To NACK or not to NACK? Negative Acknowledgments in Information-Centric Networking

Information-Centric Networking (ICN) is an internetworking paradigm that offers an alternative to the current IP\nobreakdash-based Internet architecture. ICN's most distinguishing feature is its emphasis on information (content) instead of communication endpoints. One important open issue in ICN is whether negative acknowledgments (NACKs) at the network layer are useful for notifying downstream nodes about forwarding failures, or requests for incorrect or non-existent information. In benign settings, NACKs are beneficial for ICN architectures, such as CCNx and NDN, since they flush state in routers and notify consumers. In terms of security, NACKs seem useful as they can help mitigating so-called Interest Flooding attacks. However, as we show in this paper, network-layer NACKs also have some unpleasant security implications. We consider several types of NACKs and discuss their security design requirements and implications. We also demonstrate that providing secure NACKs triggers the threat of producer-bound flooding attacks. Although we discuss some potential countermeasures to these attacks, the main conclusion of this paper is that network-layer NACKs are best avoided, at least for security reasons.Comment: 10 pages, 7 figure

Interest-Based Access Control for Content Centric Networks (extended version)

Content-Centric Networking (CCN) is an emerging network architecture designed to overcome limitations of the current IP-based Internet. One of the fundamental tenets of CCN is that data, or content, is a named and addressable entity in the network. Consumers request content by issuing interest messages with the desired content name. These interests are forwarded by routers to producers, and the resulting content object is returned and optionally cached at each router along the path. In-network caching makes it difficult to enforce access control policies on sensitive content outside of the producer since routers only use interest information for forwarding decisions. To that end, we propose an Interest-Based Access Control (IBAC) scheme that enables access control enforcement using only information contained in interest messages, i.e., by making sensitive content names unpredictable to unauthorized parties. Our IBAC scheme supports both hash- and encryption-based name obfuscation. We address the problem of interest replay attacks by formulating a mutual trust framework between producers and consumers that enables routers to perform authorization checks when satisfying interests from their cache. We assess the computational, storage, and bandwidth overhead of each IBAC variant. Our design is flexible and allows producers to arbitrarily specify and enforce any type of access control on content, without having to deal with the problems of content encryption and key distribution. This is the first comprehensive design for CCN access control using only information contained in interest messages.Comment: 11 pages, 2 figure

Security and Privacy Issues in Content-Centric Networking

Content-Centric Networking (CCN) is a networking paradigm alternative to today’s IP-based Internet Architecture. One fundamental goal of CCN is to include security and privacy as part of its design. CCN adheres to a simple request and response protocol. Consumers issue interests for named content objects. Routers forward these interests toward content producers. Once the desired content is located, it is returned to the consumer along the same path, in reverse, of corresponding interests. CCN routers can unilaterally cache content to reduce end-to-end latency and bandwidth consumption for future duplicate interests. In this dissertation, we study several security and privacy issues introduced by opportunistic caching in CCN. Specifically, we investigate the influence of caching on consumer and producer privacy, content poisoning attacks, and accounting. For each issue, we describe its root causes, discuss potential countermeasures, and present some experimental results. We conclude that, despite its networking benefits, router caching triggers some important security and privacy problems

Security and Privacy Issues in Content-Centric Networking

Content-Centric Networking (CCN) is a networking paradigm alternative to today’s IP-based Internet Architecture. One fundamental goal of CCN is to include security and privacy as part of its design. CCN adheres to a simple request and response protocol. Consumers issue interests for named content objects. Routers forward these interests toward content producers. Once the desired content is located, it is returned to the consumer along the same path, in reverse, of corresponding interests. CCN routers can unilaterally cache content to reduce end-to-end latency and bandwidth consumption for future duplicate interests. In this dissertation, we study several security and privacy issues introduced by opportunistic caching in CCN. Specifically, we investigate the influence of caching on consumer and producer privacy, content poisoning attacks, and accounting. For each issue, we describe its root causes, discuss potential countermeasures, and present some experimental results. We conclude that, despite its networking benefits, router caching triggers some important security and privacy problems

Needle in a haystack: Mitigating content poisoning in named-data networking,”

Abstract-Named-Data Networking (NDN) is a candidate next-generation Internet architecture designed to address some limitations of the current IP-based Internet. NDN uses the pull model for content distribution, whereby content is first explicitly requested before being delivered. Efficiency is obtained via routerbased aggregation of closely spaced requests for popular content and content caching in routers. Although it reduces latency and increases bandwidth utilization, router caching makes the network susceptible to new cache-centric attacks, such as content poisoning. In this paper, we propose a ranking algorithm for cached content that allows routers to distinguish good and (likely) bad content. This ranking is based on statistics collected from consumers' actions following delivery of content objects. Experimental results support our assertion that the proposed ranking algorithm can effectively mitigate content poisoning attacks