Secure Fragmentation for Content-Centric Networks

@article{Ghali2015SecureFF,
  title={Secure Fragmentation for Content-Centric Networks},
  author={Cesar Ghali and Ashok Narayanan and Dave Oran and Gene Tsudik and Christopher A. Wood},
  journal={2015 IEEE 14th International Symposium on Network Computing and Applications},
  year={2015},
  pages={47-56}
}
Content-Centric Networking (CCN) is a communication paradigm that emphasizes content distribution. Named-Data Networking (NDN) is an instantiation of CCN, a candidate Future Internet Architecture. NDN supports human-readable content naming and router-based content caching which lends itself to efficient, secure, and scalable content distribution. Because of NDN's fundamental requirement that each content object must be signed by its producer, fragmentation has been considered incompatible with… 

Figures and Tables from this paper

Security and Privacy Challenges in Content-Centric Networks
TLDR
It is found that sound engineering can mitigate several issues, while others remain insurmountable challenges exacerbated by fundamental security and performance tradeoffs made by CCN.
Naming Content on the Network Layer
TLDR
This article surveys and summarizes ongoing research concerning security aspects of ICNs, discussing vulnerabilities, attacks, and proposed solutions to mitigate them and proposes future directions regarding research in ICN security.
Packet Fragmentation in NDN : Why NDN Uses Hop-By-Hop Fragmentation NDN Memo
TLDR
This paper argues that in the context of NDN, hop-by-hop fragmentation and reassembly (HBH-FR) is the most consistent with the data-centric and session-less nature ofNDN communication and shows that it provides better performance tradeoffs compared to other fragmentation options.
Security, Privacy, and Access Control in Information-Centric Networking: A Survey
TLDR
The existing literature in security and privacy in ICN is surveyed and the underlying principle of the existing works is presented, the drawbacks of the proposed approaches are discussed, and potential future research directions are explored.
esigning a LoWPAN convergence layer for the Information Centric Internet f Things
TLDR
This paper designs and evaluates an ICN convergence layer for low power lossy links that augments the NDN stateful forwarding plane with a highly efficient name eliding, devises stateless compression schemes for standard NDN use cases with utile data encodings, and adapts NDN packets to the small MTU size of IEEE 802.15.4.
Partially Doubly-Encrypted Identity-Based Encryption Constructed from a Certain Scheme for Content Centric Networking
TLDR
This work proposes an IBE scheme approach to the problem of content encryption over CCN by combining partial-double encryption, interest trace back, cut-through fragment forwarding and multi-path routing, which is IND-ID-CPA secure in the random oracle model.
STNDN: Link Aware Segmented Transmission for Named Data Networking
TLDR
A segmented transmission scheme for NDN (STNDN), where each fragment of chunk can be independently routed, and chunks will only be aggregated at some selected nodes along the transmission path to improve the robustness of STNDN.
FFRD: Fragment forwarding and reassembly decoupling based chunk transmission in NDN
TLDR
In this paper, a reliable and fast chunk transmission protocol based on Fragment Forwarding and Reassembly Decoupling (FFRD) at intermediate routers in NDN is proposed and simulation results show that FFRD can significantly reduce chunk retrieval delay and decrease end-to-end packet retransmission times, especially over lossy networks with non-negligible packet losses.
(The Futility of) Data Privacy in Content-Centric Networking
TLDR
It is shown that strong privacy necessitates some form of session- or channel-based communication, which strongly contradicts the data-centric nature of CCN, and that data privacy is more dependent on requests than responses for data.
...
...

References

SHOWING 1-10 OF 55 REFERENCES
Network-Layer Trust in Named-Data Networking
TLDR
The root causes of, and some cures for, content poisoning attacks in Named Data Networking (NDN) are explored, and it becomes apparent that meaningful mitigation of content poisoning is contingent upon a network-layer trust management architecture, elements of which elements are constructed while carefully justifying specific design choices.
Networking named content
TLDR
Content-Centric Networking (CCN) is presented which uses content chunks as a primitive---decoupling location from identity, security and access, and retrieving chunks of content by name, and simultaneously achieves scalability, security, and performance.
Packet Fragmentation in NDN : Why NDN Uses Hop-By-Hop Fragmentation NDN Memo
TLDR
This paper argues that in the context of NDN, hop-by-hop fragmentation and reassembly (HBH-FR) is the most consistent with the data-centric and session-less nature ofNDN communication and shows that it provides better performance tradeoffs compared to other fragmentation options.
CONET: a content centric inter-networking architecture
TLDR
CONET is a content-centric inter-network that provides users with a network access to remote named-resources, rather than to remote hosts, and supports the already proposed "clean-slate" and "overlay" deployment approaches.
Transport-layer issues in information centric networks
TLDR
This paper proposes to segment content in two levels: at the first level the content is segmented in chunks, at the second level the chunks are segmented into smaller data units, handled by an ICN specific Transport Protocol (ICTP), performing reliability and congestion control functions.
XIA: Efficient Support for Evolvable Internetworking
TLDR
This paper presents the eXpressive Internet Architecture (XIA), an architecture with native support for multiple principals and the ability to evolve its functionality to accommodate new, as yet unforeseen, principals over time.
Datagram authentication in internet gateways: implications of fragmentation and dynamic routing
  • G. Tsudik
  • Computer Science
    IEEE J. Sel. Areas Commun.
  • 1989
TLDR
Two protocols are presented that permit varying degrees of fragmentation and dynamic routing, while allowing the gateways to authenticate successive packets belonging to authorized connections.
Delay-Tolerant Networking Architecture
TLDR
This document describes an architecture that addresses a variety of problems with internetworks having operational and performance characteristics that make conventional (Internet-like) networking approaches either unworkable or impractical.
MobilityFirst future internet architecture project
TLDR
An overview of the MobilityFirst network architecture is presented, which is a clean-slate project being conducted as part of the NSF Future Internet Architecture (FIA) program, intended to directly address the challenges of wireless access and mobility at scale, while also providing new multicast, anycast, multi-path and context-aware services needed for emerging mobile Internet application scenarios.
...
...