skip to main content
10.1145/3125719.3125723acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article

When encryption is not enough: privacy attacks in content-centric networking

Published: 26 September 2017 Publication History

Abstract

Content-Centric Networking (CCN) is a network architecture for transferring named content from producers to consumers upon request. The name-to-content binding is cryptographically enforced with a digital signature generated by the producer. Thus, content integrity and origin authenticity are core features of CCN. In contrast, content confidentiality and privacy are left to the applications. The typically advocated approach for protecting sensitive content is to use encryption, i.e., restrict access to those who have appropriate decryption key(s). Moreover, content is typically encrypted once for identical requests, meaning that many consumers obtain the same encrypted content. From a privacy perspective, this is a step backwards from the "secure channel" approach in today's IP-based Internet, e.g., TLS or IPSec.
In this paper, we assess the privacy pitfalls of this approach, particularly, when the adversary learns some auxiliary information about popularity of certain plaintext content. Merely by observing (or learning) the frequency of requested content, the adversary can learn which encrypted corresponds to which plaintext data. We evaluate this attack using a custom CCN simulator and show that even moderately accurate popularity information suffices for accurate mapping. We also show how the adversary can exploit caches to learn content popularity information. The adversary needs to know the content namespace in order to succeed. Our results show that encryption-based access control is insufficient for privacy in CCN. More extensive counter-measures (such as namespace restrictions and content replication) are needed to mitigate the attack.

References

[1]
G. Acs, M. Conti, P. Gasti, C. Ghali, G. Tsudik, and C. Wood. 2017. Privacy-Aware Caching in Information-Centric Networking. IEEE Transactions on Dependable and Secure Computing PP, 99 (2017), 1--1.
[2]
Walter Bellante, Rosa Vilardi, and Dario Rossi. 2013. On Netflix catalog dynamics and caching performance. In Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), 2013 IEEE 18th International Workshop on. IEEE, 89--93.
[3]
Tim Berners-Lee, Roy Fielding, and Larry Masinter. 1998. RFC 2396: Uniform resource identifiers (URI): generic syntax. (1998).
[4]
Lee Breslau, Pei Cao, Li Fan, Graham Phillips, and Scott Shenker. 1999. Web caching and Zipf-like distributions: Evidence and implications. In INFOCOM'99. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, Vol. 1. IEEE, 126--134.
[5]
Abdelberi Chaabane, Emiliano De Cristofaro, Mohamed Ali Kaafar, and others. 2013. Privacy in content-oriented networking: Threats and countermeasures. ACM SIGCOMM Computer Communication Review 43, 3 (2013), 25--33.
[6]
Hao Che, Zhijun Wang, and Ye Tung. 2001. Analysis and design of hierarchical web caching systems. In INFOCOM 2001. Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, Vol. 3. IEEE, 1416--1424.
[7]
Alberto Compagno, Mauro Conti, Cesar Ghali, and Gene Tsudik. 2015. To NACK or not to NACK? negative acknowledgments in information-centric networking. In Computer Communication and Networks (ICCCN), 2015 24th International Conference on. IEEE, 1--10.
[8]
Danny De Vleeschauwer and Koen Laevens. 2009. Performance of caching algorithms for IPTV on-demand services. IEEE Transactions on broadcasting 55, 2 (2009), 491--501.
[9]
Mostafa Dehghan, Bo Jiang, Ali Dabirmoghaddam, and Don Towsley. 2015. On the analysis of caches with pending interest tables. In Proceedings of the 2nd International Conference on Information-Centric Networking. ACM, 69--78.
[10]
Cesar Ghali, Marc A Schlosberg, Gene Tsudik, and others.2015. Interest-based access control for content centric networks. In Proceedings of the 2nd International Conference on Information-Centric Networking. ACM, 147--156.
[11]
Cesar Ghali, Gene Tsudik, and Christopher A Wood. 2016. (The Futility of) Data Privacy in Content-Centric Networking. In Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society. ACM, 143--152.
[12]
Mihaela Ion, Jianqing Zhang, and Eve M Schooler. 2013. Toward content-centric privacy in ICN: Attribute-based encryption and routing. In Proceedings of the 3rd ACM SIGCOMM workshop on Information-centric networking. ACM, 39--40.
[13]
Van Jacobson, Diana K Smetters, James D Thornton, and others. 2009. Networking named content. In Proceedings of the 5th international conference on Emerging networking experiments and technologies. ACM, 1--12.
[14]
Chamil Jayasundara, Ampalavanapillai Nirmalathas, Elaine Wong, and Nishaanthan Nadarajah. 2010. Popularity-aware caching algorithm for video-on-demand delivery over broadband access networks. In Global Telecommunications Conference (GLOBECOM 2010), 2010 IEEE. IEEE, 1--5.
[15]
Konstantinos Katsaros, George Xylomenos, and George C Polyzos. 2011. Multi-Cache: An overlay architecture for information-centric networking. Computer Networks 55, 4 (2011), 936--947.
[16]
Jun Kurihara, Christopher Wood, and Ersin Uzuin.2015. An Encryption-Based Access Control Framework for Content-Centric Networking. IFIP Networking (2015).
[17]
Tobias Lauinger. 2010. Security & scalability of content-centric networking. Master's thesis. Technische Universität.
[18]
Tobias Lauinger, Nikolaos Laoutaris, Pablo Rodriguez, Thorsten Strufe, Ernst Biersack, and Engin Kirda.2012. Privacy implications of ubiquitous caching in named data networking architectures. Technical Report TR-iSecLab-0812-001, ISecLab, Tech. Rep. (2012).
[19]
Tobias Lauinger, Nikolaos Laoutaris, Pablo Rodriguez, Thorsten Strufe, Ernst Biersack, and Engin Kirda.2012. Privacy risks in named data networking: what is the cost of performance? ACM SIGCOMM Computer Communication Review 42, 5 (2012), 54--57.
[20]
KY Leung, Eric WM Wong, and Kai-Hau Yeung. 2004. Designing efficient and robust caching algorithms for streaming-on-demand services on the Internet. World Wide Web 7, 3 (2004), 297--314.
[21]
Satyajayant Misra, Reza Tourani, and Nahid Ebrahimi Majd. 2013. Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses. In ICN.
[22]
Aziz Mohaisen, Hesham Mekky, Xiaobing Zhang, and others. 2015. Timing attacks on access privacy in information centric networks and countermeasures. (2015).
[23]
Abedelaziz Mohaisen, Xinwen Zhang, Max Schuchard, Haiyong Xie, and Yongdae Kim. 2013. Protecting access privacy of cached contents in information centric networks. In Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. ACM, 173--178.
[24]
Marc Mosko, Ignacio Solis, and Christopher A. Wood. 2017. CCNx Semantics. Internet-Draft draft-irtf-icnrg-ccnxsemantics-04. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-irtf-icnrg-ccnxsemantics-04 Work in Progress.
[25]
Marc Mosko, Ersin Uzun, and Christopher A. Wood.2017. Mobile Sessions in Content-Centric Networks. IFIP Networking (2017).
[26]
Luca Muscariello, Giovanna Carofiglio, and Massimo Gallo. 2011. Bandwidth and storage sharing performance in information centric networking. In Proceedings of the ACM SIGCOMM workshop on Information-centric networking. ACM, 26--31.
[27]
Muhammad Naveed, Seny Kamara, and Charles V Wright. 2015. Inference attacks on property-preserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 644--655.
[28]
Ivan Oliviera-Nunes, Gene Tsudik, and Christopher A. Wood. 2017. Namespace Tunnels in Content-Centric Networks. to appear in 42nd Annual IEEE Conference on Local Computer Networks (2017).
[29]
PARC. 2017. ccns3Sim: CCNx Module for NS3. (2017). https://github.com/parc/ccns3sim
[30]
Elisha J Rosensweig, Jim Kurose, and Don Towsley. 2010. Approximate models for general cache networks. In INFOCOM, 2010 Proceedings IEEE. IEEE, 1--9.
[31]
Diana K. Smetters, Philippe Golle, and J. D. Thornton. 2010. CCNx Access Control Specifications. Technical Report. PARC.
[32]
Christopher A. Wood. 2017. CCN eavesdropper simulator. (2017). https://github.com/chris-wood/ccn-eavesdropper-simulator
[33]
Christopher A. Wood. 2017. Protecting the Long Tail: Transparent Packet Security in Content-Centric Networks. IFIP Networking (2017).
[34]
Christopher A. Wood and Ersin Uzun. 2014. Flexible End-to-End Content Security in CCN. In CCNC.
[35]
Yingdi Yu, Alexander Afanasyev, and Lixia Zhang.2015. Name-based access control. Technical Report NDN-0034, University of California, Los Angeles, Los Angeles (2015).
[36]
Lixia Zhang, Alexander Afanasyev, Jeffrey Burke, and others. 2014. Named data networking. ACM SIGCOMM Computer Communication Review 44, 3 (2014), 66--73.

Cited By

View all
  • (2024)Privacy Concerns in Smart Indoor Environments in the Internet of Everything Era: A Smart University Campus Case StudyInternet of Everything10.1007/978-3-031-51572-9_8(92-109)Online publication date: 1-Feb-2024
  • (2023)Programmable Name Obfuscation Framework for Controlling Privacy and Performance on CCNIEEE Transactions on Network and Service Management10.1109/TNSM.2023.327525020:3(2460-2474)Online publication date: Sep-2023
  • (2023)Poster: Access Control Method with Privacy Preservation in NDN2023 IEEE 31st International Conference on Network Protocols (ICNP)10.1109/ICNP59255.2023.10355604(1-2)Online publication date: 10-Oct-2023
  • Show More Cited By

Index Terms

  1. When encryption is not enough: privacy attacks in content-centric networking

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        ICN '17: Proceedings of the 4th ACM Conference on Information-Centric Networking
        September 2017
        239 pages
        ISBN:9781450351225
        DOI:10.1145/3125719
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 26 September 2017

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. content-centric networks
        2. frequency analysis
        3. privacy

        Qualifiers

        • Research-article

        Funding Sources

        • NSF Graduate Research Fellowship

        Conference

        ICN '17
        Sponsor:

        Acceptance Rates

        Overall Acceptance Rate 133 of 482 submissions, 28%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)17
        • Downloads (Last 6 weeks)1
        Reflects downloads up to 19 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)Privacy Concerns in Smart Indoor Environments in the Internet of Everything Era: A Smart University Campus Case StudyInternet of Everything10.1007/978-3-031-51572-9_8(92-109)Online publication date: 1-Feb-2024
        • (2023)Programmable Name Obfuscation Framework for Controlling Privacy and Performance on CCNIEEE Transactions on Network and Service Management10.1109/TNSM.2023.327525020:3(2460-2474)Online publication date: Sep-2023
        • (2023)Poster: Access Control Method with Privacy Preservation in NDN2023 IEEE 31st International Conference on Network Protocols (ICNP)10.1109/ICNP59255.2023.10355604(1-2)Online publication date: 10-Oct-2023
        • (2023)A Hybrid Security Scheme for Inter-vehicle Communication in Content Centric Vehicular NetworksWireless Personal Communications: An International Journal10.1007/s11277-023-10175-z129:2(1083-1096)Online publication date: 17-Feb-2023
        • (2022)Hierarchical Naming Scheme in Named Data Networking for Internet of Things: A Review and Future Security ChallengesIEEE Access10.1109/ACCESS.2022.315186410(19958-19970)Online publication date: 2022
        • (2021)A Defense Mechanism Against Timing Attacks on User Privacy in ICNIEEE/ACM Transactions on Networking10.1109/TNET.2021.309753629:6(2709-2722)Online publication date: Dec-2021
        • (2021)Investigating the Design Space for Name Confidentiality in Named Data NetworkingMILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM52596.2021.9652892(570-576)Online publication date: 29-Nov-2021
        • (2020)A Packet-level Caching Algorithm for Mitigating Negative Effects Caused by Large Objects in ICN NetworksIEEE Access10.1109/ACCESS.2020.3001088(1-1)Online publication date: 2020
        • (2020)A Privacy-Preserving Collaborative Caching Approach in Information-Centric NetworkingStabilization, Safety, and Security of Distributed Systems10.1007/978-3-030-64348-5_11(133-150)Online publication date: 25-Nov-2020
        • (2019)Rethinking Caching Security of Information-Centric Networking: A System Recovery PerspectiveIEEE Communications Magazine10.1109/MCOM.2019.180086457:10(104-110)Online publication date: Oct-2019
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media