Towards Loop-Free Forwarding of Anonymous Internet Datagrams that Enforce Provenance

The way in which addressing and forwarding are implemented in the Internet constitutes one of its biggest privacy and security challenges. The fact that source addresses in Internet datagrams cannot be trusted makes the IP Internet inherently vulnerable to DoS and DDoS attacks. The Internet forwarding plane is open to attacks to the privacy of datagram sources, because source addresses in Internet datagrams have global scope. The fact an Internet datagrams are forwarded based solely on the destination addresses stated in datagram headers and the next hops stored in the forwarding information bases (FIB) of relaying routers allows Internet datagrams to traverse loops, which wastes resources and leaves the Internet open to further attacks. We introduce PEAR (Provenance Enforcement through Addressing and Routing), a new approach for addressing and forwarding of Internet datagrams that enables anonymous forwarding of Internet datagrams, eliminates many of the existing DDoS attacks on the IP Internet, and prevents Internet datagrams from looping, even in the presence of routing-table loops.Comment: Proceedings of IEEE Globecom 2016, 4-8 December 2016, Washington, D.C., US

A Light-Weight Forwarding Plane for Content-Centric Networks

We present CCN-DART, a more efficient forwarding approach for content-centric networking (CCN) than named data networking (NDN) that substitutes Pending Interest Tables (PIT) with Data Answer Routing Tables (DART) and uses a novel approach to eliminate forwarding loops. The forwarding state required at each router using CCN-DART consists of segments of the routes between consumers and content providers that traverse a content router, rather than the Interests that the router forwards towards content providers. Accordingly, the size of a DART is proportional to the number of routes used by Interests traversing a router, rather than the number of Interests traversing a router. We show that CCN-DART avoids forwarding loops by comparing distances to name prefixes reported by neighbors, even when routing loops exist. Results of simulation experiments comparing CCN-DART with NDN using the ndnSIM simulation tool show that CCN-DART incurs 10 to 20 times less storage overhead

Enabling Correct Interest Forwarding and Retransmissions in a Content Centric Network

We show that the mechanisms used in the name data networking (NDN) and the original content centric networking (CCN) architectures may not detect Interest loops, even if the network in which they operate is static and no faults occur. Furthermore, we show that no correct Interest forwarding strategy can be defined that allows Interest aggregation and attempts to detect Interest looping by identifying Interests uniquely. We introduce SIFAH (Strategy for Interest Forwarding and Aggregation with Hop-Counts), the first Interest forwarding strategy shown to be correct under any operational conditions of a content centric network. SIFAH operates by having forwarding information bases (FIBs) store the next hops and number of hops to named content, and by having each Interest state the name of the requested content and the hop count from the router forwarding an Interest to the content. We present the results of simulation experiments using the ndnSIM simulator comparing CCN and NDN with SIFAH. The results of these experiments illustrate the negative impact of undetected Interest looping when Interests are aggregated in CCN and NDN, and the performance advantages of using SIFAH

Method and System for Name Resolution Across Heterogeneous Architectures

One embodiment of the present invention provides a system for resolving a name request in a network comprising a plurality of groups that use different name-resolution schemes. During operation, the system receives, at a first group, the name request; identifies a parent group of the first group, which is a member of the parent group; and in response to failing to resolve the name request within the first group, forwards the name request to the identified parent group

Reversing The Meaning of Node Connectivity for Content Placement in Networks of Caches

It is a widely accepted heuristic in content caching to place the most popular content at the nodes that are the best connected. The other common heuristic is somewhat contradictory, as it places the most popular content at the edge, at the caching nodes nearest the users. We contend that neither policy is best suited for caching content in a network and propose a simple alternative that places the most popular content at the least connected node. Namely, we populate content first at the nodes that have the lowest graph centrality over the network topology. Here, we provide an analytical study of this policy over some simple topologies that are tractable, namely regular grids and trees. Our mathematical results demonstrate that placing popular content at the least connected nodes outperforms the aforementioned alternatives in typical conditions