Mitigating content poisoning attacks in named data networking: a survey of recent solutions, limitations, challenges and future research directions

Abstract

Named Data Networking (NDN) is one of the capable applicants for the future Internet architecture, where communications focus on content rather than providing content. NDN implements Information-Centric Networking (ICN) with its unique node structure and significant characteristics such as built-in mobility support, multicast support, and efficient content distribution to end-users. It has several key features, including inherent security, that protect the content rather than the communication channel. Despite the good features that NDN provides, it is nonetheless vulnerable to a variety of attacks, the most critical of them is the Content Poisoning Attack (CPA). In this survey, the existing solutions presented for the prevention of CPA in the NDN paradigm have been critically analyzed. Furthermore, we also compared the suggested schemes based on latency, communication overhead, and security. In addition, we have also shown the possibility of other possible NDN attacks on the suggested schemes. Finally, we adds some open research challanges.

1 Introduction

Initially, the Internet was aimed at establishing communication between the two parties, however, with technological advancement, the later changed to the Internet of Things (IoT), Internet of Media (IoM), Internet of People (IoP), and Internet of Service (IoS) Mohamed et al. (2024), Yadong et al. (2024), Rim et al. (2023). Soon, due to the growing connection of homogeneous and heterogeneous smart devices such as health-care, intelligent grids, intelligent homes, smart campuses, and smart cities, the current Internet architecture might not be able to control the gigantic amount of data produced by the mentioned smart devices (Wang and Cai 2020; Muzammal et al. 2018; Khattak et al. 2014; Liu et al. 2011; Kozlov et al. 2012; Iqbal et al. 2018; Arshad et al. 2017; Piro et al. 2014; Khattak et al. 2017; Jeyaraj et al. 2023). The fresh connectivity of IoT devices significantly increases the global IP traffic which includes up to 90% of video data traffic. Host-centric communication, on the other hand, remains a mainstay of Internet communication. Due to major challenges such as location dependence, security structure, low addressing space, and no data caching, host-based communication has been constrained by the evolution of everything else (Anichur et al. 2023). As a result, the quest for new models has lasted for years.

Information-Centric Networking (ICN) (Qi et al. 2024) was presented as a new paradigm for the future to overcome significant challenges existing in IP-based networks such as routing, scalability, and content sharing (Yu et al. 2019), to address the challenges of the traditional host-centric Internet architecture. To provide efficient data dissemination and access, ICN combines all network activities around the name of the content rather than the network address. To improve content distribution and sharing on the Internet, different perspectives such as Content Delivery Network (CDN) and Peer-to-Peer (P2P) were previously established (Li 2020; Zhao et al. 2019; Kotary and Nanda 2020; Asghari and Navimipour 2019). Unlike P2P and CDN, ICN is a standard protocol that operates at the network layer (Khattak et al. 2017). P2P is an application-specific protocol, whereas CDN is a proprietary application-layer solution. Moreover, P2P content is disseminated by end-users, whereas CDNs rely on proprietary infrastructure. However, in ICN, content can only be distributed via the network infrastructure.

This paradigm shift from “where” to “what” improves network performance by including; in-network data caching, naming-based routing, improved mobility, improved security, and efficient information retrieval, which is naturally suitable for the treatment of the issue faced by the traditional host-centric Internet architecture (Mastorakis et al. 2020; Ahlgren et al. 2012). Figure 1 shows a generic depiction of ICN. Moreover, multiple projects have been launched under the ICN concept in Europe and the United States, including Data-Oriented Network Architecture (DONA) (Ahlgren et al. 2012), Named Data Networking (NDN) (Andrea et al. 2024; Jacobson et al. 2013; Karami and Guerrero-Zapata 2015; Mun and Lim 2016), MobilityFirst (NSF 2022), Content-Centric Networking (CCN), Publish-Subscribe Internet Routing Paradigm (PSIRP) (Jokela et al. 2009),4WARD (Ahlgren et al. 2010), Publish-Subscribe Internet Technology (PURSUIT) (Publish-Subscribe Internet Technology 2017), CONVERGENCE (CONVERGENCE project 2017), Scalable and Adaptive Internet Solutions (SAIL) (Scalable and Adaptive Internet Solutions 2017), and COntent Mediator architecture for content-aware nETworks (COMET).

The aforementioned architectures of ICN possess some similar characteristics such as in-network caching and accessibility of content by name, etc. Ahlgren et al. (2012).

Fig. 1

Information-centric networking

1.1 NDN overview

NDN Andrea et al. (2024) architecture is considered highly attractive and efficient as a future Internet solution not only because of inherent name-based routing, structured nodes, in-network caching, and security mechanisms but also mobility and multi-casting support, etc.Moreover, NDN follows a hierarchical naming structure for accessing content, which is similar to URLs e.g., /sajid.market/si/main.html. In addition, NDN routes use two types of packets: packets of interest and packets of data (Fang et al. 2015).

1.1.1 NDN interest packet

When a consumer (content receiver) requests explicit content, it uses the packet of services of interest. According to the latest features of the interest packet (NDN 2020), it consists of two essential components: the Name and the Nonce. The Name stands for the content interested by the client, while the Nonce is a four byte packet field providing the packet’s identification avoiding interest looping. Optional information such as Hope Limit, Interest Lifetime, and Freshness (Signed interest 2022) may also be included in the interest packet. In addition, an interest packet must be signed. The digital signature is used when the authentication of the sender is required. The basic structure of the interest packet is shown in Fig. 2.

1.1.2 NDN data packet

In the NDN architecture, when a consumer sends an interest packet to get particular content, then the corresponding data is sent in data packet. To provide authenticity and integrity of the content, every data packet transmitted in NDN is signed by the producer of the content. In a nutshell, it contains the data packet’s name as well as the signature revealing the data packet’s content and payload (Rehman et al. 2020). The data packet also contains some additional information such as Content_Type, Update_Period, and Final_Block_Id (Benmoussa et al. 2020).

Fig. 2

Interest and Data Packet (Jacobson et al. 2013)

1.1.3 NDN stateful forwarding

Content Store (CS), Pending Interest Table (PIT), and Forwarding Information Base (FIB) are three types of data structures that each NDN node maintains (Afanasyev et al. 2018; Bouk et al. 2017; Ahmed et al. 2017). As demonstrated in Fig. 3, the CS acts as a local cache, storing content copies for future use to improve content distribution. Furthermore, NDN nodes employ stateful forwarding (Yi et al. 2013), in which each node keeps all essential information for each received request until it is satisfied or delayed. Furthermore, during the packet forwarding procedure, this information is necessary. NDN data packets, on the other hand, follow the opposite path as interest packets. Also, when PIT adds an interest packet, NDN routers record all information about in and outgoing interfaces. Upon receiving the data packet, the router forwards the data packet downstream out through the incoming interface as recorded in the PIT to send it back to the consumer as requested (Li et al. 2018).

Fig. 3

The NDN Architecture (Ullah et al. 2020)

1.1.4 NDN interest packet transfer

During each packet transmission, the NDN router first perform local lookup in the CS for the desired data. In case the data corresponding to the name in the interest packet is found, the NDN node forwards it downstream to the requester instantaneously (Matos Mascarenhas and Monteiro Moraes 2018). If CS does not have the required data, the NDN node checks to see if there is any other unsatisfied interest (entry already exists in PIT). If the node does not have unsatified interest entry, the node creates a new record in the PIT. There are two options if there is an unsatisfied request;

1. (1)

   It is illustrative that the interest packet arrives in the interface that there is a pending, non-satisfied entry in it. The request will be rejected in this circumstance since it is a duplicate entry (Pang et al. 2017).

2. (2)

   In case the interest packet is coming through a different interface, the particular interface will be on the list of integral requested interfaces. Then, from the FIB list, choose the appropriate path and send the NDN Interest Packet upstream to Next-Hop. If the forwarding path is not discovered in the FIB, the packet is dropped, or the NACK packet stating the true cause is sent. The flow of interest packet forwarding as performed by NDN nodes is shown in Fig. 4.

Fig. 4

NDN node structure in case of interest packet forwarding

1.1.5 NDN data packet transfer

When the interest packet of the consumer reaches the intended data provider, the provider simply return the requested data if it has the capacity to meet the request (Tariq et al. 2019). When the data packet arrives in NDN node, the node perform a PIT lookup to discover unsatisfied interest associated with the data packet’s name. If there is a request for the data, the cache management policy of NDN node will then decide whether to cache the data that has arrived. After that it locates the required interface and sends the data to all downstream interfaces (Rehman et al. 2016). The NDN data packet forwarding procedure is shown in Fig. 5.

Fig. 5

NDN node structure in case of packet forwarding

1.2 Content poisoning attack

When a consumer presents a request for content, first, the NDN router begin by searching the content name in the CS. if therequired content found with the same name, it simply forward the contents to the client, if not, the router employs the FIB for a longest prefix match forwarding the interest in direction of another router’s CS in search of the solicited content. If the content is found, it is sent to the consumer with a copy stored in the intermediate routers on the path towards the consumer. In this respect, to prevent the content from adversaries, NDN uses digital signatures.

Recently, NDN has been used in multiple application domains such as smart healthcare (Saxena and Raychoudhury 2017), smart grid, smart home (Ahmed and Kim 2016; Amadeo et al. 2015), smart campus (Alghamdi and Shetty 2016; Arshad et al. 2017), and smart city (Piro et al. 2014) with more reliability. On the other hand, due to the novel architecture, NDN faces some major security challenges like DoS attacks, cache pollution attacks, content poisoning attacks, timing attacks, privacy attacks, and access control attacks. Currently, the content poisoning attack is the most debatable area of interest for researchers due to its seriousness.

As mentioned earlier NDN uses cache for storing the copies of contents locally for future use to provide efficient and reliable content distribution to consumer. However, a malicious user can change and modify the original copy of the content stored in the cache of the routers. Similarly, a malicious user can inject fake and poison content into the NDN router inside the network. In other words, an attacker can modify a signature of the content or its metadata (provider signature, show himself as a valid provider). Examples of such attacks include Content Rename, Content Corruption, and Content Falsification (Arshad et al. 2017).

Figure 6 exemplifies a general CPA in which Client-A communicates interest with Router-1 to link to the content. Responding to the caching policy of NDN, the intermediary routers through which the transfer of content occurs will store a copy into CS. As a result, Router-2 and Router-3 will store a copy of the content and forward it to the recipient. In this case, attacker takes complete control over Router-3 and forges false information to be inserted in the authenticated edition. If Client B, yet another victim, seeks the same content, Router-3 will provide the hostile CS copy of the content from its CS cache to Client B.

Fig. 6

Content Poisoning Attack

Previous surveys on CPA have briefly addressed the topic, offering limited countermeasures and lacking the depth needed to fully capture the complexity of the issue. These works focus primarily on explaining solutions without conducting thorough research or comparisons. In addition, they fail to explore the full spectrum of CPA variations and scenarios, instead presenting only the standard methods of attack. Furthermore, many recent and relevant publications have been overlooked in these surveys, leaving significant gaps in the coverage of existing literature. Given these limitations, there is a clear need for a survey that provides a comprehensive, in-depth analysis of CPA, including its variations, characteristics, and the techniques used to execute such attacks. In light of the above debate, we present a thorough analysis of CPA strategies intending to improve the security and performance of NDN.

There have been multiple studies published that investigate NDN and ICN security concerns. Some of them touched on CPA in a general sense. This section provides a summary as well as an explanation of the variances that exist between each author’s surveys. In 2015, Aamir and Zaidi (2015) publish a literature study on potential DoS attacks in CCN and the solutions that were recommended to defend against them. The survey contributes the following objectives:

• Providing a tutorial-style overview of state-of-the-art methods for assessing and mitigating different Denial of Service (DoS) attacks in CCN.

• Identifying some potential issues with the current characteristics of the CCN and the mitigation schemes that are already in place.

• Providing an outlook on potential future approaches in order to aid researchers in constructing countermeasures to CCN-DoS attacks.

However, the authors fail to provide a comprehensive overview of CPA. In the same year, AbdAllah et al. (2015) conduct a survey to determine the types of attacks that are specific to ICN architectures, as well as other types of general attacks that influence ICN. In addition to this, it offers a taxonomy of the attacks that can occur in ICN. These attacks can be divided into four primary categories: name, routing, caching, and other related attacks of a more general nature. In addition, this study demonstrates the connection between ICN attacks and the distinctive characteristics of ICNs, as well as the connection between ICN attacks and the needs for security, which include privacy, availability, confidentiality, and integrity. However, the CPA was ignored. In 2016, Saxena and Roorkee (2016) present a new taxonomy that can be used to investigate the characteristics of NDN in greater depth. Additionally, the authors covered a variety of NDN applications. Finally, the authors suggest a collection of open problems that researchers ought to address in due course. The authors, however, simply present a brief summary of a CPA. In 2019, Kumar et al. (2019) conduct a comprehensive analysis of the most prominent security vulnerabilities in NDN, including interest flooding attacks, cache pollution attacks, and CPA. Each attack is categorized according to its behavior and addressed in terms of the detection techniques, countermeasures, and characteristics affected by it. Additionally, the article presents open research questions that could be investigated by future scholars. However, there is a dearth of explanations or details regarding CPA. In the year 2020, Im and Kim (2020) investigate the challenges posed by content poisoning attacks in ICN and suggest potential security architectures to counteract them. In particular, the authors reevaluate the current state-of-the-art techniques from the standpoint of their practicability and offer a security architecture that can be implemented. Buragohain and Nandi (2021) present a classification of existing attacks in 2021 based on the layers in the NDN protocol stack, specifically the link layer, the strategy layer, the network layer, and the application layer. The authors perform this after conducting a survey of the current literature on security in NDN. The authors also examine the potential outcomes of such attacks and adds the flaws in the currently available countermeasures to these kinds of attacks. The conclusions of the survey are informative, and open research challenges are also presented. The authors, however, simply present a brief summary of a CPA. In 2023, Shah et al. (2023) present a survey on the security features of CCN and NDN with respect to Man-in-the-middle attacks, CPA and replay attacks. Furthermore, the authors provide potential research directions in terms of security. In 2024, Anjum et al. (2024) present an overview of emerging applications for secure data communication, followed by a presentation of the concepts underlying the architecture of the NDN. The authors explore the integration of NDN into the existing IP and highlight the role that NDN plays as a facilitator in addressing various challenges that are associated with particular applications. Furthermore, the authors also discuss the security and trust management aspects of NDN. To conclude, the authors discuss the challenges associated with the adaptation of NDN and offer some potential solutions. The comparison with related surveys is shown in Table 1, while The Organization of the survey is shown in Fig. 7. Following are some of our major contributions.

Table 1 Comparison with Existing Related Surveys

• We provide a high-level overview of the CPA in the NDN paradigm, as well as a detailed discussion of its main challenges and limitations.

• We have reviewed all (to the best of our knowledge) schemes presented for mitigating the Content Poisoning attack in the NDN paradigm.

• We examined the functionality of each proposed scheme critically and identified its key flaws.

• To assist the readers in gaining a quick high-level understanding of the offered solutions, we present a full comparative evaluation of each suggested scheme based on various parameters.

• We conclude the survey by noting open research challenges.

Fig. 7

Survey Organization

2 Research methodology

During our evaluation of the most recent and cutting-edge version of the CPA, we made use of the technique detailed in the following subsection. As shown in Fig. 8. We consider the PRISMA technique (Page et al. 2021) to select a suitable number of papers. Three important stages constitute the proposed approach for carrying out this survey. This proposed methodology aims to improve the preceding goal by means of a thorough investigation of the mitigation techniques proposed for CPA in NDN in addition to obtaining a broad understanding of the CPA. This survey will enable us to explore recent improvements in the technological approaches, techniques, and concepts applied for securing NDN against CPA.

2.1 Papers identification and searching stage

To facilitate searching and paper extraction across multiple databases, this phase involves the definition of related keywords and alternate synonyms as target search problems. The following terms have been categorized as defined keywords: “ICN attacks”, “NDN attacks”, “CCN attacks”, “content poisoning attack”, “content poisoning attack in ICN”, “content poisoning attack in NDN”, “content poisoning attack in CCN”, “content poisoning attack in the Internet of Things”, and “content poisoning attack in Vehicular Adhoc Networks”.

To achieve our goal and ensure that all pertinent research related to CPA, we have compiled a collection of articles from domain-relevant electronic databases, such as the ACM Digital Library, IEEE Explore, Science Direct, Springer, and Wiley Online Library etc. These databases were used to achieve our goal. In addition, we have compiled articles relevant to this field that were found on arXiv, Google Scholar, and ResearchGate.

2.2 Papers selection process

The first step in the filtering process involves classifying each document according to the type of research it presents, such as a study, a survey, or a solution. Any CPA-based study that an author has published falls under the study papers category. Studies on the impacts of CPA or comparative studies between various solutions, etc., could be included in this research. Concerning the survey papers, we decided to quote any report, whether it be an NDN-specific survey or an ICN survey, that discusses CPA in any way, be it briefly or substantially. On the other hand, we decided to take a different strategy for the solutions that were authored. Before citing a publication in our survey, we first examine the method that is being presented and then check to see if we have already investigated a solution comparable to it. If a solution that is comparable to this one already exists, we evaluate the authors of both of these papers. If they are identical, we will only quote the most recent one because we prefer its format (e.g., the authors presented it in a conference paper and then published the same solution in an article paper). If the authors are different, we will value the research that was done earlier.

After retrieving the papers from different databases using the keywords stated above, the next step was to examine each article to determine whether or not it was pertinent to the research. This stage consists of three screening steps that are used to evaluate the papers that have been identified and select the papers that are eligible. During the initial screening, any papers that were found to be duplicated or had been published in outlets other than academic journals were eliminated. From the Scopus and WOS databases, we extracted a total of 19 papers that were duplicated. The subsequent screening will focus on the remaining 363 papers published in different journals.

In the 2nd screening, we filter the papers based on their titles. The titles of the papers irrelevant to our study were eliminated. The next step was to filter the papers by reading their abstracts, and some papers were eliminated at this stage because they were unrelated to our research. Candidate papers were investigated, and 360 papers were then excluded respecting the study scope.

• C1: Papers published from 2013-2024.

• C2: Papers written in English.

• C3: Papers published in journals and conferences including short articles.

• C4: Papers focusing on the topic CPA scheme.

• C5: Eliminated non-peer-reviewed papers and papers without full-text availability.

Considering our exclusion criteria, we have also eliminated non-peer-reviewed papers and papers without full-text availability, papers whose focus is related to interest flooding attacks, cache pollution attacks etc. We have also found some duplicate papers and non-English papers. In the next round, we classified the papers that satisfied these exclusion criteria and were assessed to concentrate on CPA. Although specific standards were previously examined to narrow down the pool of potential articles, they were meticulously reassessed in this stage by a thorough reading of their full texts. A total of 22 papers were selected during this step, meeting the eligibility criteria. The subsequent stage of the third screening involves identifying more papers that meet the established inclusion criteria.

2.3 Papers reporting stage

At this stage, the 22 papers are sorted by six primary publishers including, IEEE Xplore, Springer, MDPI and Elsevier ScienceDirect. After carefully examining each article, it was divided into different categories. After that, the articles are examined utilizing various efficiency matrices in their respective contexts.

Fig. 8

Research Methodology

3 Classifications of content poisoning attack schemes

In Fig. 9, we classified the content poisoning attack schemes into four different types.

• Those schemes in which the content is verified from the publisher signature (Ribeiro et al. 2014; Kim et al. 2015; Li et al. 2014; Ribeiro et al. 2016; Li et al. 2017; Kim et al. 2017).

• Those schemes which verify the content from Publisher Public Key Digest (PPKD)(Ghall et al. 2014a; Ghali et al. 2014b, c; DiBenedetto and Papadopoulos 2016; Hu et al. 2018).

• Those schemes which verify the content from both (publisher signature and PPKD) (Compagno et al. 2013; Ullah et al. 2020; Jiancong et al. 2022).

• Those schemes in which the contents are passed through a firewall or a micro-detector for verification (Wu et al. 2016; Nguyen et al. 2017, 2018; Mai et al. 2018a, b; Arif et al. 2023; Kapetanidou and Tsaoussidis 2022).

The detailed process of each scheme is explained in the following subsections.

Fig. 9

Classifications of Content Poisoning Attack Schemes

3.1 Verification from publisher signature

In this subsection, the authors use to verify the content from publisher signature. Table 2 provide summary of the the given literature. Ribeiro et al. (2014) suggest a technique termed “CCNCheck”. In the propose scheme, the NDN routers probabilistically verify the signature of content. The objective of the CCNCheck is to raise the availability of authentic content with a control on the consumption of the network resources due to the injection and forwarding of poisoned data. Each NDN router needs to check the signature and validity of the content, if the content signature is valid then the content will be forwarded, otherwise, it will be dropped as shown in Fig. 10.

Fig. 10

NDN Router after Implementation of CCNCheck

In the proposed scheme, when the router receives content or interest, it follows a few steps to validate the interest and content signature. The router subsequently caches the content once received. The router then checks the content with CCNCheck. Signatures are validated based on content probability. If signature verification fails, content is dropped and legitimate content is sent according to NDN forwarding policy.

Unfortunately, the given scheme creates overhead due to the checking of every interest and content. Furthermore, the implementation of CCNCheck requires a big change in the NDN nodes which is too costly.

Kim et al. (2015) suggest a new mechanism that was inspired by Check Before Storing (CBS) (Bianchi et al. 2013), to reduce the verification cost of the signature. The given scheme also verifies the signature probabilistically where valid content is stored in the CS. According to Kim et al, only 10% of contents are accessed in the CS and the remaining contents finish their lifetime in the CS without being accessed. For this purpose, the authors add two criteria i.e., serving content and by-passing content. The serving contents are accessed/requested more often, while the bypassing contents are not being accessed/requested by users. Hence, the by-passing contents are dropped from the CS without verification.

Moreover, for cache replacement, the given scheme uses the segmented Least Recently Used policy (LRU) which divides the content store into two segments i.e., the protected segment and the unprotected segment. Initially, the contents are added to the unprotected segment of the cache and then moved to the protected segment after successful verification. After the signature verification of the cache hit contents, the contents are moved to the protected cache segment. The authors reduce the signature verification cost and prevent the resources from wastage due to bypassing the un-requested contents. To avoid the repeated verification of a single chunk, the given scheme only verifies the chunk of the protected area. Unfortunately, the propose scheme suffers from latency due to the verification procedure. The given scheme verifies every chunk repeatedly that is requested, which may lead to DoS/DDoS attack.

Li et al. (2014) present a lightweight integrity verification (LIVE) architecture for the prevention of CPA in NDN. In the proposed scheme the authors define three security levels for the proposed scheme, i.e., cacheable, non-cacheable, and all-cacheable. A non-cacheable content will not be cached in the NDN routers, and only authorized users have access to the content. The cacheable content will be cached only on NDN routers that can take access from the content producer while the all-cacheable content is cacheable on every NDN router and is accessible to all users. The comparative analysis shows 20% improvements compared to existing signature schemes. Furthermore, the given scheme provides the integrity and authenticity of content with lightweight signature generation and verification algorithms. Whenever the NDN nodes need an integrity verification, the content provider simply provides it and the content producer generates an integrity position for every piece of content packet in contrast to the name of the content. The mechanism removes corrupted contents from the NDN nodes. Furthermore, the authors achieve efficient content access control which consents a content provider to implement flexible security strategies on content caching and access. Unfortunately, the propose scheme needs an immense change in the NDN architecture. Furthermore, the given scheme suffers from high latency because every router needs permission from the content provider to cache the respective content.

Ribeiro et al. (2016) propose a mitigation mechanism for content pollution in content-centric networking (CCN). The proposed mechanism improves the existing scheme of CCNCheck (Ribeiro et al. 2014). According to the authors, all routers in the CCNCheck verify the content’s signature with the same probability. When the probability of signature verification is high (more signatures are checked at a time), this increases the processing overhead of the router. Furthermore, in a CCNCheck the same packet is verified repeatedly, which can create latency and overhead.

To cover the above-mentioned shortcomings, the authors propose a content pollution mitigation mechanism that consists of two different deployment approaches which are discussed below.

• Deployment Approach 1 (DA 1): In this approach, the in-network routers are classified into two different sets; (border routers and core routers). The border routers are connected directly to the clients while the core routers are connected to other core routers. Moreover, the signature verification is divided into two different sets on the aforementioned routers. The core routers verify the signature according to probability P while all the border routers verify the signature according to the probability Pborder. The probability of signature verification P is less than or equal to Pborder (PborderP) due to minimum traffic on border routers as shown in Fig. 11. The given approach eliminates the dependency on topology because most of the polluted content is rejected on the edge of the network.

Fig. 11

Border and Core Routers Signature Verification Probabilities

• Deployment Approach 2 (DA 2): As mentioned above, the Signature Verification Probability of border routers is high due to minimum data traffic. However, in some cases, the border routers are busy due to the connectivity with more clients or malicious users. For this purpose, the authors suggested a simple experiential technique to dynamically calculate the value of the P border in each border router.

First, all border routers are configured with Pborder = Pmin, where Pmin is the lowest probability for border routers to verify signatures. The value of the P border router is updated accordingly with time. Unfortunately, the given scheme creates latency and overhead by checking the signature of every content.

Li et al. (2017), proposed a Capability-based Security Enforcement Architecture (CSEA) for improving the NDN architecture. The CSEA includes some extra modules such as Capability Generator, Capability Verifier, and Access Control Point (ACP) to improve the architecture of NDN as shown in Fig. 12. The Capability Generator generates capabilities for forwarding contents where every router must have a Capability Verifier to verify the correctness of the capabilities with tokens that come with the contents/interest from the provider and clients. The ACP makes decisions about the access control based on verification results of the Capability Verifier that decides whether interest/content needs to be forwarded or dropped.

Fig. 12

CSEA Architecture with NDN

The main function of the CSEA is to provide authenticity of content in the NDN infrastructure in a distributed manner. For specifying access rights of forwarded content, the ACP alerts NDN routers to verify the authenticity of forwarded content. After successful verification, every content is assigned a token that specifies the access right of the content. Furthermore, the CSEA has two capability components; the signature of content and the token. The signature of the content is proof of the integrity and authenticity of the content, while the Token attached with the interest proves the validity of the clients and has permission to receive the content. Any interest that does not have a token or has a token but expired, will not be verified and forwarded. It is the responsibility of the NDN routers to check the validity of the capability. If the capability is valid, the content and the interest will be forwarded otherwise, it will be discarded.

In the proposed scheme the authors designed a lightweight one-time signature scheme for CSEA to certify the correctness of content and support efficient verification. Moreover, the given scheme can prevent different types of attacks such as content poisoning attacks, DoS attacks, and content leakage attacks. However, the given scheme requires a lot of changes in NDN architecture. In addition, the scheme is affected by the issues of latency and extra overhead due to the addition of tokens with every interest and content.

Table 2 Summary of Verification from Publisher Signature

Kim et al. (2017) improve the proposed work of Kim et al. (2015). In the given approach, all the content is stored without the signature verification in the content store. Whenever a cache hit occurs, it verifies the serving contents. After that, it move the verified content to the entire network. According to the authors, the scheme alternatively saves a greater amount of computational resources in comparison to the scheme of Kim et al. (2015). Furthermore, the proposed scheme controls the verification attack by detecting the source of the poison content. However, a malicious user can store their invalid content as verified valid content in CS.

3.2 Verification from publisher public key digest (PPKD)

Ghall et al. (2014a), Ghali et al. (2014b), added that the mitigation of CPA relies on the trust management of the network layer. The authors state that CPA are based on two primary factors: The lack of a clear interest ambiguity and no previous model of trust.

• Ambiguous Interests

In NDN routers, each interest consists of the name of the content that is interested without the PPKD that is a required field in an interest.

• Lack of a trust model

According to the authors, NDN lacks a trust model at the network layer for router verification of signatures at high speeds. Additionally, there are no mechanisms to securely obtain a public key for validating the hash or content signature of any content. To address this issue, the authors propose a solution to solve the ambiguity problem related to interests. In their propose mechanism, the issuer’s public key is attached to all interests, a process known as Interest-Key Binding (IKB). The key locator then appends the provider’s public key to all interests before they are sent to retrieve content. In case an intermediate router receives the requested content, it first checks for the content using the received hash with the provider’s public key in the key locator. If the key matches the received content, then the data is passed on; if it does not then the data is ignored, as shown in Fig. 13. For this mechanism, the client needs the provider’s public key before sending interest for any content. To solve this key problem, the authors propose three approaches in which the client can attach the key with interest.

• A client software application can attach the key of the data provider with the interest.

• DNS - a Universal Key Name Service - can bind the provider’s public key to the interest.

• A worldwide search service, for instance, Google.

Fig. 13

Interest-Key Binding (IKB) process

For the elimination of the overhead, the authors divide the propose work into edge routers and core routers. The IKB check can be performed through edge routers, while the subset of content packets can be verified randomly through core routers, as shown in Fig. 14. However, the proposed mechanism is not scalable and completely based on the concept of public key infrastructure (PKI) which makes it hard to verify the signature at line speed. Furthermore, if a router is attacked, it can check for faulty IKB. In addition, the proposed scheme creates overhead and latency during content verification.

Fig. 14

Division of Routers to Eliminate Overhead

Ghali et al. (2014c) construct a ranking algorithm for the prevention of CPA. The authors update the definition of poison content into types such as; the algorithm returns an error during the signature verification (content with invalid content) and a valid signature signed with a fake provider key. The authors point out the limitations of the previous solutions (Ghall et al. 2014a; Ghali et al. 2014b), such as verification of signature in intermediate routers at line speed is not possible. Furthermore, the hash of the specified content is difficult to obtain.

The proposed ranking algorithm operates based on client feedback during cache hits. It minimizes the overhead on intermediate nodes by verifying the content of cache hits. Its purpose is to distinguish between valid and invalid content based on the behavior of observed clients and to give priority to valid content over invalid content. Based on client feedback (reasons), such as several rejections, rejection time, and rejection-interface ratio, it gives two types of ranks, namely, lower rank and high rank. The content that has been rejected recently has a lower rank. However, if multiple clients from changed interfaces send negative feedback about the rejected content, it also leads to a reduction in its rank. The rank will be higher if multiple users express interest in the same content and there is no negative feedback.

However, the given scheme is strongly reliant on the feedback of the client. Therefore, a malicious client can give negative feedback about valid content by rejecting it. DiBenedetto and Papadopoulos (2016) present a clients’ reporting system and forwarding policies for the mitigation of CPA in NDN networks. In the propose scheme, a client can send an extra report about the obtained contents, and then the router uses forwarding strategies known as Evasion Strategies (ES). ES verifies the content reported if the content is poisoned and avoids its source. Furthermore, to find the valid contents and their source, the ES is further divided into two strategies: immediate failover and probe first. The immediate failover provides an alternative path for avoiding the poison content source, while the probe first strategy stops interest in the same poison content. After a successful verification, the stopped interest is resumed.

However, the proposed scheme creates latency for the forwarded interest and content.

Hu et al. (2018) propose a CPA mitigating scheme for NDN-based smart cities. The authors suggest two solutions to mitigate the CPA : Name-Key-Based Forwarding (NKBF) and Multipath Forwarding-Based Inband Probe (MFBIP). To reduce the injection of poisonous contents inside the network, the NKBF is used to forward the interests to trusted content sources. If there is still some poison content between consumer and content sources, the MFBIP performs on-demand signature verification and reissues an interest for the desired content. MFBIP eliminates poisoned content from CS as soon as possible and carries valid data to the clients. Moreover, it restores valid content for future interests without requiring any out-of-band communications. The propose scheme consists of three phases;

• Router Building Phase According to the authors, the providers in the router building phase give the public key (PPKD) sign and their authorization to NDN routers. The NDN routers then authenticate the PPKDs and store them in the FIB entry.

• Normal Content Retrieval Phase, and In the Normal Content Retrieval Phase, if any client sends an interest in some content, the NDN router assigns a provider according to the content by attaching the PPKD with the interest of the client. The router then returns the content to the client with NKBF. So, the client can verify the content signature with the help of PPKD.

• Recovery phase. In the Recovery Phase, the router performs MFBIP and on-demand signature verification’s for on-path poisoned contents.

The suggested approach delivers emergency IoT content and messages. The authors did not offer a solution when the key is not in FIB. If the provider moves and the key is still in FIB, the interest is transmitted, but there is no provider to send the content. Diverse paths can cause collisions and DOS attacks.

3.3 Verification from publisher signature and PPKD

Compagno et al. (2013) highlight content poisoning attacks on NDN networks. The authors recommend the use of the “Self-Certifying Interest/Data Packet” (SCIDP). Utilizing SCIDP, every router can then authenticate the received content if it came from a legitimate source. As a first step to expressing interest, a client has to get the hash, name, and signature of the relevant chunk from the provider. The NDN routers can then validate the content by comparing the received chunk’s hash with the hash included in the interest, shown below in Fig. 15. In the given scheme, the client is required to get the hash for each piece of chunk before the interest, which adds additional overhead with latency and limits scalability.

The authors provide another way to verify the provider’s signature for cached content. According to the authors, each router can randomly select cached chunks for verification and remove faulty chunks. The routers pick a range of content chunks cooperatively to avoid verifying unneeded pieces. To reduce overhead, the authors suggested client feedback on content pieces. A malicious client can warn NDN routers about invalid material that behaves as valid in the proposed scheme. Ullah et al. (2020) suggest an On Demand lightweight identity-based signature technique to mitigate a CPA in an NDN based on IoT, as can be seen in Fig. 16. According to the authors, in order to register themselves with the trusted network management and provide their identities in the manner outlined in step 1, both the consumer and the provider of the material are required to comply. In the second stage, the network manager uses the members’ identities to generate private keys, which are then distributed to each of the participants (client and provider). In this scheme, when a client show interest in content (A), which is shown in step 3, the provider on receiving the request signs the content (A) with the private key and forwards it to the client as seen in step 4. In the event that a client sends an interest for some content (B), as shown in step 2, the provider applies a digital signature on the content (B) by using its copy of the material (A) that is required by the NDN cache policies will be stored on the intermediate routers (R1 and R2) that are located between the client and the provider. Let us say that an adversary corrupts the content (A) stored in R1 and then sends the corrupted copy to the client. After receiving the content (A), the client will want to verify the content (A); in order to do so, the client will send a request for verification to the network manager, as indicated in Step 5. Following the steps outlined in Step 6, the network management will communicate the public key of the provider to the client. The client will verify the content once they have been provided with the public key. If the content is poisoned, the client will encrypt it using the provider’s public key and then transmit it back to the original content provider for additional verification, as demonstrated in Step 7. After that, the service provider examines the data and sends the message throughout the whole system in order to eliminate the potentially poison data.

It is the first scheme to provide suitable algorithms for the generation of signatures and verification of such signatures. Both a formal and an informal security assessment were performed. In addition to this, the authors utilized a lightweight hyperelliptic curve approach in order to reduce the amount of computation and communication overheads.

However, the given scheme is completely defended on client feedback, so any malicious client can send several contents for verification to launch a DoS attack. Furthermore, the mathematical correctness of the proposed scheme is mathematically incorrect.

Fig. 15

Self-Certifying Interest/Data Packet

Fig. 16

Mitigation of CPA through digital signature

Jiancong et al. (2022) propose a dynamic content forwarding scheme for NDN to prevent CPA attacks in NDN. The authors use a public key with interest and then a digital signature on content for data and content verification. The authors also use the trust-based model to identify malicious NDN routers and bypass their routing. The scheme enables an end-to-end trust model between sender and receiver. The author compared the designed scheme with some schemes to find out its efficiency. However, the scheme suffers from a heavy verification process to verify every interest and then the data. The scheme also affects the NDN policy of broadcast due to the use of an end-to-end trust model. The model also uses heavy signature algorithms that suffer from cost-effectiveness and latency issues.

3.4 Verification from a firewall or a micro detector schemes

Wu et al. (2016) propose a solution called Router-Oriented Mitigation (ROM) to mitigate the CPA in NDN. The ROM aims to temporarily bypass the malicious routers on the transmission path. First, it finds malicious routers by giving them reputational value due to their abnormal behavior and client feedback. Then it forwards content based on its reputation. According to the authors, the reputation value is imaginable to be intended based on two key observations for NDN; first, a router that has a greater distance from the attacker has a small chance of being malicious. Second, a router that has a short distance from the attacker possesses a greater chance of being malicious. The more malicious router has a poor reputation, and the normal router has a good reputation. The poor-reputation router can be bypassed from the transmission path, and the content will be forwarded based on the good-reputation routers. The authors have underlined that the reputation of the router can be changed from good to poor and from poor to good according to the behavior of the router. However, the propose scheme is affected by more verification overhead, as it verifies content again and again based on the client’s feedback. Furthermore, the authors did not show the solution incase of no alternative path available for forwarding. Furthermore, the given scheme suffers from latency issues due to the change of paths during content transmission. Nguyen et al. (2017) review existing work suggested for the prevention of CPA. The authors point out some common limitations, like changeability scenarios and impractical behaviors of the CPA. According to these common limitations, the authors propose three realistic attack scenarios for the prevention of CPA and their effect on NDN. In the propose scheme, the authors, for the first time, moved from a simulation environment to a real test-based deployment in NDN Forwarding Daemon (NFD). To summarize their work, the authors briefly define three CPA scenarios and analyze their impact.

A. Unregistered Remote Provider Scenario: In this CPA scenario, the attacker controls any nodes between the good provider and client. The attacker changes the original data in the CS and sends the poisoned data to the clients.

B. Multicast Forwarding Scenario: Multicast is one of the possible forwarding strategies that is combined with the current NDN implementation (Afanasyev et al. 2014). According to the authors, the CPA is possible due to a malicious client. As we have discussed in the first scenario, poison content is stored by all CS between the attacker and clients. So, the malicious content can be spread throughout the entire network due to multiple interests received for the same piece of content.

C. Best Route Forwarding Scenario: In this scenario, the attacker sends a new interest again and again for the same piece of poison data to make this vulnerable to the DoS attack. The authors have pointed out that these attack scenarios have an immense influence on every NDN router. In scenario 1, it has very little effect on the provider, but it has a good effect on good clients as well as on the core and edge routers.

In the best route and multicast scenarios, it is very tough to avoid the CPA, which relies on the standard use of the NDN protocol. However, the given scheme only points out the effect of a CPA on NDN networks. The authors did not have any sort of solution to prevent the CPA. Nguyen et al. (2018) propose a security monitoring plane (SMP) that detects and mitigates CPA and interest flooding attacks in a testbed carrying real traffic by analyzing the NFD data-plane pipelines. The given scheme monitors the behavior of every node as normal or abnormal. The authors linked these nodes to a Bayesian network that plays an important role in the detection of potential abnormal behaviors of any NDN node. The work and design of the propose scheme consist of a monitoring plan and a data plan, as shown in Fig. 17. The monitoring plan consists of a Micro Detector, a Correlation Engine Bayesian Network, and a Montimage Monitoring Tool (MMT). The Micro Detector uses a constant Rate of False Alarms (RFA) to determine whether the metrics are in a normal or abnormal state. If abnormal behavior arises, then a false alarm is activated. A Correlation Engine Bayesian Network aims to react before the false alarm to detect the abnormal source. The MMT uses a self-determining application that operates independently of NFD, extracting data from NFD logs to gather information from all selected nodes. The data plane consists of the routers, clients, and providers that work in NDN scenarios.

Fig. 17

Monitoring and Data Plane

The propose scheme detects two types of attacks; the CPA and interest flooding attack, by providing the status of any abnormal security events in an NDN node. However, in the propose scheme, a topology that is used for implementation, is very small. It is costly to use the monitoring components with every NDN router. Furthermore, the given scheme suffers from latency and extra overheads because it verifies each piece of content. Mai et al. (2018a) present a monitoring plane for anomaly detection and monitoring of abnormal behavior in NDN nodes leveraging Bayesian Network techniques (Jensen and Nielsen 2007; Rubio et al. 2016) to prevent CPA. A list of monitored metrics is presented as a numerical ratio to feature the behavior of NDN routers. Whenever a change arises from normal to abnormal behavior, a micro-detector is deployed to detect them. The structure of the Bayesian network links alarms with micro-detectors. It is a plan based on the expert information of the NDN specification and the NFD implementation for monitoring, detection, and mitigating content poison attacks in a real NDN deployment. If any node changes its behavior the propose security monitoring plan patterns with the help of micro-detector and Bayesian Network.

The propose work has similarities with Nguyen et al. (2018) but the implementation metrics are not specific. However, the given scheme suffers from latency and overhead issues and can be affected by a DoS attack due to the verification of piece contents on every node.

Mai et al. (2018b) present a scheme for the detection and reaction of a CPA based on the adaptation of the TOSCA topology and instrumentation model by using the MMT framework of a virtualized NDN network. It is the first step to mitigate CPA on real NDN networks. This monitoring plane can detect CPA and automatically take action to stop them. It safeguards the NDN network’s strength and continuity. In practical scenarios, the organized components include NDN routers, NDN firewalls, and NDN signature verification modules act as virtual machines and are administered by Docker containers on OpenStack. The scheme consists of a Virtualized Data plane, Monitoring plane, and Management and orchestration Plane as shown in Fig. 18.

A. Virtualized Data plane: It consists of different Virtualised Network Functions (VNFs) that are deployed over an NFV set-up. Further, Doctor’s VNFs are containerized NDN applications that are organized over a cluster of Docker nodes that are maintained as a single virtual set-up.

B. Monitoring plane: It consists of a Firewall, Montimage Monitoring Tool (MMT), and Verification Signatures Module. NDN firewall is used for maintaining an orchestrator to add or remove filtering rules. MMT is used as a network monitoring solution to detect potential attacks. Verification Signatures Module is used to verify the signature content.

C. Management Orchestration Plane: The purpose of this phase is to make use of content-oriented TOSCA in order to record the deployment and functioning behavior requirements that are associated with each NDN network service. This is a profile that is dependent on the Docker NDN orchestrator. TOSCA is a language that was once defined to designate cloud loads as a topology pattern. Doctor’s TOSCA profile extends the OASIS standard basic Profile for NFV. It takes into account the particulars of the NDN. The orchestrator has been implemented from the ground up in order to provide it with the capability to comprehend and instantiate the various content-oriented components. (1) the deployment of NDN VNFs, classification of content, service chaining, and the definition of performance and security policies TOSCA templates make all of these things possible.

The scheme points out and mitigates CPA in real NDN network scenarios, but still has some limitations. These limitations are verification overhead due to verifying every content, and latency due to pointing out every content behavior in every node. The authors have suggested the RSA algorithm for signature verification which is heavy to verify content inline speed.

Fig. 18

Content Poisoning Attack Detection and Mitigation Scheme 3 Comparative analysis

Arif et al. (2023) propose a CPA attack prevention scheme for the vehicular network in an NDN setting. The authors suggest a threshold for data providers to reject users based on their reputation during caching. This mechanism can prevent the bad content provider from the entire network. The authors also used blockchain to maintain the privacy issue of NDN. The scheme was tested for both pull and push-based data access. The authors claimed that the scheme prevent the CPA with accuracy. The authors used MATLAB to evaluate their scheme.

The scheme works with high latency due to ignoring every NDN node according to the threshold reputation. The simulation setup also raises some questions, according to NDN policy, MATLAB is not a suitable simulator.

Kapetanidou and Tsaoussidis (2022) proposed a CPA prevention scheme for NDN using the reputation-based model. According to this model, the content source is given a reputation based on the feedback of previous travel. If the feedback of the previous travel is positive the content will be considered non-poisoned and suggested to send the requested users. To define the reputation ratio, authors define a metric named Notoriety which shows the number of poison contents. The scheme makes the reputation ratio available to every user to avoid access to poisonous content.

The scheme works with high latency and overhead due to bypassing nodes according to its reputation value. The scheme has made the possibility of other attacks on complex processes.

Table 3 shows the concluding remarks based on the simulation tool and the impact of the scheme.

Table 3 Summary of the literature

4 Comparative analysis

In this section, we compared the CPA schemes based on latency, verification overhead, security, and possible attacks. Moreover, we have explained the reason for the shortcomings as mentioned above.

4.1 Comparison with respect to latency

Latency is an important issue in modern communication infrastructure as every user wants to obtain the desired content on time without any latency. The research community has suggested multiple solutions to prevent the CPA. However, to prevent this, the authors have added some additional latency. The comparitive analysis with respect to latency is shown in Table 3. Moreover, most schemes did not provide the numerical value of latency, therefore we examined the suggested scheme based on the work process of the design schemes, attack prevention mechanism, and the data verification process. While evaluating a clear difference was evident that the majority of the scheme suffers from high latency.

Compagno et al. (2013) suffer from high latency due to the verification of each chunk hash with the provider signature in every intermediate router between the consumer and the content provider. Similarly, Kim et al. (2015) suffer from high latency due to the verification of each interest and content that passes from the CCNCheck. Additionally, Ghall et al. (2014a); Ghali et al. (2014b, 2014c) are affected by high latency as every interest will wait until the Key Locator field attaches the provider public key with interest in the NDN routers. Moreover, Li et al. (2014), Li et al. (2017) adds high latency as in “LIVE” every NDN node verifies each forwarding interest/content according to the assigned security level while in “CSEA”, due to passing every interest/content from Capability Generator, Capability Verifier, and Access Control Point (ACP) modules. DiBenedetto and Papadopoulos (2016) suffer from high latency by stopping the forwarding content due to any abnormal behavior, while Wu et al. (2016) increase latency by changing the forwarding path if a router shows abnormal behavior. Furthermore, Nguyen et al. (2017, 2018) suggested two solutions for the mitigation of CPA which maximize the latency by passing each piece of content from the Montimage Monitoring Tool (MMT) and micro detector. Likewise, the scheme of Mai et al. (2018a) incurs high latency by bypassing each piece of content from a micro detector. The scheme of Mai et al. (2018b) pass the contents from three types of plans Virtualized Data plan, Monitoring plan, and Management and orchestration Plan. In the mentioned plans, the authors passed the contents from the Firewall, MMT, and micro detector which increases the latency. Similarly, the scheme of Hu et al. (2018) possesses high latency if the alternative forwarding path distance is more than the direct path. In addition, Kim et al. (2015) incurs high latency because it dropped the cache miss contents from CS. If a client needs content that is dropped during the first cache miss, the router will perform a longest prefix matching to find the dropped content which can increase the latency while the scheme of Jiancong et al. (2022) suffers from high latency due to verification process to verify every interest and then data. Besides, the scheme of Arif et al. (2023) works with high latency due to ignoring every NDN node according to the threshold reputation while the scheme of Kapetanidou and Tsaoussidis (2022) bypasses the under-attack router that creates some latency when the short path is not available.

In comparison, the scheme of Kim et al. (2017) falls under average latency by verifying the contents in a cache hit. Finally, Ullah et al. (2020) minimizes the latency as the intermediate routers do not verify each piece of content while the Ranking Algorithm proposed by Ghali et al. (2014c) incur low latency due to verifying the only cache hit contents.

4.2 Comparison with respect to verification overhead

By mitigating the CPA, the suggested solutions add some additional overhead on NDN routers during the signature verification, and hashing. In this section, we compared the suggested solutions with respect to verification overheads. Table 4 shows the verification overhead of the suggested schemes with respect to verification overhead. As observed, most of the schemes failed to provide the numerical value of for verification overhead, therefore, we examined the schemes based on their design, working procedure, attack prevention mechanism, and the data verification process. Besides, a few schemes provided the numerical value for verification overhead that is mentioned in Table 2. While comparing the suggested schemes, it is evident that most of the given schemes differ in terms of verification overheads. Compagno et al. (2013), Ribeiro et al. (2014), Ghali et al. (2014b), DiBenedetto and Papadopoulos (2016), Nguyen et al. (2017, 2018), Mai et al. (2018a, 2018b), and Hu et al. (2018) are characterized by high verification overhead. These schemes demand additional complexity from the networks, making the network inefficient in terms of resource management.

Table 4 Comparison with respect to Latency

Compagno et al. (2013) create high overhead on NDN routers by verifying every requested content in each router in-between client and provider. Similarly, Ribeiro et al. (2014) create high overhead due to the “CCNCheck” on every router by checking the signature validation of every content. Furthermore, in the propose scheme, the same packet is verified again and again. Moreover, Ghali et al. (2014b) incur high overhead by verifying the hash and signature of every content in-between the consumer and the content providers (Ghall et al. 2014a; Ghali et al. 2014b). DiBenedetto and Papadopoulos (2016) incur high overhead on the router by forwarding all the traffic on one side during the design forwarding strategy for preventing CPA. In addition, Nguyen et al. (2017, 2018) and Mai et al. (2018a, 2018b) suffer from high overhead due to the heavy verification process. The given schemes pass all contents from MMT and micro detectors that create high overhead, while Ullah et al. (2020) create high-overhead due to the verification of every content from the network management despite the use of a lightweight hyperelliptic curve cryptosystem algorithm to minimize the verification overhead. Likewise, the scheme of Jiancong et al. (2022) suffers from a heavy verification process to verify every interest and then data, while the schemes of Arif et al. (2023) and Kapetanidou and Tsaoussidis (2022) incur high overheads due to the threshold reputation process.

Similarly, the schemes of Ghali et al. (2014c) and Kim et al. (2015), Kim et al. (2017) fall under average verification overhead. Ghali et al. (2014c) improve their own scheme Ghali et al. (2014b) by presenting a Ranking Algorithm (RA) that eliminates the Extra Overhead problem by verifying the cache hit contents only. Likewise, Kim et al. (2015), Kim et al. (2017) minimizes the verification overhead on the router unlike Ahmed et al. (2017); Yi et al. (2013); Li et al. (2018). The authors store and verify only the cache hit contents in CS which reduces the high overhead of verification.

In comparison, the high and average overheads, the schemes of Hu et al. (2018) Li et al. (2014, 2017), and Ribeiro et al. (2016) stand out on low verification overhead, suggesting that the given scheme can minimize the usage of the network resources. The scheme of Hu et al. (2018) incurs low verification overhead due to the use of OnDemand signature verification, if the consumer wants then the signature will be verified otherwise content will be forwarded without verification on intermediate routers. Likewise, the schemes of Li et al. (2014, 2017) possess low overhead as the given schemes verify the signature of contents according to security levels such as non-cacheable, cacheable, and all-cacheable, while Ribeiro et al. (2016) improve his own scheme Ribeiro et al. (2014) by covering the high overhead problem of “CCNCheck”. In the improved scheme, the authors divided the signature verification into two types of routers: border routers and core routers.

4.3 Comparison with respect to Security Levels

In this section, we compare the suggested schemes aiming to mitigate the CPA based on the security level. Table 5 shows the comparison of the suggested schemes based on security level and Table 6 provides a comparison with respective security features. However, the security level is determined by factors other than the security features themselves. The security of the scheme is evaluated based on cryptographic techniques, algorithms, security proofs, the working process, the prevention mechanism, and the data verification process.

Table 5 Comparison with respect to Verification Overhead

The schemes of Ghall et al. (2014a); Ghali et al. (2014b, 2014c) aim to mitigate CPA, however, the first two schemes (Ghall et al. 2014a; Ghali et al. 2014b), offer Strong security as the router attaches the provider public key with the client interest whenever the provider sends the content to the client. The NDN routers check the validity of the contents with the provider key. If the content is valid, it will be sent to the client otherwise it will be discarded. Similarly, the given scheme of Li et al. (2014) provides strong security as it verifies the signature, content integrity, and authenticity of the content provider. Moreover, the scheme of Mai et al. (2018a, 2018b) offers strong security as it passes each piece of content from MMT, micro detector, and NDN firewall, to detect and mitigate poison contents. Furthermore, the scheme of Hu et al. (2018) provides strong security because it attaches the provider public key with every interest and performs OnDemand signature verification on intermediate routers. Likewise, the scheme of Ullah et al. (2020) offers strong security as it provides both formal and informal analysis for security proof, while the scheme of Jiancong et al. (2022) scheme enables an end-to-end trust model between sender and receiver that enhances security. Finally, the scheme of Arif et al. (2023) offers strong security due to the use of blockchain.

The schemes of Kim et al. (2015), Kim et al. (2017) offer average security as it verify the cache hit contents only and bypasses the cache miss contents. In the given scheme any malicious client can verify and store his/her invalid content in the protected segment. Likewise, the scheme of Li et al. (2017) provides average security as compared to Li et al. (2014). The proposed scheme uses Tokens for the verification with interest, so any of the attackers can verify invalid content by obtaining a verified Token. Finally, the schemes of Ribeiro et al. (2014), Ribeiro et al. (2016), the proposed schemes provide Average security as they verify the content signature according to the assigned probability in the CCNCheck module. In the given mechanism, the CCNCheck module can assign a high probability to the invalid user because of its normal behavior.

In comparison to the above, the Ranking Algorithm proposed by Ghali et al. (2014c) offers weak security because of its dependency on client feedback. In the given scheme any of the attackers can give positive feedback about an invalid provider and vice versa. Similarly, the scheme of DiBenedetto and Papadopoulos (2016) offers weak security due to the dependency on the client’s feedback. Additionally, the scheme of Compagno et al. (2013) offers Weak security as any of the attackers can show himself as a valid content provider, while the scheme of Kapetanidou and Tsaoussidis (2022) provides weak security due to the dependency on reputation feedback.

4.4 Possibilities of security attacks on the suggested schemes

In this section, we examined and evaluated the suggested schemes aiming to mitigate the CPA with respect to the possibility of other possible security attacks. On one hand, it prevents NDN from CPA, on the other hand, it makes them vulnerable to other types of attacks. Table 7 shows the comparative analysis in terms of other possible attacks. Moreover, the possibilities of other attacks on every scheme security are examined based on weaknesses of cryptographic techniques, cryptographic algorithms type, lack of security proofs and prevention mechanism.

Table 6 Comparison with respect to Security Features

The scheme of Compagno et al. (2013) suffers from DoS, cache pollution attacks, privacy attacks, and access control attacks. The DoS and cache pollution attacks are possible due to verifying the numbers of non-popular contents to pollute the cache of NDN routers. On the other hand, the provider has no proper control over its contents which makes way for Privacy and Access Control attacks.

The schemes of Ribeiro et al. (2014), Ribeiro et al. (2016) can be affected by DoS, cache pollution, and privacy attacks. Due to passing invalid contents from CCNCheck, also a malicious user can show himself as a valid provider. On the other hand, the provider has no proper control over its contents which makes way for Privacy attacks.

The schemes of Ghall et al. (2014a); Ghali et al. (2014b, 2014c) suffer from DoS and cache pollution attacks. As an unauthorized user can be interested in a number of non-popular contents, the NDN routers may attach the provider public key and store copies of the contents in all the intermediate routers between clients and providers.

The schemes of Kim et al. (2015), Kim et al. (2017) suffer from DoS and cache pollution attacks because the given schemes store the cache-hit contents only. Any attacker can verify and store non-popular and invalid content in the protected segment.

Similarly, the schemes of Li et al. (2014), Li et al. (2017) can be affected by DoS and cache pollution attack due to verifying every content in every intermediate router, so malicious users can request the same contents again and again (Li et al. 2014).

The scheme of DiBenedetto and Papadopoulos (2016) vulnerable to DoS, cache pollution, and privacy attacks due to the dependency on the consumer feedback. A malicious consumer can give positive feedback about invalid content or negative feedback about valid content, to scale down the popularity of valid content and fill the cache from invalid content.

The scheme of Wu et al. (2016) suffers from DoS, cache pollution, and privacy attacks due to the dependency on the client’s feedback with the issue of changing paths from malicious routers.

The scheme of Nguyen et al. (2017) suffers from DoS, access control, privacy, and cache pollution attacks because the authors only point out the effect of contents poisoning attack in NDN without presenting a solid solution to mitigate it. Likewise, the scheme of Nguyen et al. (2018) monitors and detect the abnormal behaviors of NDN nodes. However, it can be affected by a DoS attack because it can pass non-popular content from the micro detector in the Bayesian Network. The schemes of Mai et al. (2018a, 2018b) suffers from DoS and cache pollution attacks. The given schemes pass every popular and non-popular content from the micro detector in the Bayesian Network.

The scheme of Hu et al. (2018) suffers from DoS and privacy attacks due to attaching the provider public key with every interest while the scheme of Ullah et al. (2020) suffer from DoS attacks because of its dependency on consumer feedback. So, a malicious consumer can send a number of contents for verification to launch an overwhelming DoS attack.

Similarly, The scheme of Jiancong et al. (2022) suffers from DoS attacks because a malicious client can verify every interest and content a number of times, while the scheme of Arif et al. (2023) and Kapetanidou and Tsaoussidis (2022) suffer from DoS and cache pollution due to the threshold reputation process, where an attacker can give positive feedback of invalid content and fill the CS from them.

Table 7 Possibility of Other Attacks

5 Role of artificial intelligence in preventing content poisoning attacks

Artificial Intelligence can play a big role in the prevention of CPA, particularly in the era of IoT where a huge volume of data is produced on a routine basis. Machine learning-based mitigation techniques use artificial intelligence and data-driven algorithms to detect NDN attacks. To detect and mitigate CPA, a variety of machine learning approaches can be utilized, including graph neural networks, random forests, isolated forests, long short-term memory, and SVM, unlike classic statistical methods, which are adaptable and capable of detecting complicated, shifts in attack patterns (Bilgili et al. 2024). They involve training models using past network data and employing predictive analytics to detect anomalies. Kumar et al. (2017) studied several shallow machine learning algorithms, including Support Vector Machine (SVM) and K-Nearest Neighbor (KNN), and showed their usefulness in attack detection. However, deploying machine learning models in NDN networks can be difficult, particularly in devices with limited resources. Following are some of the roles that AI plays in preventing CPA in the NDN environment.

5.1 Contents classification

Through the application of machine learning models, the content can be categorized according to its features and characteristics. By training the model, the machine learning model can recognize the pattern that classify the content to be normal contents and poisoning contents.

5.2 Consumer and producer behavior analysis

The application of machine learning models can allow the identification of the behavior of both content producers and content consumers. This identification is based on the fact that a consumer who can send a large number of unnecessary requests or a content producer who can inject a large amount of poisoning content into the network can be identified. Considering these situations, it is possible to avoid the poisonous content.

5.3 Reputation-based content poisoning attack prevention

When multiple content sources are capable for providing similar content, each one is associated with a unique name-space (Kapetanidou et al. 2022). Within this framework, a reputation as a relevant means for improving the security functions of NDN. To address content poisoning attacks using reputation-based techniques, Magsi et al. (2023) concentrated on utilizing the capabilities of machine learning classifiers to identify and prevent content poisoning attacks. In accordance with the outcomes of the machine learning classification, the authors suggested, that a reputation-based content caching algorithm either provides or restricts a node’s access to content. Furthermore, using a reputation-based framework enables the nodes to distribute the reputation data of the host nodes through the utilization of push-based content distribution via a pub-sub strategy.

5.4 Learning-based attack detection

Rapid advancements have been made in various research domains utilizing machine learning and deep learning, including attack detection, image in-painting models (Chen et al. 2023), and fraud detection (Abed and Fernando 2023). In particular, machine learning demonstrates superior accuracy when applied to classification tasks, while deep learning demonstrates clear advantages when applied to complex problems like image recognition (Amiri et al. 2024) and voice recognition (Xie et al. 2023). The learning-based attack detection technique accurately differentiates between attackers and non-attackers through the use of machine learning algorithms (Magsi et al. 2023).

5.5 Attention-based attack detection

Due to the characteristics of network traffic, it is difficult to accurately identify attacks of a single time interval, resulting in low accuracy of attack detection. For this purpose, Zhang et al. (2022) use past data through the sliding window and propose an attention-based Long Short-Term Memory (LSTM) for NDN-IFA detection. Once IFA is detected, the Hellinger distance is used to identify the malicious prefix.

5.6 Clustering-based detection

As an example, clustering keeps track of how many interests a mechanism receives, how many interests are for the same content, and how long it takes for two interests to request the same content consecutively. Yao et al. (2018) divide the interests into two groups according to the probability of interest appearing and the average time interval between two interests requesting the same content. Each router then broadcasts a list of suspect content items to its neighbors in order to prevent them from being cached. This helps in the final phase of determining if the attack is a Locality Disruption Attack (LDA) or False Locality Attack (FLA).

In their research, Gupta and Nahar (2021) constructed a method that may detect CPA by including the K-Means Clustering algorithm. The authors make use of the information that is associated with each interest, and then they sort it into either the LDA or FLA category. The implementation of an attack table, which includes each potentially suspicious interest, is carried out. In order to protect against the attack, the attack table that was discussed earlier is sent to the nodes that are adjacent to the originating node. It is not possible for those NDN routers to cache the data packet that is contained within the linked interest packets.

6 Discussion, challenges and research directions

After discussing all the aforementioned CPA schemes, including their benefits and drawbacks in relation to the challenges faced by public research, it is only reasonable to focus on the significant concerns that are exclusively discussed in the scholarly literature. Every idea for a content poisoning attack contains a number of challenging problems and deficiencies that call for additional investigation. For instance, each of the next ideas needs to thoughtfully analyze the various constraints that come with the utilization of NDN as well as the ways in which they might be circumvented. In addition to this, doing so will make it possible for us to open up future doors for academics who are interested in doing in-depth investigations on the content poisoning attack that occurs in the NDN paradigm. In this area, we made note of some of the most significant unanswered questions from the survey that was carried out, which are given below.

6.1 Latency

Latency is a crucial problem in contemporary communication since every user wants to acquire the requested piece of content on time and with minimum latency. A number of potential countermeasures have been proposed by the research community in an effort to prevent the content poisoning attack. However, in order to prevent this from happening, the research community has introduced a potential latency. It is necessary to construct some appropriate technique that has a lightweight verification approach and the smallest possible amount of latency.

6.2 Verification overhead

During the process of verifying the content’s signature and hash, the offered solutions add an extra amount of additional cost for NDN routers. This is done to prevent the content from being poisoned. As has been noticed, virtually every proposed technique functions with an additional verification overhead. This additional verification is due to the use of heavy mechanisms and the verification of every unnecessary content, both of which place an additional burden on NDN nodes. This additional verification overhead poses an open challenge to the research community, which must come up with a technique that is both efficient and capable of reducing the additional verification overhead to the greatest extent possible.

6.3 Possibility of other attacks

Although the suggested schemes has its priority to prevent CPA in NDN, however, it also introduces new directions such as DoS attacks, cache pollution attacks, privacy attacks and access control attacks. These attacks present researchers with open challenges that must be met in order to propose an effective strategy for the prevention of Content Poisoning attacks, as well as other types of attacks.

6.4 Computational time

Because of the restricted capabilities of NDN routers, coming up with a lightweight scheme for the NDN network is still one of the network’s major design challenges. Considering that NDN routers already have an excessive number of additional features, such as caching and naming policies. Therefore, an algorithm that is time-intensive will require a significant amount of resources from the NDN routers.

6.5 Cryptographic solutions

There exist a few cryptographic solutions for the content poisoning attack (Ullah et al. 2020; Wang et al. 2024). lAs a result, there is a requirement for some suitable cryptographic algorithms and verification strategies. The research community will face open issues as a result of this issue as they attempt to construct an effective cryptographic technique that can prevent a CPA in NDN. The construction of a security scheme and the simulation of that scheme using an appropriate security tool is still an open challenge.

7 Conclusion

Content poisoning attacks are one of the common threats to NDN networks as it makes the cache useless. In this study, we analyze the effects of a content poisoning attack on NDN networks and provide a critical analysis of the proposed solutions to these problems. To further demonstrate the effectiveness of the proposed strategies, a comparative analysis was carried out based on latency, communication overhead, and security. Further, we have demonstrated the existence of other potential NDN attacks on the proposed schemes. Additionally,, we have also shown the possibility of other possible NDN attacks on the suggested schemes. The research presented in this survey confirms the need for a more robust approach to preventing content poisoning attacks in NDN. Finally, some open research challenges have been added. Furthermore, this work hopes to inspire the NDN research community to make some visible progress on this front.