Security Attacks in Named Data Networking: A Review and Research Directions

Kumar, Naveen; Singh, Ashutosh Kumar; Aleem, Abdul; Srivastava, Shashank

doi:10.1007/s11390-019-1978-9

Cited by 33 publications

(26 citation statements)

References 69 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Caching in NDN is managed by different policies such as: Least Recently Used (LRU), Least Frequently Used (LFU), First In First Out (FIFO), Random. However, since no pre-existing mechanism is defined to detect the access of different malicious nodes into the Content Store (CS) [15], this "secured-by design" architecture is vulnerable to attacks that mainly aim to abuse the Content Caching process, disturb the availability of the data, maximize the data retrieval delay and manipulate the privacy of data. These attacks include Cache Privacy Attacks, Content Poisoning Attacks, Interest Flooding Attacks and Cache Pollution Attacks.…”

Section: Security Vulnerabilities In Named Data Networkmentioning

confidence: 99%

“…Although the routers can not check the validity of these malicious data due to their limited resources and time, as a result, only the corrupted content will stay in the cache of the CS, which causes a high delay in retrieving certain content and legitimate content will not be served from the cache. Content Poisoning Attack affects consumer applications and routers [15].…”

Section: B Content Poisoning Attackmentioning

confidence: 99%

See 1 more Smart Citation

Cache Pollution Attacks in the NDN Architecture: Impact and Analysis

Hidouri

Hadded

Hajlaoui

et al. 2021

2021 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)

View full text Add to dashboard Cite

HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

show abstract

Section: Security Vulnerabilities In Named Data Networkmentioning

confidence: 99%

Section: B Content Poisoning Attackmentioning

confidence: 99%

Cache Pollution Attacks in the NDN Architecture: Impact and Analysis

Hidouri

Hadded

Hajlaoui

et al. 2021

2021 International Conference on Software, Telecommunications and Computer Networks (SoftCOM)

View full text Add to dashboard Cite

show abstract

“… Kumar et al (2019) and Hassanein & Zulkernine (2015) explained some of the most common attacks within the existing TCP/IP model such as Denial of Service (DoS) attack, Distributed Denial of Service (DDoS) attack, eavesdropping (snooping), masquerading, TCP Replay Attack, Man in the Middle Attack, repudiation, and traffic analysis attack. These legacy attacks are not possible in NDN because of the absence of the host, but with the advent of this new architecture, some new attack surfaces have emerged which need to be addressed and it is an active research area.…”

Section: Related Workmentioning

confidence: 99%

“…A consumer can acquire a public key by following this field of KeyLocator and can retrieve it just like a normal data packet. Kumar et al (2019) explained some of the most common attacks within the existing TCP/IP model such as Denial of Service (DoS) attack, Distributed Denial of Service (DDoS) attack, eavesdropping (snooping), masquerading, TCP Replay Attack, Man in the Middle Attack, repudiation, and traffic analysis attack. In a modification attack, the attacker does not only compromise the confidentiality of the data by accessing it but also compromises the integrity of the data by trying to alter it.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Detection of malicious consumer interest packet with dynamic threshold values

Qureshi

Anjum

Rais

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

As a promising next-generation network architecture, named data networking (NDN) supports name-based routing and in-network caching to retrieve content in an efficient, fast, and reliable manner. Most of the studies on NDN have proposed innovative and efficient caching mechanisms and retrieval of content via efficient routing. However, very few studies have targeted addressing the vulnerabilities in NDN architecture, which a malicious node can exploit to perform a content poisoning attack (CPA). This potentially results in polluting the in-network caches, the routing of content, and consequently isolates the legitimate content in the network. In the past, several efforts have been made to propose the mitigation strategies for the content poisoning attack, but to the best of our knowledge, no specific work has been done to address an emerging attack-surface in NDN, which we call an interest flooding attack. Handling this attack-surface can potentially make content poisoning attack mitigation schemes more effective, secure, and robust. Hence, in this article, we propose the addition of a security mechanism in the CPA mitigation scheme that is, Name-Key Based Forwarding and Multipath Forwarding Based Inband Probe, in which we block the malicious face of compromised consumers by monitoring the Cache-Miss Ratio values and the Queue Capacity at the Edge Routers. The malicious face is blocked when the cache-miss ratio hits the threshold value, which is adjusted dynamically through monitoring the cache-miss ratio and queue capacity values. The experimental results show that we are successful in mitigating the vulnerability of the CPA mitigation scheme by detecting and blocking the flooding interface, at the cost of very little verification overhead at the NDN Routers.

show abstract