stability and Security in Information-Centric Networking
Information-centric networking proposals attract much attention in the
ongoing search for a future communication paradigm of the Internet. Replacing
the host-to-host connectivity by a data-oriented publish/subscribe service
eases content distribution and authentication by concept, while eliminating
threats from unwanted traffic at an end host as are common in today's Internet.
However, current approaches to content routing heavily rely on data-driven
protocol events and thereby introduce a strong coupling of the control to the
data plane in the underlying routing infrastructure. In this paper, threats to
the stability and security of the content distribution system are analyzed in
theory and practical experiments. We derive relations between state resources
and the performance of routers and demonstrate how this coupling can be misused
in practice. We discuss new attack vectors present in its current state of
development, as well as possibilities and limitations to mitigate them.Comment: 15 page
A Light-Weight Forwarding Plane for Content-Centric Networks
We present CCN-DART, a more efficient forwarding approach for content-centric
networking (CCN) than named data networking (NDN) that substitutes Pending
Interest Tables (PIT) with Data Answer Routing Tables (DART) and uses a novel
approach to eliminate forwarding loops. The forwarding state required at each
router using CCN-DART consists of segments of the routes between consumers and
content providers that traverse a content router, rather than the Interests
that the router forwards towards content providers. Accordingly, the size of a
DART is proportional to the number of routes used by Interests traversing a
router, rather than the number of Interests traversing a router. We show that
CCN-DART avoids forwarding loops by comparing distances to name prefixes
reported by neighbors, even when routing loops exist. Results of simulation
experiments comparing CCN-DART with NDN using the ndnSIM simulation tool show
that CCN-DART incurs 10 to 20 times less storage overhead
Mobility Study for Named Data Networking in Wireless Access Networks
Information centric networking (ICN) proposes to redesign the Internet by
replacing its host-centric design with information-centric design.
Communication among entities is established at the naming level, with the
receiver side (referred to as the Consumer) acting as the driving force behind
content delivery, by interacting with the network through Interest message
transmissions. One of the proposed advantages for ICN is its support for
mobility, by de-coupling applications from transport semantics. However, so
far, little research has been conducted to understand the interaction between
ICN and mobility of consuming and producing applications, in protocols purely
based on information-centric principles, particularly in the case of NDN. In
this paper, we present our findings on the mobility-based performance of Named
Data Networking (NDN) in wireless access networks. Through simulations, we show
that the current NDN architecture is not efficient in handling mobility and
architectural enhancements needs to be done to fully support mobility of
Consumers and Producers.Comment: to appear in IEEE ICC 201
Content-Centric Networking at Internet Scale through The Integration of Name Resolution and Routing
We introduce CCN-RAMP (Routing to Anchors Matching Prefixes), a new approach
to content-centric networking. CCN-RAMP offers all the advantages of the Named
Data Networking (NDN) and Content-Centric Networking (CCNx) but eliminates the
need to either use Pending Interest Tables (PIT) or lookup large Forwarding
Information Bases (FIB) listing name prefixes in order to forward Interests.
CCN-RAMP uses small forwarding tables listing anonymous sources of Interests
and the locations of name prefixes. Such tables are immune to Interest-flooding
attacks and are smaller than the FIBs used to list IP address ranges in the
Internet. We show that no forwarding loops can occur with CCN-RAMP, and that
Interests flow over the same routes that NDN and CCNx would maintain using
large FIBs. The results of simulation experiments comparing NDN with CCN-RAMP
based on ndnSIM show that CCN-RAMP requires forwarding state that is orders of
magnitude smaller than what NDN requires, and attains even better performance
Interest-Based Access Control for Content Centric Networks (extended version)
Content-Centric Networking (CCN) is an emerging network architecture designed
to overcome limitations of the current IP-based Internet. One of the
fundamental tenets of CCN is that data, or content, is a named and addressable
entity in the network. Consumers request content by issuing interest messages
with the desired content name. These interests are forwarded by routers to
producers, and the resulting content object is returned and optionally cached
at each router along the path. In-network caching makes it difficult to enforce
access control policies on sensitive content outside of the producer since
routers only use interest information for forwarding decisions. To that end, we
propose an Interest-Based Access Control (IBAC) scheme that enables access
control enforcement using only information contained in interest messages,
i.e., by making sensitive content names unpredictable to unauthorized parties.
Our IBAC scheme supports both hash- and encryption-based name obfuscation. We
address the problem of interest replay attacks by formulating a mutual trust
framework between producers and consumers that enables routers to perform
authorization checks when satisfying interests from their cache. We assess the
computational, storage, and bandwidth overhead of each IBAC variant. Our design
is flexible and allows producers to arbitrarily specify and enforce any type of
access control on content, without having to deal with the problems of content
encryption and key distribution. This is the first comprehensive design for CCN
access control using only information contained in interest messages.Comment: 11 pages, 2 figure
Scalable bloom-filter based content dissemination in community networks using information centric principles
Information-Centric Networking (ICN) is a new communication paradigm that shifts the focus from content location to content objects themselves. Users request the content by its name or some other form of identifier. Then, the network is responsible for locating the requested content and sending it to the users. Despite a large number of works on ICN in recent years, the problem of scalability of ICN systems has not been studied and addressed adequately. This is especially true when considering real-world deployments and the so-called alternative networks such as community networks. In this work, we explore the applicability of ICN principles in the challenging and unpredictable environments of community networks. In particular, we focus on stateless content dissemination based on Bloom filters (BFs). We highlight the scalability limitations of the classical single-stage BF based approach and argue that by enabling multiple BF stages would lead to performance enhancements. That is, a multi-stage BF based content dissemination mechanism could support large network topologies with heterogeneous traffic and diverse channel conditions. In addition to scalability improvements, this approach also is more secure with regard to Denial of Service attacks
Queuing Modelling and Performance Analysis of Content Transfer in Information Centric Networks
With the rapid development of multimedia services and wireless technology, new generation of network traffic like short-form video and live streaming have put tremendous pressure on the current network infrastructure. To meet the high bandwidth and low latency needs of this new generation of traffic, the focus of Internet architecture has moved from host-centric end-to-end communication to requester-driven content retrieval. This shift has motivated the development of Information-Centric Networking (ICN), a promising new paradigm for the future Internet. ICN aims to improve information retrieval on the Internet by identifying and routing data using unified names. In-network caching and the use of a pending interest table (PIT) are two key features of ICN that are designed to efficiently handle bulk data dissemination and retrieval, as well as reduce bandwidth consumption.
Performance analysis has been and continues to be key research interests of ICN. This thesis starts with the evaluation of content delivery delays in ICN. The main component of delay is composed of propagation delay, transmission delay,processing delay and queueing delay. To characterize the main components of content delivery delay, queueing network theory has been exploited to coordinate with cache miss rate in modelling the content delivery time in ICN. Moreover, different topologies and network conditions have been taken into account to evaluate the performance of content transfer in ICN.
ICN is intrinsically compatible with wireless networks. To evaluate the performance of content transfer in wireless networks, an analytical model to evaluate the mean service time based on consumer and provider mobility has been proposed. The accuracy of the analytical model is validated through extensive simulation experiments. Finally, the analytical model is used to evaluate the impact of key metrics, such as the cache size, content size and content popularity on the performance of PIT and content transfer in ICN.
Pending interest table (PIT) is one of the essential components of the ICN forwarding plane, which is responsible for stateful routing in ICN. It also aggregates the same interests to alleviate request flooding and network congestion. The aggregation feature of PIT improves performance of content delivery in ICN. Thus, having an analytical model to characterize the impact of PIT on content delivery time could allow for a more precise evaluation of content transfer performance. In parallel, if the size of the PIT is not properly determined, the interest drop rate may be too high, resulting in a reduction in quality of service for consumers as their requests have to be retransmitted. Furthermore, PIT is a costly resource as it requires to operate at wirespeed in the forwarding plane. Therefore, in order to ensure that interests drop rate less than the requirement, an analytical model of PIT occupancy has been developed to determine the minimum PIT size.
In this thesis, the proposed analytical models are used to efficiently and accurately evaluate the performance of ICN content transfer and investigate the key component of ICN forwarding plane. Leveraging the insights discovered by these analytical models, the minimal PIT size and proper interest timeout can be determined to enhance the performance of ICN. To widen the outcomes achieved in the thesis, several interesting yet challenging research directions are pointed out
Cost-aware caching: optimizing cache provisioning and object placement in ICN
Caching is frequently used by Internet Service Providers as a viable
technique to reduce the latency perceived by end users, while jointly
offloading network traffic. While the cache hit-ratio is generally considered
in the literature as the dominant performance metric for such type of systems,
in this paper we argue that a critical missing piece has so far been neglected.
Adopting a radically different perspective, in this paper we explicitly account
for the cost of content retrieval, i.e. the cost associated to the external
bandwidth needed by an ISP to retrieve the contents requested by its customers.
Interestingly, we discover that classical cache provisioning techniques that
maximize cache efficiency (i.e., the hit-ratio), lead to suboptimal solutions
with higher overall cost. To show this mismatch, we propose two optimization
models that either minimize the overall costs or maximize the hit-ratio,
jointly providing cache sizing, object placement and path selection. We
formulate a polynomial-time greedy algorithm to solve the two problems and
analytically prove its optimality. We provide numerical results and show that
significant cost savings are attainable via a cost-aware design
Covert Ephemeral Communication in Named Data Networking
In the last decade, there has been a growing realization that the current
Internet Protocol is reaching the limits of its senescence. This has prompted
several research efforts that aim to design potential next-generation Internet
architectures. Named Data Networking (NDN), an instantiation of the
content-centric approach to networking, is one such effort. In contrast with
IP, NDN routers maintain a significant amount of user-driven state. In this
paper we investigate how to use this state for covert ephemeral communication
(CEC). CEC allows two or more parties to covertly exchange ephemeral messages,
i.e., messages that become unavailable after a certain amount of time. Our
techniques rely only on network-layer, rather than application-layer, services.
This makes our protocols robust, and communication difficult to uncover. We
show that users can build high-bandwidth CECs exploiting features unique to
NDN: in-network caches, routers' forwarding state and name matching rules. We
assess feasibility and performance of proposed cover channels using a local
setup and the official NDN testbed
- …