Abstract
We propose, in this paper, a countermeasure against the producer-consumer collusion attack in Named Data Networking (NDN). In this attack, malicious nodes act in collusion by generating content requests at high rate and thus changing content popularity. The goal of the attack is to reduce in-network caching efficiency by increasing the probability of legitimate consumers to retrieve contents directly from the producer. The proposed countermeasure, called Cache nFace, mitigates this attack by dividing the cache of a node into sub-caches. Each sub-cache only stores contents requested through one specific network interface. Our assumption is that malicious requests do not arrive simultaneously at all interfaces of a content router very often. Results show that cache nFace reduces up to 50% the effectiveness of the attack and outperforms another proposal found in the literature in all the analyzed scenarios.
Similar content being viewed by others
References
Jacobson V, Smetters D, Thornton J, Plass M, Briggs N, Braynard R (2009) Networking named content. In: International Conference on Emerging Networking EXperiments and Technologies - CoNEXT, pp 1–12
Brito G M, Velloso P B, Moraes I M (2013) Information-centric networks, a new paradigm for the Internet, 1st edn, ser. FOCUS - Networks and Telecommunications Series. Wiley-ISTE
Smetters D, Jacobson V (2009) Securing network content. Xerox Palo Alto Research Center - PARC, Tech. Rep. TR-2009-1
Baugher M, Davie B, Narayanan A, Oran DR (2012) Self-verifying names for read-only named data. In: Workshop on emerging design choices in name-oriented networking - NOMEN, pp 274–279
AbdAllah E, Hassanein H, Zulkernine M (2015) A survey of security attacks in information-centric networking. IEEE Commun Surv Tutor 17(3):1441–1454
Kim Y, Kim Y, Bi J, Yeom I (2016) Differentiated forwarding and caching in Named-Data Networking. J Netw Comput Appl 60(C):155–169
Beben A, Batalla J M, Chai W K, Sliwinski J (2013) Multi-criteria decision algorithms for efficient content delivery in content networks. Ann Telecommun 68(3–4):153–165
Abdullahi I, Arif S, Hassan S (2015) Survey on caching approaches in information centric networking. J Netw Comput Appl 56(C):48–59
Gasti P, Tsudik G, Uzun E, Zhang L (2013) DoS and DDoS in Named-Data Networking. In: International Conference on Computer Communications and Networks - ICCCN, pp 1–7
Xie M, Widjaja I, Wang H (2012) Enhancing cache robustness for content-centric networking. In: IEEE INFOCOM, pp 2426–2434
Conti M, Gasti P, Teoli M (2013) A lightweight mechanism for detection of cache pollution attacks in Named Data Networking. Comput Netw 57(1):3178–3191
Nasserala A, Moraes IM (2016) Analyzing the producer-consumer collusion attack in content-centric networks. In: IEEE Annual Consumer Communications Networking Conference - CCNC, pp 849–852
Nasserala A, Moraes IM (2016) The producer-consumer collusion attack in content-centric networks. IEEE Lat Am Trans 14(6):3003–3010
Zhang L, Estrin D, Burke J, Jacobson V, Thornton J, Smetters D K, Zhang B, Tsudik G, Claffy K, Krioukov D, Massey D, Papadopoulos C, Abdelzaher T, Wang L, Crowley P, Yeh E (2010) Named Data Networking (NDN) project. Xerox Palo Alto Research Center - PARC, Tech. Rep. NDN-0001
Afanasyev A, Mahadevan P, Moiseenko I, Uzun E, Zhang L (2013) Interest flooding attack and countermeasures in Named Data Networking. In: IFIP Networking, pp 1–9
Choi S, Kim K, Kim S, Roh B (2013) Threat of DoS by interest flooding attack in content-centric networking. In: Information Networking International Conference, pp 315–319
Ribeiro I C G, de A Rocha A A, Albuquerque CVN, Guimarães F Q (2014) On the possibility of mitigating content pollution in content-centric networking. In: IEEE Conference on Local Computer Networks - LCN, pp 498–501
Kim Y, Kim U, Yeoml I (2013) The impact of large flows in content centric networks. In: IEEE International Conference on Network Protocols - ICNP, pp 1–2
Salah H, Strufe T (2016) Evaluating and mitigating a collusive version of the interest flooding attack in NDN. In: 2016 IEEE Symposium on Computers and Communication (ISCC). IEEE, pp 938–945
Spring N, Mahajan R, Wetherall D, Anderson T (2004) Measuring ISP topologies with rocketfuel. IEEE/ACM Trans Netw 12 (1):2–16
Gallo M, Perino D, Muscariello L (2015) Content-centric networking packet header format. Internet Engineering Task Force, Tech. Rep. BCP-78
Breslau L, Cao P, Fan L, Phillips G, Shenker S (1999) Web caching and Zipf-like distributions: evidence and implications. In: IEEE INFOCOM, vol 1, pp 126–134
Funding
The authors would like to thank CNPq, CAPES, FAPERJ, Proppi/UFF, FAPESP, and TAESA/ANEEL for the financial support to this research and development work.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Nasserala, A., Bastos, I.V. & Monteiro Moraes, I. Cache nFace: a simple countermeasure for the producer-consumer collusion attack in Named Data Networking. Ann. Telecommun. 74, 125–137 (2019). https://doi.org/10.1007/s12243-018-0669-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-018-0669-9