Literature Review on Security of Named Data Networking

Literature Review on Security of Named Data Networking

Wei Xiaolei

Computer Science College, Inner Mongolia University,

Hohhot, China

ABSTRACT

Nowadays, our network architecture are based on TCP/IP. However, TCP/IP has many disadvantages and limitations. Since Our existing network architecture, TCP/IP, uses address to locate the source host and the destination host, its s Ecurity cannot is guaranteed well. Thus, Zhang Lixia team, who comes from University to California at Los Angeles, is researching and developing a new type O F network architecture, called Named Data Networking (NDN). In NDN, due to the inherent nature of caches and forwarding policy, NDN can assure security to a great degree. But these properties also bring out some new security issues. Our we are about security in Named Data Networking.

KEY WORDS: Security; NDN; DoS; Cache snooping

1. INTRODUCTION

      at the beginning of the design of tcp/ip,designers mainly thought on how to connect Exis Ted Network, as Clark articulated in [1]. Designers intended to design end-to-end communication mode to connect the source host and the destination host, which Clar K elaborated in [2]. But in today's network, the goal of connecting existed network is not the main purpose. Nowadays, people care more on how to retrieve and distribute information via network, but care less about where to get It. TCP/IP is based on location, which is depended on IP address. Thus, if people want to retrieve information,they must firstly locate the information, knowing on where to get it. To achieve the goal, we must spend much cost on network bandwidth, network latency, appliance deployment, and so on. In spite of this, we still cannot achieve a good performance. The appearance of NDN resolves these problems perfectly. Since NDN is based on three structures, which is Pending InfoRmation Table (PIT), Content Store (CS), Forwarding information Base (FIB) [3],rather via IP address, communication on NDN have A new mode. We can retrieve information from the nearby location, if the information have been stored there,rather get it from the sour Ce host, which is the communication mode of End-to-end architecture. Through This method, communication performance have been improved greatly. But the type of storing and forwarding method also brings out some new security issues. Some attackers can utilize these disadvantages to carry out attacks.

2. DENY of SERVICE

Since NDN forwards packages through Interest and Data, records Interest in PIT, and stores Data in CS, consumers don ' t nee D to retrieve information from the provider, if some intermediate node have the same information. However, if any intermediate nodes don ' t has this information,the consumer must get this one from the provider.

Due to the attackers can carry out a type of attack easily, which is called Deny of Service (DoS). An attacker can pretend to be the consumer and send large numbers of different Interest,which has the same prefix, to one Provider. Quickly, the provider is overwhelmed by the flood of Interest. The bandwidth'll is use up. The PIT would be occupied completely. The provider is busy at dealing with these request information and cannot provide services to the normal requests. Thereby, Thedos attack has formed.

3. Countermeasures of DENY of Service[4]

To relieve this type of attack, we can record the number of Interest packages in intermediate nodes. If a intermediate node receives a lot of Interest which has the same prefix but is different packets, this node must no Te if it has been attacked.

To protect itself from being attacked, if this intermediate node have detected this type of thing, it can limit the IT rate of interfaces which the probable attacker send packages from. If This isn't enough, the intermediate node can even shut down the interface. Slowly, the provider would go back to the normal status, and the attack aiming on this provider would be under control.

4. CACHE snooping

When the Interest which the consumer sends arrives at the provider, the provider would send Data back to the consumer. When the data arrives is at the intermediate nodes, the nodes along the route would store the data in Content store. Thus, CS'll be filled with many important information, especially some privacy information. However, these information doesn ' t has any protective measures. Any consumer who requests for these information can retrieve it. An attacker can pretend to is a normal consumer to send Interest on order to request for these privacy information. When the Interest arrives at some node which have stored this information, the privacy information would be transmitted back to the attacker. This type of attack, which is called cache snooping, causes privacy leaks.

5. Countermeasures of CACHE snooping

To avoid suffering from the cache snooping, we can use encryption method. By using encryption key, the provider encrypts the privacy information. The encrypted information'll be stored along the route. The the consumer who has the decryption key can decrypt the information. By this to, we can assure that the important privacy is not being let out.

6. Conclusion

      the existing network architecture, TCP/IP, is designed to meet the demand of twentieth C Entury. It has many inherent disadvantages and limitations, which cannot adapt to the current requirements. The appearance of NDN resolves these problems perfectly. NDN uses new cache and forwarding policy to retrieve and distribute information. This can avoid some security issues existed in TCP/IP, which is based on location, but also brings out a lot of new Securi Ty Issues-dos and cache snooping are and examples. To protect the network from being attacked by DoS, the intermediate nodes can detect this situation and limit the rate of Their interfaces connecting to the probable attacker. To avoid cache snooping, the provider can encrypt the privacy information,so that's the target consumer who has the DEC Ryption Key can decrypt the information. By this to, security issues can be assured properly, which makes the large-scale deployment of NDN become possible.

7. REFERENCES

[1] Davidd. Clark, the design philosophy of the DARPA Internet protocols, ACM SIGCOMM computer communication Review, 1988.

[2] saltzer,j. H., Reed, D. P.,clark, D. D., end-to-end arguments in system design, ACM transactions on computer Systems, 1984.

[3] Van Jacobson, Diana K. Smetters, James D. Thornton, Michael f. plass,networking Named Content, in Proc. of Conext, 2009.

[4] Tobias Lauinger, Security & Scalability of Content-centric Networking, [Master dissertation], TU Darmstadt, schwetzing EN, Germany, September 2010.

The following is the version of PPT.

Literature Review on Security of Named Data Networking