Abstract
Contents such as audios, videos, and images, contribute most of the Internet traffic in the current paradigm. Secure content sharing is a tedious issue. The existing security solutions do not secure data but secure the communicating endpoints. Named data networking (NDN) secures the data by enforcing the data publisher to sign the data. Any user can verify the data by using the public key of the publisher. NDN is resilient to most of the probable security attacks in the TCP/IP model due to its new architecture. However, new types of attacks are possible in NDN. This article surveys the most significant security attacks in NDN such as interest flooding attacks, cache privacy attacks, cache pollution attacks, and content poisoning attacks. Each attack is classified according to their behavior and discussed for their detection techniques, countermeasures, and the affected parameters. The article is an attempt to help new researchers in this area to gather the domain knowledge of NDN. The article also provides open research issues that could be addressed by researchers.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Wein J M, Kloninger J J, Nottingham M C et al. Content delivery network (CDN) content server request handling mechanism with metadata framework support. US Patent, 2017. http://www.freepatentsonline.com/20180109489.pdf, June 2019.
Barkai D. Peer-to-Peer Computing: Technologies for Sharing and Collaborating on the Net (1st edition). Intel Press, 2002.
Özsu M T, Valduriez P. Principles of Distributed Database Systems (3rd edition). Springer Science & Business Media, 2011.
Ahlgren B, Dannewitz C, Imbrenda C, Kutscher D, Ohlman B. A survey of information-centric networking. IEEE Communications Magazine, 2012, 50(7): 26-36.
Koponen T, Chawla M, Chun B G et al. A data-oriented (and beyond) network architecture. In Proc. the ACM SIG- COMM 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, August 2007, pp.181-192.
García-de-Blas G, Beben A, Ramón F J, Maeso A, Psaras I, Pavlou G et al. COMET: Content mediator architecture for content-aware networks. In Proc. the 2011 Future Network & Mobile Summit, June 2011, Article No. 25.
Marc M, Solis I, Wood C A. Content-centric networking-architectural overview and protocol description. https://arxiv.org/abs/1706.07165, Oct. 2019.
Zhang L, Afanasyev A, Burke J et al. Named data networking. ACM SIGCOMM Computer Communication Review, 2014, 44(3): 66-73.
Zhang L, Estrin D, Burke J et al. Named Data Networking (NDN) project. Technical Report, Xerox Palo Alto Research Center-PARC, 2010. https://www.cs.arizona.edu/∼bzhang/paper/ndn-tr.pdf, June 2019.
Hoque A, Amin S O, Alyyan A, Zhang B, Zhang L, Wang L. NLSR: Named-data link state routing protocol. In Proc. the 3rd ACM SIGCOMM Workshop on Information-Centric Networking, August 2013, pp.15-20.
Afanasyev A, Zhu Z, Yu Y, Wang L, Zhang L. The story of ChronoShare, or how NDN brought distributed secure file sharing back. In Proc. the 12th IEEE International Conference on Mobile Ad Hoc and Sensor Systems, Oct. 2015, pp.525-530.
Zhu Z, Bian C, Afanasyev A, Jacobson V, Zhang L. Chronos: Serverless multi-user chat over NDN. Technical Report NDN-0008, Named Data Networking Project Team, 2012. http://www.named-data.net/techreport/TR008-chr-onos.pdf, June 2019.
Zhang H. NDNFit: An open mHealth application built on Named Data Networking [Ph.D. Thesis]. University of California, 2018.
Gusev P, Burke J. NDN-RTC: Real-time videoconferencing over named data networking. In Proc. the 2nd ACM Conference on Information-Centric Networking, September 2015, pp.117-126.
Afanasyev A, Shi J, Zhang B et al. NFD developer’s guide. Technical Report, 2014. https://users.cs.fiu.edu/∼afanasyev/assets/papers/tr-afanasyev2018nfd-dev-guide.pdf, June 2019.
Zhang Z, Yu Y, Zhang H et al. An overview of security support in Named Data Networking. IEEE Communications Magazine, 2018, 56(11): 62-68.
Gasti P, Tsudik G, Uzun E, Zhang L. DoS and DDoS in Named Data Networking. In Proc. the 22nd International Conference on Computer Communication and Networks, July 2013, Article No. 67.
Afanasyev A, Mahadevan P, Moiseenko I, Uzun E, Zhang L. Interest flooding attack and countermeasures in Named Data Networking. In Proc. the 2013 IFIP Networking Conference, May 2013, Article No. 7.
Arianfar S, Koponen T, Raghavan B, Shenker S. On preserving privacy in content-oriented networks. In Proc. the 2011 ACM SIGCOMM Workshop on Information-Centric Networking, August 2011, pp.19-24.
Lauinger T, Laoutaris N, Rodriguez P, Strufe T, Biersack E, Kirda E. Privacy risks in Named Data Networking: What is the cost of performance? ACM SIGCOMM Computer Communication Review, 2012, 42(5): 54-57.
Park H, Widjaja I, Lee H. Detection of cache pollution attacks using randomness checks. In Proc. the 2012 IEEE International Conference on Communications, June 2012, pp.1096-1100.
Xie M, Widjaja I, Wang H. Enhancing cache robustness for content-centric networking. In Proc. the 2012 IEEE INFOCOM, March 2012, pp.2426-2434.
Ghali C, Tsudik G, Uzun E. Needle in a haystack: Mitigating content poisoning in Named-Data Networking. In Proc. the 2014 NDSS Workshop on Security of Emerging Networking Technologies, February 2014, Article No. 5.
Ghali C, Tsudik G, Uzun E. Network-layer trust in named- data networking. ACM SIGCOMM Computer Communication Review, 2014, 44(5): 12-19.
Saxena D, Raychoudhury V, Suri N, Becker C, Cao J. Named Data Networking: A survey. Computer Science Review, 2016, 19: 15-55.
Chen S, Mizero F. A survey on security in Named Data Networking. arXiv:1512.04127, 2015. https://arxiv.org/abs/1512.04127, June 2019.
Dai H, Wang Y, Fan J, Liu B. Mitigate DDoS attacks in NDN by interest traceback. In Proc. the 2013 IEEE Conference on Computer Communications Workshops, April 2013, pp.381-386.
Signorello S, Marchal S, Fran¸cois J et al. Advanced interest flooding attacks in Named-Data Networking. In Proc. the 16th IEEE International Symposium on Network Computing and Applications, October 2017, pp.1-10.
Salah H, Strufe T. Evaluating and mitigating a collusive version of the interest flooding attack in NDN. In Proc. the 2016 IEEE Symposium on Computers and Communication, June 2016, pp.938-945.
Yi C, Afanasyev A, Moiseenko I, Wang L, Zhang B, Zhang L. A case for stateful forwarding plane. Computer Communications, 2013, 36(7): 779-791.
Compagno A, Conti M, Gasti P, Tsudik G. Poseidon: Mitigating interest flooding DDoS attacks in Named Data Networking. In Proc. the 38th Annual IEEE Conference on Local Computer Networks, October 2013, pp.630-638.
Tang J, Zhang Z, Liu Y, Zhang H. Identifying interest flooding in Named Data Networking. In Proc. the 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, August 2013, pp.306-310.
Wang K, Zhou H, Qin Y, Chen J, Zhang H. Decoupling malicious interests from pending interest table to mitigate interest flooding attacks. In Proc. the 2013 Global Communications Conference, December 2013, pp.963-968.
Vassilakis V G, Alohali B A, Moscholios I, Logothetis M D. Mitigating distributed denial-of-service attacks in Named Data Networking. In Proc. the 11th Advanced International Conference on Telecommunications, June 2015, pp.18-23.
Wang K, Zhou H, Qin Y, Zhang H. Cooperative-filter: Countering Interest flooding attacks in Named Data Networking. Soft Computing, 2014, 18(9): 1803-1813.
Nguyen T N, Cogranne R, Doyen G, Retraint F. Detection of interest flooding attacks in Named Data Networking using hypothesis testing. In Proc. the 2015 IEEE International Workshop on Information Forensics and Security, November 2015. Article No. 18.
Xin Y, Li Y, Wang W, Li W, Chen X. A novel interest flooding attacks detection and countermeasure scheme in NDN. In Proc. the 2016 IEEE Global Communications Conference, December 2016, Article No. 43.
Zhi T, Luo H, Liu Y. A Gini impurity-based interest flooding attack defence mechanism in NDN. IEEE Communications Letters, 2018, 22(3): 538-541.
Ding K, Liu Y, Cho H H, Chao H C, Shih T K. Cooperative detection and protection for interest flooding attacks in Named Data Networking. International Journal of Com- munication Systems, 2016, 29(13): 1968-1980.
Xin Y, Li Y, Wang W, Li W, Chen X. Detection of collusive interest flooding attacks in Named Data Networking using wavelet analysis. In Proc. the 2017 IEEE Military Communications Conference, October 2017, pp.557-562.
Karami A, Guerrero-Zapata M. A hybrid multiobjective RBF-PSO method for mitigating DoS attacks in Named Data Networking. Neurocomputing, 2015, 151: 1262-1282.
Kumar N, Singh A K, Srivastava S. Evaluating machine learning algorithms for detection of interest flooding attack in Named Data Networking. In Proc. the 10th International Conference on Security of Information and Networks, October 2017, pp.299-302.
Kumar N, Singh A K, Srivastava S. Feature selection for interest flooding attack in Named Data Networking. International Journal of Computers and Applications. doi:https://doi.org/10.1080/1206212X.2019.1583820.
Li Z, Bi J. Interest cash: An application-based countermeasure against interest flooding for dynamic content in Named Data Networking. In Proc. the 9th International Conference on Future Internet Technologies, June 2014, Article No. 2.
Alston A, Refaei T. Neutralizing interest flooding attacks in Named Data Networks using cryptographic route tokens. In Proc. the 15th IEEE International Symposium on Network Computing and Applications, October 2016, pp.85-88.
Salah H, Wulfheide J, Strufe T. Coordination supports security: A new defence mechanism against interest flooding in NDN. In Proc. the 40th IEEE Conference on Local Computer Networks, October 2015, pp.73-81.
Salah H, Wulfheide J, Strufe T. Lightweight coordinated defence against interest flooding attacks in NDN. In Proc. the 2015 IEEE Conference on Computer Communications Workshops, April 2015, pp.103-104.
Mallat S. A Wavelet Tour of Signal Processing (2nd edition). Academic Press, 1999.
Wang L, Pan Y, Dong M, Yu Y, Wang K. Economic levers for mitigating interest flooding attack in Named Data Networking. Mathematical Problems in Engineering, 2017, 2017: Article No. 4541975.
Rokach L, Maimon O. Top-down induction of decision trees classifiers — A survey. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 2005, 35(4): 476-487.
Zhao L, Cheng G, Hu X et al. An insightful experimental study of a sophisticated interest flooding attack in NDN. In Proc. the 1st IEEE International Conference on Hot Information-Centric Networking, August 2018, pp.121-127.
Afanasyev A, Moiseenko I, Zhang L. ndnSIM: NDN simulator for NS-3. Technical Report, University of California, 2012. https://named-data.net/wp-content/uploads/TRnd-nsim.pdf, June 2019.
Lauinger T. Security & scalability of content-centric networking [Master Thesis]. Technische Universität Darmstadt, Darmstadt, 2010.
Lauinger T, Laoutaris N, Rodriguez P, Strufe T, Biersack E, Kirda E. Privacy implications of ubiquitous caching in Named Data Networking architectures. Technical Report, Northeastern University, 2012. http://mail.seclab.tuwien.ac.at/papers/ccn-cache-attacks-iseclab-0812-001.pdf, June 2019.
Ács G, Conti M, Gasti P, Ghali C, Tsudik G. Cache privacy in Named-Data Networking. In Proc. the 33rd IEEE International Conference on Distributed Computing Systems, July 2013, pp.41-51.
Chaabane A, de Cristofaro E, Kˆaafar M A, Uzun E. Privacy in content-oriented networking: Threats and countermeasures. ACM SIGCOMM Computer Communication Review, 2013, 43(3): 25-33.
Gao M, Zhu X, Su Y. Protecting router cache privacy in Named Data Networking. In Proc. the 2015 IEEE/CIC International Conference on Communications in China, November 2015, Article No. 23.
Mohaisen A, Mekky H, Zhang X, Xie H, Kim Y. Timing attacks on access privacy in information centric networks and countermeasures. IEEE Transactions on Dependable and Secure Computing, 2015, 12(6): 675-687.
Compagno A, Conti M, Gasti P, Mancini L V, Tsudik G. Violating consumer anonymity: Geo-locating nodes in Named Data Networking. In Proc. the 13th International Conference on Applied Cryptography and Network Security, June 2015, pp.243-262.
Dogruluk E, Costa A, Macedo J. Evaluating privacy attacks in Named Data Network. In Proc. the 2016 IEEE Symposium on Computers and Communication, June 2016, pp.1251-1256.
Lutz R. Security and privacy in future Internet architectures-benefits and challenges of content centric networks. arXiv:160101278, 2016. https://arxiv.org/abs-/1601.01278, June 2019.
Abani N, Gerla M. Centrality-based caching for privacy in information-centric networks. In Proc. the 2016 IEEE Military Communications Conference, November 2016, pp.1249-1254.
Ács G, Conti M, Gasti P, Ghali C, Tsudik G, Wood C. Privacy-aware caching in information-centric networking. IEEE Transactions on Dependable and Secure Computing, 2017, 16(2): 313-328.
Kamath A A, Jamadagni C, Anilkumar A, Mathew K, Tahiliani M P. GCPiN: Group caching for privacy in Named Data Networking. In Proc. the 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems, December 2017, Article No. 68.
Mohaisen A, Zhang X, Schuchard M, Xie H, Kim Y. Protecting access privacy of cached contents in information centric networks. In Proc. the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, May 2013, pp.173-178.
Ntuli N, Han S. Detecting router cache snooping in Named Data Networking. In Proc. the 2012 International Conference on Information and Communication Technology Convergence, October 2012, pp.714-718.
Kumar N, Singh A K, Srivastava S. A triggered delay-based approach against cache privacy attack in NDN. International Journal of Networked and Distributed Computing, 2018, 6(3): 174-184.
DiBenedetto S, Gasti P, Tsudik G, Uzun E. ANDaNA: Anonymous Named Data Networking application. arXiv:11-122205, 2011. https://arxiv.org/abs/1112.2205, June 2019.
Deng L, Gao Y, Chen Y, Kuzmanovic A. Pollution attacks and defenses for internet caching systems. Computer Networks, 2008, 52(5): 935-956.
Breslau L, Cao P, Fan L, Phillips G, Shenker S. Web caching and Zipf-like distributions: Evidence and implications. In Proc. the 18th Annual Joint Conference of the IEEE Computer and Communications Societies, March 1999, pp.126-134.
Zipf G K. Human Behavior and the Principle of Least Effort: An Introduction to Human Ecology (Kindle Edition). Ravenio Books, 2016.
Conti M, Gasti P, Teoli M. A lightweight mechanism for detection of cache pollution attacks in Named Data Networking. Computer Networks, 2013, 57(16): 3178-3191.
Xu Z, Chen B, Wang N, Zhang Y, Li Z. ELDA: Towards efficient and lightweight detection of cache pollution attacks in NDN. In Proc. the 40th IEEE Conference on Local Computer Networks, October 2015, pp.82-90.
Kamimoto T, Mori K, Umeda S, Ohata Y, Shigeno H. Cache protection method based on prefix hierarchy for contentoriented network. In Proc. the 13th IEEE Annual Consumer Communications Networking Conference, January 2016, pp.417-422.
Guo H, Wang X, Chang K, Tian Y. Exploiting path diversity for thwarting pollution attacks in Named Data Networking. IEEE Transactions on Information Forensics and Security, 2016, 11(9): 2077-2090.
Salah H, Alfatafta M, SayedAhmed S, Strufe T. CoMon++: Preventing cache pollution in NDN efficiently and effectively. In Proc. the 42nd IEEE Conference on Local Computer Networks, October 2017, pp.43-51.
Zhang G, Liu J, Chang X, Chen Z. Combining popularity and locality to enhance in-network caching performance and mitigate pollution attacks in content-centric networking. IEEE Access, 2017, 27(5): 19012-19022.
Karami A, Guerrero-Zapata M. An ANFIS-based cache replacement method for mitigating cache pollution attacks in Named Data Networking. Computer Networks, 2015, 80: 51-65.
Gilks W R, Richardson S, Spiegelhalter D. Markov Chain Monte Carlo in Practice (1st edition). Chapman and Hall/CRC, 1996.
Mai H L, Nguyen T, Doyen G et al. Towards a security monitoring plane for Named Data Networking and its application against content poisoning attack. In Proc. the 2018 IEEE/IFIP Network Operations and Management Symposium, April 2018, Article No. 133.
Mai H L, Aouadj M, Doyen G et al. Implementation of content poisoning attack detection and reaction in virtualized NDN networks. In Proc. the 21st Conference on Innovation in Clouds, Internet and Networks and Workshops, Feb. 2018, Article No. 14.
Mazi`eres D, Kaminsky M, Kaashoek M F, Witchel E. Separating key management from file system security. In Proc. the 17th ACM Symposium on Operating Systems Principles, December 1999, pp.124-139.
Nam S, Kim D, Yeom I. Content verification in Named Data Networking. In Proc. the 2015 International Conference on Information Networking, January 2015, pp.414-415.
Kim D, Nam S, Bi J, Yeom I. Efficient content verification in Named Data Networking. In Proc. the 2nd International Conference on Information-Centric Networking, September 2015, pp.109-116.
Kim D, Bi J, Vasilakos A V, Yeom I. Security of cached content in NDN. IEEE Transactions on Information Forensics and Security, 2017, 12(12): 2933-2944.
DiBenedetto S, Papadopoulos C. Mitigating poisoned content with forwarding strategy. In Proc. the 2016 IEEE Conference on Computer Communications Workshops, April 2016, pp.164-169.
Wu D, Xu Z, Chen B, Zhang Y. What if routers are malicious? Mitigating content poisoning attack in NDN. In Proc. the 2016 IEEE Trustcom/BigDataSE/ISPA, August 2016, pp.481-488.
Nguyen T, Marchal X, Doyen G, Cholez T, Cogranne R. Content poisoning in Named Data Networking: Comprehensive characterization of real deployment. In Proc. the 2017 IFIP/IEEE Symposium on Integrated Network and Service Management, May 2017, pp.72-80.
Hu X, Gong J, Cheng G, Zhang G, Fan C. Mitigating content poisoning with name-key based forwarding and multipath forwarding based inband probe for energy management in smart cities. IEEE Access, 2018, 6: 39692-39704.
Author information
Authors and Affiliations
Corresponding author
Electronic supplementary material
ESM 1
(PDF 529 kb)
Rights and permissions
About this article
Cite this article
Kumar, N., Singh, A.K., Aleem, A. et al. Security Attacks in Named Data Networking: A Review and Research Directions. J. Comput. Sci. Technol. 34, 1319–1350 (2019). https://doi.org/10.1007/s11390-019-1978-9
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11390-019-1978-9