research-article

Can We Make a Cake and Eat it Too? A Discussion of ICN Security and Privacy

Authors:

Matthias Wählisch,

Christopher A. WoodAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 47, Issue 1

Pages 49 - 54

https://doi.org/10.1145/3041027.3041034

Published: 17 January 2017 Publication History

Abstract

In recent years, Information-centric Networking (ICN) has received much attention from both academic and industry participants. ICN offers data-centric inter-networking that is radically different from today's host-based IP networks. Security and privacy features on today's Internet were originally not present and have been incrementally retrofitted over the last 35 years. As such, these issues have become increasingly important as ICN technology gradually matures towards real-world deployment. Thus, while ICN-based architectures (e.g., NDN, CCNx, etc.) are still evolving, it is both timely and important to explore ICN security and privacy issues as well as devise and assess possible mitigation techniques.

This report documents the highlights and outcomes of the Dagstuhl Seminar 16251 on ``Information-centric Networking and Security.'' The goal of which was to bring together researchers to discuss and address security and privacy issues particular to ICN-based architectures. Upon finishing the three-day workshop, the outlook of ICN is still unclear. Many unsolved and ill-addressed problems remain, such as namespace and identity management, object security and forward secrecy, and privacy. Regardless of the fate of ICN, one thing is certain: much more research and practical experience with these systems is needed to make progress towards solving these arduous problems.

References

[1]

B. Ahlgren, C. Dannewitz, C. Imbrenda, D. Kutscher, and B. Ohlman, "A Survey of Information-Centric Networking (Draft)," in Information-Centric Networking, ser. Dagstuhl Seminar Proceedings, B. Ahlgren, H. Karl, D. Kutscher, B. Ohlman, S. Oueslati, and I. Solis, Eds., no. 10492. Dagstuhl, Germany: Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany, 2011. [Online]. Available: http://drops.dagstuhl.de/opus/volltexte/2011/2941

[2]

A. Ghodsi, B. Ohlman, J. Ott, I. Solis, and M. Wählisch, "Information-centric networking - Ready for the real worldl (Dagstuhl Seminar 12361)," Dagstuhl Reports, vol. 2, no. 9, pp. 1-14, 2013. [Online]. Available: http://drops.dagstuhl.de/opus/volltexte/2013/3787

[3]

D. Kutscher, T. Kwon, and I. Solis, "Information-Centric Networking 3 (Dagstuhl Seminar 14291)," Dagstuhl Reports, vol. 4, no. 7, pp. 52-61, 2014. [Online]. Available: http://drops.dagstuhl.de/opus/volltexte/2014/4785

[4]

M. Wählisch, T. C. Schmidt, and M. Vahlenkamp, "Backscatter from the Data Plane - Threats to Stability and Security in Information-Centric Network Infrastructure," Computer Networks, vol. 57, no. 16, pp. 3192-3206, Nov. 2013.

Digital Library

[5]

P. Gasti, G. Tsudik, E. Uzun, and L. Zhang, "DoS and DDoS in Named Data Networking," in Proc. of ICCCN. IEEE, 2013, pp. 1-7.

[6]

A. Compagno, M. Conti, P. Gasti, L. V. Mancini, and G. Tsudik, "Violating consumer anonymity: Geo-locating nodes in named data networking," in International Conference on Applied Cryptography and Network Security. Springer, 2015, pp. 243-262.

[7]

Y. Yu, A. Afanasyev, D. Clark, V. Jacobson, L. Zhang et al., "Schematizing trust in named data networking," in Proceedings of the 2nd International Conference on Information-Centric Networking. ACM, 2015, pp. 177-186.

Digital Library

[8]

C. Ghali, G. Tsudik, and E. Uzun, "Network-layer trust in named-data networking," ACM SIGCOMM Computer Communication Review, vol. 44, no. 5, pp. 12-19, 2014.

Digital Library

[9]

M. Papalini, "Tagnet: A scalable tag-based information-centric network," Ph.D. dissertation, Università della Svizzera Italiana, 2015.

[10]

W. Shang, A. Bannis, T. Liang, Z. Wang, Y. Yu, A. Afanasyev, J. Thompson, J. Burke, B. Zhang, and L. Zhang, "Named data networking of things," in 2016 IEEE First International Conference on Internet-of-Things Design and Implementation (IoTDI). IEEE, 2016, pp. 117-128.

[11]

R. Tourani, T. Mick, S. Misra, and G. Panwar, "Security, privacy, and access control in information-centric networking: A survey," arXiv preprint arXiv:1603.03409, 2016.

[12]

D. K. Smetters, P. Golle, and J. D. Thornton, "CCNx access control specifications," PARC, Tech. Rep., Jul. 2010.

[13]

S. Misra, R. Tourani, and N. E. Majd, "Secure content delivery in information-centric networks: Design, implementation, and analyses," in ICN, 2013.

Digital Library

[14]

M. Ion, J. Zhang, and E. M. Schooler, "Toward content-centric privacy in ICN: Attribute-based encryption and routing," in ICN, 2013.

Digital Library

[15]

C. A. Wood and E. Uzun, "Flexible end-to-end content security in CCN," in CCNC, 2014.

[16]

J. Kurihara, C. Wood, and E. Uzuin, "An encryption-based access control framework for content-centric networking," IFIP, 2015.

[17]

Y. Yu, A. Afanasyev, and L. Zhang, "Name-based access control," Named Data Networking Project, Technical Report NDN-0034, 2015.

[18]

C. Ghali, M. A. Schlosberg, G. Tsudik, and C. A. Wood, "Interest-based access control for content centric networks," in International Conference on Information-Centric Networking. ACM, 2015.

Digital Library

[19]

M. Raykova, H. Lakhani, H. Kazmi, and A. Gehani, "Decentralized authorization and privacy-enhanced routing for information-centric networks," in Proceedings of the 31st Annual Computer Security Applications Conference. ACM, 2015, pp. 31-40.

Digital Library

[20]

M. Chase, "Multi-authority attribute based encryption," in Theory of Cryptography Conference. Springer, 2007, pp. 515-534.

Digital Library

[21]

B. Laurie, G. Sisson, R. Arends, and D. Blacka, "DNS Security (DNSSEC) Hashed Authenticated Denial of Existence," IETF, RFC 5155, March 2008.

[22]

J. Sherry, C. Lan, R. A. Popa, and S. Ratnasamy, "Blindbox: Deep packet inspection over encrypted traffic," in ACM SIGCOMM Computer Communication Review, vol. 45, no. 4. ACM, 2015, pp. 213-226.

Digital Library

[23]

C. Tschudin, "Private information retrieval over icn," in 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), April 2016, pp. 534-539.

[24]

O. Blazy, G. Fuchsbauer, D. Pointcheval, and D. Vergnaud, "Signatures on randomizable ciphertexts," in International Workshop on Public Key Cryptography. Springer, 2011, pp. 403-422.

Digital Library

[25]

R. Canetti, S. Halevi, and J. Katz, "A forward-secure public-key encryption scheme," in International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2003, pp. 255-271.

Digital Library

[26]

S. DiBenedetto and C. Papadopoulos, "Mitigating poisoned content with forwarding strategy," in 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), April 2015.

[27]

E. Uzun, S. DiBenedetto, G. Tsudik, and P. Gasti, "Anonymous named data networking application," in 19th Annual Network and Distributed System Security Symposium (NDSS), 2012.

[28]

C. Ghali, G. Tsudik, and C. A. Wood, "(The Futility of) Data Privacy in Content-Centric Networks," in ACM CCS Workshop on Privacy in the Electronic Society (WPES), 2016.

Digital Library

[29]

C. Wood, E. Uzun, and M. Mosko, "CCNx Key Exchange Protocol Version 1.0," Internet Engineering Task Force, Internet-Draft draft-wood-icnrg-ccnxkeyexchange-01, Oct. 2016, work in Progress. [Online]. Available: https://tools.ietf.org/html/draft-wood-icnrg-ccnxkeyexchange-01

[30]

C. A. Wood and E. Uzun, "Flexible end-to-end content security in ccn," in 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC). IEEE, 2014, pp. 858-865.

[31]

"Crypto Forum Research Group (CFRG)," https://irtf.org/cfrg, accessed: 2016-11-21.

[32]

A. Bittau, M. Hamburg, M. Handley, D. Mazieres, and D. Boneh, "The case for ubiquitous transport-level encryption." in USENIX Security Symposium, 2010, pp. 403-418.

Digital Library

Cited By

Azamuddin WMohd Aman ASallehuddin HSalam MAbualsaud K(2024)Mathematical Models for Named Data Networking Producer Mobility Techniques: A ReviewMathematics10.3390/math1205064912:5(649)Online publication date: 23-Feb-2024
https://doi.org/10.3390/math12050649
Abdulsalam YHedabou M(2021)Security and Privacy in Cloud Computing: Technical ReviewFuture Internet10.3390/fi1401001114:1(11)Online publication date: 27-Dec-2021
https://doi.org/10.3390/fi14010011
Nour BKhelifi HHussain RMastorakis SMoungla H(2021)Access Control Mechanisms in Named Data NetworksACM Computing Surveys10.1145/344215054:3(1-35)Online publication date: 17-Apr-2021
https://dl.acm.org/doi/10.1145/3442150
Show More Cited By

Index Terms

Can We Make a Cake and Eat it Too? A Discussion of ICN Security and Privacy
1. Networks
  1. Network architectures
2. Security and privacy
  1. Network security
  2. Systems security

Recommendations

Improving the Internet with ICN
ACM-ICN '15: Proceedings of the 2nd ACM Conference on Information-Centric Networking

Efficient static content distribution is the focus of most ICN efforts. But content distribution is just one of many Internet pain points. An Information Centric approach could potentially spur major advances on most of the Internet's most pressing ...
Catch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks
ACM-ICN '15: Proceedings of the 2nd ACM Conference on Information-Centric Networking

Internet traffic is increasingly becoming multimedia-centric. Its growth is driven by the fast-growing mobile user base that is more interested in the content rather than its origin. These trends have motivated proposals for a new Internet networking ...
ICN-based edge service deployment in challenged networks
ICN '17: Proceedings of the 4th ACM Conference on Information-Centric Networking

In this demo we present a NDN-based approach to deploy dockerised services closer to end-users when the network is impaired. We further increase resiliency, employing DTN to tunnel traffic between intermittently connected NDN nodes.

Comments

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review

ACM SIGCOMM Computer Communication Review Volume 47, Issue 1

January 2017

60 pages

ISSN:0146-4833

DOI:10.1145/3041027

Issue’s Table of Contents

Copyright © 2017 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 January 2017

Published in SIGCOMM-CCR Volume 47, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
439
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)5

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Azamuddin WMohd Aman ASallehuddin HSalam MAbualsaud K(2024)Mathematical Models for Named Data Networking Producer Mobility Techniques: A ReviewMathematics10.3390/math1205064912:5(649)Online publication date: 23-Feb-2024
https://doi.org/10.3390/math12050649
Abdulsalam YHedabou M(2021)Security and Privacy in Cloud Computing: Technical ReviewFuture Internet10.3390/fi1401001114:1(11)Online publication date: 27-Dec-2021
https://doi.org/10.3390/fi14010011
Nour BKhelifi HHussain RMastorakis SMoungla H(2021)Access Control Mechanisms in Named Data NetworksACM Computing Surveys10.1145/344215054:3(1-35)Online publication date: 17-Apr-2021
https://dl.acm.org/doi/10.1145/3442150
Sullivan SBrighente AKumar SConti M(2021)5G Security Challenges and Solutions: A Review by OSI LayersIEEE Access10.1109/ACCESS.2021.31053969(116294-116314)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3105396
Carofiglio GMuscariello LAugé JPapalini MSardara MCompagno A(2019)Enabling ICN in the Internet ProtocolProceedings of the 6th ACM Conference on Information-Centric Networking10.1145/3357150.3357394(55-66)Online publication date: 24-Sep-2019
https://dl.acm.org/doi/10.1145/3357150.3357394
Jiang ZLuo JZhang FHe CWang MZhang Y(2019)Pseudonym Authentication on Network Layer in Information-Centric Networks*2019 2nd International Conference on Hot Information-Centric Networking (HotICN)10.1109/HotICN48464.2019.9063215(72-76)Online publication date: Dec-2019
https://doi.org/10.1109/HotICN48464.2019.9063215
Wang KDong JQuan W(2019)InterestFence: Simple but Efficient Way to Counter Interest Flooding AttackComputers & Security10.1016/j.cose.2019.101628(101628)Online publication date: Sep-2019
https://doi.org/10.1016/j.cose.2019.101628
Zhu YTao YHuang R(2019)BEAcM‐DPTransactions on Emerging Telecommunications Technologies10.1002/ett.379431:2Online publication date: 25-Nov-2019
https://dl.acm.org/doi/10.1002/ett.3794
Dong JWang KLyu YJiao LYin H(2018)InterestFence: Countering Interest Flooding Attacks by Using Hash-Based Security LabelsAlgorithms and Architectures for Parallel Processing10.1007/978-3-030-05063-4_39(527-537)Online publication date: 7-Dec-2018
https://doi.org/10.1007/978-3-030-05063-4_39
Partridge CNelson SKong DSchmidt TSeedorf J(2017)Realizing a virtual private network using named data networkingProceedings of the 4th ACM Conference on Information-Centric Networking10.1145/3125719.3125720(156-162)Online publication date: 26-Sep-2017
https://dl.acm.org/doi/10.1145/3125719.3125720
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents