Recently, Internet has been compelled to operate content production and distribution by social networking, numberless Internet-connected devices, etc. Nonetheless, such activities may not be the most suitable or applicable to be achieved over the Internet because of point-to-point communication-based architecture design.
The content-centric networks (CCN) are being proposed to overcome point-to-point communication limitations for content production and consumption. In the CCN approach, the replica of contents is cached by numberless locations (cache servers) to increase the con- tent distribution for popular contents (e.g., YouTube, Netflix, Zoom, and social networks).
The named data networks (NDN) paradigm was presented as the latest version of CCN . NDN promises named-based content and in-network caching to maximize content distribution and to increase today’s content production and distribution. NDN packets do not require the content source and the destination address. Therefore, the NDN is supposed to provide enhanced privacy for the destination addresses. However, the previously cached content, in spite of its benefits, may be targeted by side-channel timing attacks to threaten the NDN privacy . Depending on the scope of the attack, an adversary node may classify or determine the location of content consumer and producer by categorizing uncached and cached contents through the time differences from the cache.
The attacks can be mitigated by certain approaches. A typical way is to add extra time to the cache-store response for the consumer(s). For instance, statically configured counter- measure methods (delay, randomized cache, and encryption) were discussed/proposed by works . However, any additional delay or name encryption may disable (reduce availability of) the cache, which can be considered against in-networking caching-based NDN design.
This work aims to mitigate countermeasure methods efficiency issues by distinguish- ing legitimate and adversarial consumers. Through this work’s detection approach, it is possible to execute the countermeasures only for detected adversary faces. To illustrate that, first a brute-force attack scenario is implemented on the NDN application (NDNtube). Then, the proposed approach (DaD) countermeasure method is implemented and compared with traditional countermeasure mechanisms.
This video is adapted from 10.3390/electronics11081265