DoS and DDoS in Named Data Networking

Gasti, Paolo; Tsudik, Gene; Uzun, Ersin; Zhang, Lixia

doi:10.1109/icccn.2013.6614127

Cited by 259 publications

(281 citation statements)

References 23 publications

Supporting

Mentioning

256

Contrasting

Unclassified

Order By: Relevance

“…CCN provides a public key signature-based data packet authentication method as a built-in integrity and authentication mechanism. Although using digital signature certainly fulfills data integrity and authentication for CCN data packets, it causes significant overhead from signature generation and verification on network nodes including publishers and requesters, which limits widespread CCN utilization and may lead to a new kind of DDoS attacks [17].…”

Section: Content-centric Networking (Ccn) and Content Authentication mentioning

confidence: 99%

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

Seo

Youn

2018

Security and Communication Networks

View full text Add to dashboard Cite

Content-Centric Networking (CCN) is a new networking paradigm for the future Internet, which shifts the communication paradigm from host-centric to data-centric. In CCN, contents are routed by their unique names and they are stored in network nodes by units of segment during transmission for future usage. Since contents are stored in network nodes in a distributed manner, security is built into CCN data packets by embedding a public key signature to enable any content requesters to verify authenticity and integrity of contents. However, the use of public key signatures for authenticating CCN data packets incurs significant overhead regarding computation and communication, which limits universal utilization of CCN. Furthermore, this can lead to a new kind of DDoS attacks. Even though CCN adopts an aggregate signature method based on Merkle Hash Tree (MHT) in its reference implementation, it still incurs large amount of overhead. This paper presents TLDA, an efficient Two-Layered Data Authentication mechanism, which can considerably reduce overhead of computation and communication for authenticating data segments in CCN. For efficiency of computation and communication, TLDA newly introduces the concept of authentication Meta part consisting of data segments' hash values. To a great extent TLDA not only reduces the computation and communication overhead compared with CCN's basic authentication method, but also provides robustness against transmission loss and out-of-order transmission.We have implemented TLDA and demonstrated that it provides 74.3% improved throughput and 36.557% reduced communication overhead compared to those of the original CCNx library developed by PARC when transmitting a 128Mbyte content in units of 1Kbyte segment with RSA-2048 and SHA-256 as its signature algorithm and hash algorithm, respectively.

show abstract

Section: Content-centric Networking (Ccn) and Content Authentication mentioning

confidence: 99%

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

Seo

Youn

2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Gasti et al [12] present a first attempt to identify and mitigate DoS and DDoS in ICN. Particularly, the paper describes two types of attacks: interest flooding and content/cache poisoning.…”

Section: Related Workmentioning

confidence: 99%

Up-to-date key retrieval for information centric networking

Mauri

Verticale

2017

Computer Networks

View full text Add to dashboard Cite

Information Centric Networking (ICN) leverages in-network caching to provide efficient data distribution and better performance by replicating contents in multiple nodes to bring content nearer the users. Since contents are stored and replicated into node caches, the content validity must be assured end-toend. Each content object carries a digital signature to provide a proof of its integrity, authenticity, and provenance. However, the use of digital signatures requires a key management infrastructure to manage the key life cycle. To perform a proper signature verification, a node needs to know whether the signing key is valid or it has been revoked. This paper discusses how to retrieve up-todate signing keys in the ICN scenario. In the usual public key infrastructure, the Certificate Revocation Lists (CRL) or the Online Certificate Status Protocol (OCSP) enable applications to obtain the revocation status of a certificate. However, the push-based distribution of Certificate Revocation Lists and the request/response paradigm of Online Certificate Status Protocol should be fit in the mechanism of named-data. We consider three possible approaches to distribute up-to-date keys in a similar way to the current CRL and OCSP. Then, we suggest a fourth protocol leveraging a set of distributed notaries, which naturally fits the ICN scenario. Finally, we evaluate the number and size of exchanged messages of each solution, and then we compare the methods considering the perceived latency by the end nodes and the throughput on the network links.

show abstract

“…This identification can be refined either by signature confirmation over haphazardly chose Data bundles, or by warnings gotten from end customers. Gasti et al [7] give a thorough investigation of DoS dangers to NDN systems and moderation procedures.…”

Section: Congestion-mentioning

confidence: 99%

Analysis of IP Forwarding Process in Named Data Networking

Goyal

2017

IJARCSSE

View full text Add to dashboard Cite

In Named Data Networking (NDN) engineering, parcels convey information names as opposed to source or goal addresses. This change of worldview prompts another information plane: information customers convey Interest bundles; switches forward them and keep up the condition of pending Interests, which is utilized to guide Data parcels back to the purchasers. NDN switches' sending procedure can identify arrange issues by watching the two-route traffic of Interest and Data parcels, and investigate numerous option ways without circles. This is in sharp complexity to today's IP sending process which takes after a solitary way picked by the directing procedure, with no versatility of its own. I. INTRODUCTIONA system's engineering configuration decides the shape and type of its sending component. Today's IP Internet air conditioning accomplishes parcel conveyance in two stages. At the directing plane, switches trade steering refreshes and select the best courses to make up the sending table (FIB). At the information plane, switches forward bundles entirely taking after the FIB. Along these lines, directing is stateful and versatile, while sending is stateless and has no flexibility. This keen directing, imbecilic sending configuration puts the obligation of hearty parcel conveyance exclusively on the steering framework.A recently proposed Internet design, Named Data Networking (NDN) acquires the hourglass state of the IP mastermind engineering, however replaces the host-to-host information conveyance display at the hourglasses thin midsection by an information recovery show [2,5]. NDN bundles convey information names instead of source or destination addresses. Information customers express Interests as fancied information names, without determining where the information might be found. Switches fulfill the Interests by retrieving the information, which are bound to the names with cryptographic marks, from their own stores, middle of the road vaults, or the information makers. While steering in a NDN organize fills an indistinguishable need from in an IP arrange, i.e., figuring steering tables to be utilized as a part of sending Interest parcels, the information plane in a NDN system is part to a two-stage prepare: shoppers initially convey Interest bundles, then Data parcels stream back along a similar way in the re-verse course. Switches keep the condition of pending Interests to guide Data parcels back to purchasers.Evident advantages of NDN's information plane incorporate implicit net-work reserving and multicast bolster. A more subtle yet similarly critical advantage is its versatile sending empowered by the state kept up at switches. By recording pending Interests and watching Data bundles returning, individual NDN switches can quantify parcel conveyance execution (e.g., round-trek time and throughput), distinguish parcel misfortunes, and use numerous option ways to sidestep hazardous territories. With such a clever and versatile information plane, the steering plane in a NDN organize just needs to disper...

show abstract

DoS and DDoS in Named Data Networking

Cited by 259 publications

References 23 publications

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

Up-to-date key retrieval for information centric networking

Analysis of IP Forwarding Process in Named Data Networking

Contact Info

Product

Resources

About