Skip to main content
SpringerLink
Log in

Cache nFace: a simple countermeasure for the producer-consumer collusion attack in Named Data Networking

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

We propose, in this paper, a countermeasure against the producer-consumer collusion attack in Named Data Networking (NDN). In this attack, malicious nodes act in collusion by generating content requests at high rate and thus changing content popularity. The goal of the attack is to reduce in-network caching efficiency by increasing the probability of legitimate consumers to retrieve contents directly from the producer. The proposed countermeasure, called Cache nFace, mitigates this attack by dividing the cache of a node into sub-caches. Each sub-cache only stores contents requested through one specific network interface. Our assumption is that malicious requests do not arrive simultaneously at all interfaces of a content router very often. Results show that cache nFace reduces up to 50% the effectiveness of the attack and outperforms another proposal found in the literature in all the analyzed scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Jacobson V, Smetters D, Thornton J, Plass M, Briggs N, Braynard R (2009) Networking named content. In: International Conference on Emerging Networking EXperiments and Technologies - CoNEXT, pp 1–12

  2. Brito G M, Velloso P B, Moraes I M (2013) Information-centric networks, a new paradigm for the Internet, 1st edn, ser. FOCUS - Networks and Telecommunications Series. Wiley-ISTE

  3. Smetters D, Jacobson V (2009) Securing network content. Xerox Palo Alto Research Center - PARC, Tech. Rep. TR-2009-1

  4. Baugher M, Davie B, Narayanan A, Oran DR (2012) Self-verifying names for read-only named data. In: Workshop on emerging design choices in name-oriented networking - NOMEN, pp 274–279

  5. AbdAllah E, Hassanein H, Zulkernine M (2015) A survey of security attacks in information-centric networking. IEEE Commun Surv Tutor 17(3):1441–1454

    Article  Google Scholar 

  6. Kim Y, Kim Y, Bi J, Yeom I (2016) Differentiated forwarding and caching in Named-Data Networking. J Netw Comput Appl 60(C):155–169

    Article  Google Scholar 

  7. Beben A, Batalla J M, Chai W K, Sliwinski J (2013) Multi-criteria decision algorithms for efficient content delivery in content networks. Ann Telecommun 68(3–4):153–165

    Article  Google Scholar 

  8. Abdullahi I, Arif S, Hassan S (2015) Survey on caching approaches in information centric networking. J Netw Comput Appl 56(C):48–59

    Article  Google Scholar 

  9. Gasti P, Tsudik G, Uzun E, Zhang L (2013) DoS and DDoS in Named-Data Networking. In: International Conference on Computer Communications and Networks - ICCCN, pp 1–7

  10. Xie M, Widjaja I, Wang H (2012) Enhancing cache robustness for content-centric networking. In: IEEE INFOCOM, pp 2426–2434

  11. Conti M, Gasti P, Teoli M (2013) A lightweight mechanism for detection of cache pollution attacks in Named Data Networking. Comput Netw 57(1):3178–3191

    Article  Google Scholar 

  12. Nasserala A, Moraes IM (2016) Analyzing the producer-consumer collusion attack in content-centric networks. In: IEEE Annual Consumer Communications Networking Conference - CCNC, pp 849–852

  13. Nasserala A, Moraes IM (2016) The producer-consumer collusion attack in content-centric networks. IEEE Lat Am Trans 14(6):3003–3010

    Article  Google Scholar 

  14. Zhang L, Estrin D, Burke J, Jacobson V, Thornton J, Smetters D K, Zhang B, Tsudik G, Claffy K, Krioukov D, Massey D, Papadopoulos C, Abdelzaher T, Wang L, Crowley P, Yeh E (2010) Named Data Networking (NDN) project. Xerox Palo Alto Research Center - PARC, Tech. Rep. NDN-0001

  15. Afanasyev A, Mahadevan P, Moiseenko I, Uzun E, Zhang L (2013) Interest flooding attack and countermeasures in Named Data Networking. In: IFIP Networking, pp 1–9

  16. Choi S, Kim K, Kim S, Roh B (2013) Threat of DoS by interest flooding attack in content-centric networking. In: Information Networking International Conference, pp 315–319

  17. Ribeiro I C G, de A Rocha A A, Albuquerque CVN, Guimarães F Q (2014) On the possibility of mitigating content pollution in content-centric networking. In: IEEE Conference on Local Computer Networks - LCN, pp 498–501

  18. Kim Y, Kim U, Yeoml I (2013) The impact of large flows in content centric networks. In: IEEE International Conference on Network Protocols - ICNP, pp 1–2

  19. Salah H, Strufe T (2016) Evaluating and mitigating a collusive version of the interest flooding attack in NDN. In: 2016 IEEE Symposium on Computers and Communication (ISCC). IEEE, pp 938–945

  20. Spring N, Mahajan R, Wetherall D, Anderson T (2004) Measuring ISP topologies with rocketfuel. IEEE/ACM Trans Netw 12 (1):2–16

    Article  Google Scholar 

  21. Gallo M, Perino D, Muscariello L (2015) Content-centric networking packet header format. Internet Engineering Task Force, Tech. Rep. BCP-78

  22. Breslau L, Cao P, Fan L, Phillips G, Shenker S (1999) Web caching and Zipf-like distributions: evidence and implications. In: IEEE INFOCOM, vol 1, pp 126–134

Download references

Funding

The authors would like to thank CNPq, CAPES, FAPERJ, Proppi/UFF, FAPESP, and TAESA/ANEEL for the financial support to this research and development work.

Author information

Authors and Affiliations

  1. Laboratório MídiaCom, PGC-TCC, Instituto de Computação, Universidade Federal Fluminense, Niterói, Brazil

    André Nasserala, Ian Vilar Bastos & Igor Monteiro Moraes

  2. Centro de Ciências Exatas e Tecnológicas, Universidade Federal do Acre, Rio Branco, Brazil

    André Nasserala

Authors
  1. André Nasserala
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ian Vilar Bastos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Igor Monteiro Moraes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to André Nasserala.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nasserala, A., Bastos, I.V. & Monteiro Moraes, I. Cache nFace: a simple countermeasure for the producer-consumer collusion attack in Named Data Networking. Ann. Telecommun. 74, 125–137 (2019). https://doi.org/10.1007/s12243-018-0669-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-018-0669-9

Keywords

Search

Navigation