article

Backscatter from the data plane - Threats to stability and security in information-centric network infrastructure

Authors:

Matthias Wählisch,

Thomas C. Schmidt,

Markus VahlenkampAuthors Info & Claims

Computer Networks: The International Journal of Computer and Telecommunications Networking, Volume 57, Issue 16

Pages 3192 - 3206

https://doi.org/10.1016/j.comnet.2013.07.009

Published: 01 November 2013 Publication History

Abstract

Information-centric networking (ICN) raises data objects to first class routable entities in the network and changes the Internet paradigm from host-centric connectivity to data-oriented delivery. However, current approaches to content routing heavily rely on data-driven protocol events and thereby introduce a strong coupling of the control to the data plane in the underlying routing infrastructure. In this paper, threats to the stability and security of the content distribution system are analyzed in theory, simulations, and practical experiments. We derive relations between state resources and the performance of routers, and demonstrate how this coupling can be misused in practice. We further show how state-based forwarding tends to degrade by decorrelating resources. We identify intrinsic attack vectors present in current content-centric routing, as well as possibilities and limitations to mitigate them. Our overall findings suggest that major architectural refinements are required prior to global ICN deployment in the real world.

References

[1]

Ahlgren, B., Dannewitz, C., Imbrenda, C., Kutscher, D. and Ohlman, B., A survey of information-centric networking. IEEE Commun. Mag. v50 i7. 26-36.

[2]

M. Gritter, D.R. Cheriton, An architecture for content routing support in the Internet, in: Proc. USITS'01, USENIX Association, Berkeley, CA, USA, 2001, pp. 4-4.

[3]

Koponen, T., Chawla, M., Chun, B.-G., Ermolinskiy, A., Kim, K.H., Shenker, S. and Stoica, I., A data-oriented (and beyond) network architecture. SIGCOMM Comput. Commun. Rev. v37 i4. 181-192.

[4]

L. Zhang, D. Estrin, J. Burke, V. Jacobson, J.D. Thornton, Named Data Networking (NDN) Project, Tech. Report ndn-0001, NDN, 2010.

[5]

Jacobson, V., Smetters, D.K., Thornton, J.D. and Plass, M.F., Networking named content. In: Proc. of the 5th Int. Conf. on Emerging Networking EXperiments and Technologies (ACM CoNEXT'09), ACM, New York, NY, USA. pp. 1-12.

[6]

Jokela, P., Zahemszky, A., Rothenberg, C.E., Arianfar, S. and Nikander, P., LIPSIN: Line speed publish/subscribe inter-networking. In: Proc. of the ACM SIGCOMM 2009, ACM, New York, NY, USA. pp. 195-206.

Digital Library

[7]

B. Ahlgren et al., Second NetInf Architecture Description, Tech. Report D-6.2 v2.0, 4Ward EU FP7 Project, 2010.

[8]

Wählisch, M., Schmidt, T.C. and Vahlenkamp, M., Lessons from the past: why data-driven states harm future information-centric networking. In: Proc. of IFIP Networking, IEEE Press, Piscataway, NJ, USA.

[9]

M. Wählisch, T.C. Schmidt, M. Vahlenkamp, Backscatter from the Data Plane - Threats to Stability and Security in Information-Centric Networking, Technical Report Open Archive, 2012. http://arxiv.org/abs/1205.4778.

[10]

Wong, W. and Nikander, P., Secure naming in information-centric networks. In: Proc. of Re-Architecting the Internet Workshop (ReARCH '10), ACM, New York, NY, USA. pp. 12:1-12:6.

[11]

Dannewitz, C., Goliólic, J., Ohlman, B. and Ahlgren, B., Secure naming for a network of information. In: Proc. of the IEEE Global Internet Symposium, IEEE, Piscataway, NJ, USA.

[12]

Ghodsi, A., Koponen, T., Rajahalme, J., Sarolahti, P. and Shenker, S., Naming in content-oriented architectures. In: Proceedings of the ACM SIGCOMM Workshop on Information-Centric Networking, ICN '11, ACM, New York, NY, USA. pp. 1-6.

[13]

Fotiou, N., Marias, G.F. and Polyzos, G.C., Publish-subscribe internetworking security aspects. In: Blefari-Melazii, N., Bianchi, G., Salgarelli, L. (Eds.), Trustworthy Internet, Springer, Heideberg. pp. 3-15.

[14]

Ghodsi, A., Shenker, S., Koponen, T., Singla, A., Raghavan, B. and Wilcox, J., Information-centric networking: seeing the forest for the trees. In: Proc. of the 10th ACM HotNets Workshop, HotNets-X, ACM, New York, NY, USA.

[15]

Butler, K., Farley, T., McDaniel, P. and Rexford, J., A survey of BGP security issues and solutions. Proc. IEEE. v98 i1. 100-122.

[16]

Arianfar, S., Nikander, P. and Ott, J., On content-centric router design and implications. In: Proc. of ReARCH Workshop, ACM, New York, NY, USA.

[17]

Perino, D. and Varvello, M., A reality check for content centric networking. In: Proc. of the ACM SIGCOMM WS on Information-Centric Networking (ICN '11), ACM, New York, NY, USA. pp. 44-49.

[18]

T. Lauinger, Security & Scalability of Content-Centric Networking, Master's Thesis, TU Darmstadt, Darmstadt, Germany, 2010.

[19]

Chung, Y., Distributed denial of service is a scalability problem. ACM SIGCOMM CCR. v42 i1. 69-71.

[20]

Wählisch, M., Schmidt, T.C. and Vahlenkamp, M., Bulk of interest: performance measurement of content-centric routing. In: Proc. of ACM SIGCOMM Poster Session, ACM, New York. pp. 99-100.

[21]

C. Yi, A. Afanasyev, I. Moiseenko, L. Wang, B. Zhang, L. Zhang, A Case for Stateful Forwarding Plane, Tech. Rep. NDN-0002, PARC, July 2012.

[22]

P. Gasti, G. Tsudik, E. Uzun, L. Zhang, DoS and DDoS in Named-Data Networking, Tech. Rep. 1208.0952, ArXiv e-prints, August 2012.

[23]

P. Mohapatra, J. Scudder, D. Ward, R. Bush, R. Austein, BGP Prefix Origin Validation, Internet-Draft - work in progress 10, IETF, October 2012.

[24]

A. Li, X. Liu, X. Yang, Bootstrapping accountability in the internet we have, in: Proc. of the 8th NSDI, USENIX Association, Berkeley, CA, USA, 2011.

[25]

Jacobson, V., Congestion avoidance and control. SIGCOMM Comput. Commun. Rev. v18 i4. 314-329.

[26]

PingER. Ping end-to-end Reporting, 2012. <http://www-iepm.slac.stanford.edu/pinger/>.

[27]

C.J. Bovy, H.T. Mertodimedjo, G. Hooghiemstra, H. Uijterwaal, P.V. Mieghem, Analysis of end to end delay measurements in internet, in: Proc. of the Passive and Active Measurement Workshop-PAM, 2002.

[28]

S.A. Crosby, D.S. Wallach, Denial of service via algorithmic complexity attacks, in: Proc. of USENIX Security Symposium, USENIX Assoc., Berkeley, CA, USA, 2003, pp. 29-44.

[29]

On the vulnerability of hardware hash tables to sophisticated attacks. In: Proc. of IFIP Networking, LNCS, vol. 7289, Springer-Verlag, Berlin, Heidelberg. pp. 135-148.

[30]

PARC, The CCNx Homepage, 2012. <http://www.ccnx.org/>.

[31]

Yi, C., Afanasyev, A., Wang, L., Zhang, B. and Zhang, L., Adaptive forwarding in named data networking. SIGCOMM Comput. Commun. Rev. v42 i3. 62-67.

[32]

A. Afanasyev, I. Moiseenko, L. Zhang, ndnSIM: NDN Simulator for NS-3, Technical Report NDN-0005, NDN, October 2012. <http://www.named-data.net/techreport/TR005-ndnsim.pdf>.

[33]

Mahajan, R., Spring, N., Wetherall, D. and Anderson, T., Inferring link weights using end-to-end measurements. In: Proc. of the 2nd ACM SIGCOMM Workshop on Internet measurement (IMW'02), ACM. pp. 231-236.

[34]

Chen, J., Arumaithurai, M., Fu, X. and Ramakrishnan, K.K., G-COPSS: a content centric communication infrastructure for gaming applications. In: Proc. of IEEE ICDCS, IEEE Computer Society, Los Alamitos, CA, USA. pp. 355-365.

Digital Library

[35]

Z. Zhu, C. Bian, A. Afanasyev, V. Jacobson, L. Zhang, Chronos: Serverless Multi-User Chat Over NDN, Technical Report NDN-0008, NDN, October 2012.

[36]

L. Guo, S. Chen, Z. Xiao, E. Tan, X. Ding, X. Zhang, Measurements, analysis, and modeling of BitTorrent-like systems, in: Proc. of 5th ACM SIGCOMM Conference on Internet Measurement (IMC), USENIX Association, Berkeley, CA, USA, 2005, pp. 4-4.

[37]

M. Handley, I. Kouvelas, T. Speakman, L. Vicisano, Bidirectional Protocol Independent Multicast (BIDIR-PIM), RFC 5015, IETF, October 2007.

[38]

D. R. Simon, S. Agarwal, D. A. Maltz, AS-Based Accountability as a cost-effective DDoS defense, in: Proc. of Workshop on Hot Topics in Understanding Botnets, USENIX Association, Berkeley, CA, USA, 2007.

Digital Library

[39]

Andersen, D.G., Balakrishnan, H., Feamster, N., Koponen, T., Moon, D. and Shenker, S., Accountable Internet protocol (AIP). In: Proc. of the ACM SIGCOMM, ACM, New York, NY, USA. pp. 339-350.

[40]

T. Peng, C. Leckie, K. Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems, ACM Comput. Surv. 39 (1). <http://dl.acm.org/citation.cfm?id=1216373>.

[41]

Dai, H., Wang, Y., Fan, J. and Liu, B., Mitigate DDoS attacks in NDN by interest Traceback. In: Proc. of IEEE INFOCOM NOMEN Workshop, IEEE Press, Piscataway, NJ, USA.

[42]

A. Compagno, M. Conti, P. Gasti, G. Tsudik, Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking, Tech. Rep. 1303.4823, ArXiv e-prints, March 2013.

[43]

Wang, K., Zhou, H., Luo, H., Guan, J., Qin, Y. and Zhang, H., Detecting and mitigating interest flooding attacks in content-centric network. Security Commun. Netw.

[44]

Afanasyev, A., Mahadevan, P., Moiseenko, I., Uzun, E. and Zhang, L., Interest flooding attack and countermeasures in named data networking. In: Proc. of IFIP Networking, IEEE Press, Piscataway, NJ, USA.

Cited By

Shi ZXu YMa MZhang Y(2024)An EWMA-Based Mitigation Scheme Against Interest Flooding Attacks in Named Data NetworksAdvanced Intelligent Computing Technology and Applications10.1007/978-981-97-5606-3_14(158-167)Online publication date: 5-Aug-2024
https://dl.acm.org/doi/10.1007/978-981-97-5606-3_14
Muscariello LPapalini MRoques OSardara MTran Van A(2023)Securing Scalable Real-time Multiparty Communications with Hybrid Information-centric NetworkingACM Transactions on Internet Technology10.1145/359358523:2(1-20)Online publication date: 19-May-2023
https://dl.acm.org/doi/10.1145/3593585
Xu ZWang XZhang Y(2023)Towards Persistent Detection of DDoS Attacks in NDN: A Sketch-Based ApproachIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.319618720:4(3449-3465)Online publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1109/TDSC.2022.3196187
Show More Cited By

Index Terms

Backscatter from the data plane - Threats to stability and security in information-centric network infrastructure
1. Networks
  1. Network protocols

Index terms have been assigned to the content through auto-classification.

Recommendations

Threat of DoS by interest flooding attack in content-centric networking
ICOIN '13: Proceedings of the 2013 International Conference on Information Networking (ICOIN)

Content-Centric Networking (CCN) is one of promising architecture based on ICN concept for Future Internet. In contrast to current IP network, CCN can overcome inefficient content distribution caused by the IP architecture in the situation of today's ...
Surviving Distributed Denial-of-Service Attacks

A series of distributed denial-of-service (DDoS) attacks were launched against computer systems and services in the US and South Korea beginning July 4th. A DDoS attack is an attempt to make a computer service unavailable to its intended users. The ...
A Survey on Denial of Service Attacks and Preclusions
ICIA-16: Proceedings of the International Conference on Informatics and Analytics

Security is concerned with protecting assets. The aspects of security can be applied to any situation- defense, detection and deterrence. Network security plays important role of protecting information, hardware and software on a computer network. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Copyright © Elsevier B.V. © 2013.

Publisher

Elsevier North-Holland, Inc.

United States

Publication History

Published: 01 November 2013

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shi ZXu YMa MZhang Y(2024)An EWMA-Based Mitigation Scheme Against Interest Flooding Attacks in Named Data NetworksAdvanced Intelligent Computing Technology and Applications10.1007/978-981-97-5606-3_14(158-167)Online publication date: 5-Aug-2024
https://dl.acm.org/doi/10.1007/978-981-97-5606-3_14
Muscariello LPapalini MRoques OSardara MTran Van A(2023)Securing Scalable Real-time Multiparty Communications with Hybrid Information-centric NetworkingACM Transactions on Internet Technology10.1145/359358523:2(1-20)Online publication date: 19-May-2023
https://dl.acm.org/doi/10.1145/3593585
Xu ZWang XZhang Y(2023)Towards Persistent Detection of DDoS Attacks in NDN: A Sketch-Based ApproachIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.319618720:4(3449-3465)Online publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1109/TDSC.2022.3196187
Tandon RGupta P(2023)A Hybrid Security Scheme for Inter-vehicle Communication in Content Centric Vehicular NetworksWireless Personal Communications: An International Journal10.1007/s11277-023-10175-z129:2(1083-1096)Online publication date: 17-Feb-2023
https://dl.acm.org/doi/10.1007/s11277-023-10175-z
Gündoğan CKietzmann PSchmidt TWählisch M(2022)A mobility-compliant publish–subscribe system for an information-centric Internet of ThingsComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2021.108656203:COnline publication date: 11-Feb-2022
https://dl.acm.org/doi/10.1016/j.comnet.2021.108656
Singh VUjjwal R(2021)Threat identification and risk assessments for named data networking architecture using SecRamInternational Journal of Knowledge-based and Intelligent Engineering Systems10.3233/KES-21005125:1(33-47)Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.3233/KES-210051
Tehrani PSchiller JSchmidt TWählisch M(2020)On economic, societal, and political aspects in ICNProceedings of the 7th ACM Conference on Information-Centric Networking10.1145/3405656.3420229(155-157)Online publication date: 22-Sep-2020
https://dl.acm.org/doi/10.1145/3405656.3420229
Gündoğan CAmsüss CSchmidt TWählisch M(2020)Toward a RESTful Information-Centric Web of ThingsProceedings of the 7th ACM Conference on Information-Centric Networking10.1145/3405656.3418718(77-88)Online publication date: 22-Sep-2020
https://dl.acm.org/doi/10.1145/3405656.3418718
Tourani RTorres GMisra S(2020)PERSIAProceedings of the 7th ACM Conference on Information-Centric Networking10.1145/3405656.3418709(117-128)Online publication date: 22-Sep-2020
https://dl.acm.org/doi/10.1145/3405656.3418709
Gündoğan CPfender JFrey MSchmidt TShzu-Juraschek FWählisch M(2019)Gain More for LessProceedings of the 6th ACM Conference on Information-Centric Networking10.1145/3357150.3357404(141-152)Online publication date: 24-Sep-2019
https://dl.acm.org/doi/10.1145/3357150.3357404
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents