Name: Cache Privacy in Named Data Networking Architectures
Uploaded: 2022-04-20T11:33:50+02:00
Description: Recently, Internet has been compelled to operate content production and distribution by social networking, numberless Internet-connected devices, etc

Video Introduction

This video is adapted from 10.3390/electronics11081265

Recently, Internet has been compelled to operate content production and distribution by social networking, numberless Internet-connected devices, etc. Nonetheless, such activities may not be the most suitable or applicable to be achieved over the Internet because of point-to-point communication-based architecture design.

The content-centric networks (CCN) are being proposed to overcome point-to-point communication limitations for content production and consumption. In the CCN approach, the replica of contents is cached by numberless locations (cache servers) to increase the con- tent distribution for popular contents (e.g., YouTube, Netflix, Zoom, and social networks).

The named data networks (NDN) paradigm was presented as the latest version of CCN ^[1]. NDN promises named-based content and in-network caching to maximize content distribution and to increase today’s content production and distribution. NDN packets do not require the content source and the destination address. Therefore, the NDN is supposed to provide enhanced privacy for the destination addresses. However, the previously cached content, in spite of its benefits, may be targeted by side-channel timing attacks to threaten the NDN privacy ^[2]^[3]^[4]. Depending on the scope of the attack, an adversary node may classify or determine the location of content consumer and producer by categorizing uncached and cached contents through the time differences from the cache.

The attacks can be mitigated by certain approaches. A typical way is to add extra time to the cache-store response for the consumer(s). For instance, statically configured counter- measure methods (delay, randomized cache, and encryption) were discussed/proposed by works ^[2]^[4]^[5]^[6]. However, any additional delay or name encryption may disable (reduce availability of) the cache, which can be considered against in-networking caching-based NDN design.

This work aims to mitigate countermeasure methods efficiency issues by distinguish- ing legitimate and adversarial consumers. Through this work’s detection approach, it is possible to execute the countermeasures only for detected adversary faces. To illustrate that, first a brute-force attack scenario is implemented on the NDN application (NDNtube). Then, the proposed approach (DaD) countermeasure method is implemented and compared with traditional countermeasure mechanisms.

References

Zhang, L.; Estrin, D.; Burke, J.; Jacobson, V.; Thornton, J.D.; Smetters, D.K.; Zhang, B.; Tsudik, G.; Massey, D.; Papadopoulos, C.; et al. Named Data Networking (NDN) Project. NDN Technical Report 2010, 001, null, .
Gergely Acs; Mauro Conti; Paolo Gasti; Cesar Ghali; Gene Tsudik; Cache Privacy in Named-Data Networking. 2013 IEEE 33rd International Conference on Distributed Computing Systems 2013, null, 41-51, 10.1109/icdcs.2013.12.
Aziz Mohaisen; Hesham Mekky; Xinwen Zhang; Haiyong Xie; Yongdae Kim; Timing Attacks on Access Privacy in Information Centric Networks and Countermeasures. IEEE Transactions on Dependable and Secure Computing 2014, 12, 675-687, 10.1109/tdsc.2014.2382592.
Cesar Bernardini; Samuel Marchal; Muhammad Rizwan Asghar; Bruno Crispo; PrivICN: Privacy-preserving content retrieval in information-centric networking. Computer Networks 2018, 149, 13-28, 10.1016/j.comnet.2018.11.012.
Edward W. Felten; Michael A. Schneider; Timing attacks on Web privacy. Proceedings of the 7th ACM conference on Computer and communications security - CCS '00 2000, null, null, 10.1145/352600.352606.
Steven DiBenedetto; Paolo Gasti; Gene Tsudik; Ersin Uzun; ANDaNA: Anonymous Named Data Networking Application. null 2011, null, null, .

Full Transcript

Confirm