research-article

Analyzing GDPR compliance of named data networking

Authors:
Casey Tran

New Mexico State University

New Mexico State University
View Profile

,
Reza Tourani

Saint Louis University

Saint Louis University
View Profile

,
Satyajayant Misra

New Mexico State University

New Mexico State University
View Profile

,
Travis Machacek

New Mexico State University

New Mexico State University
View Profile

,
Gaurav Panwar

New Mexico State University

New Mexico State University
View Profile

ICN '21: Proceedings of the 8th ACM Conference on Information-Centric NetworkingSeptember 2021Pages 107–117https://doi.org/10.1145/3460417.3482979

Published:22 September 2021Publication History

ICN '21: Proceedings of the 8th ACM Conference on Information-Centric Networking

Pages 107–117

ABSTRACT

The popularity of social media platforms, Internet of Things (IoT) devices, and the myriad smartphone applications have created opportunities for companies and organizations to collect individuals' personal data and monetize its sharing at a high rate. A standout example was the Facebook--Cambridge Analytica data-sharing arrangement (2018), which allowed Cambridge Analytica to harvest millions of Facebook users' personal data without their consent for political advertisement. In response to such overreach and privacy violations, the European Union introduced the General Data Protection Regulation (GDPR), which mandates data collectors to protect individuals' data privacy and provide the user more control over their personal data. Motivated by this growing interest in personal privacy, we analyze GDPR articles in the context of Named Data Networking (NDN). The context of interest is NDN as the network architecture in a service provider and we investigate GDPR-pertinent NDN features, including naming, caching, forwarding plane, and its built-in trust, for GDPR compliance and present insights on how such compliance can be built, when lacking. We also present experimental results showing compliance overheads and conclude by identifying potential future work.

References

Alexander Afanasyev, Priya Mahadevan, Ilya Moiseenko, Ersin Uzun, and Lixia Zhang. 2013. Interest flooding attack and countermeasures in Named Data Networking. In 2013 IFIP Networking Conference. IEEE, 1–9.Google Scholar
Ahmad Bashir and Christo Wilson. 2018. Diffusion of User Tracking Data in the Online Advertising Ecosystem. Proceedings on Privacy Enhancing Technologies 2018 (10 2018), 85–103. Google ScholarCross Ref
Mark Baugher, Bruce Davie, Ashok Narayanan, and Dave Oran. 2012. Self-verifying names for read-only named data. In 2012 Proceedings IEEE INFOCOM Workshops. IEEE, Orlando, Florida, 274–279.Google ScholarCross Ref
Abdelberi Chaabane, Emiliano De Cristofaro, Mohamed Ali Kaafar, and Ersin Uzun. 2013. Privacy in content-oriented networking: Threats and countermeasures. ACM SIGCOMM Computer Communication Review 43, 3 (2013), 25–33.Google Scholar
Cloudflare. 2020. Cloudflare Data Processing Addendum. https://www.cloudflare.com/cloudflare_customer_DPAv3.pdf Retrieved May, 2021 fromGoogle Scholar
Cloudflare. 2021. Cloudflare and GDPR compliance. https://www.cloudflare.com/privacy-and-compliance/gdpr/ Retrieved May, 2021 fromGoogle Scholar
CPRA. 2019. California Privacy Rights Act (CPRA). https://oag.ca.gov/system/files/initiatives/pdfs/19-0021A1%20%28Consumer%20Privacy%20-%20Version%203%29_1.pdf Retrieved May, 2021 fromGoogle Scholar
David Derler, Kai Samelin, Daniel Slamanig, and Christoph Striecks. 2019. Fine-Grained and Controlled Rewriting in Blockchains: Chameleon-Hashing Gone Attribute-Based. In 26th Annual Network and Distributed System Security Symposium, NDSS.Google Scholar
Steven DiBenedetto, Paolo Gasti, Gene Tsudik, and Ersin Uzun. 2012. ANDaNA: Anonymous Named Data Networking Application. In Annual Network & Distributed System Security Symposium (NDSS).Google Scholar
Charles Duhigg. 2012. How companies learn your secrets. The New York Times 16, 2 (2012), 1–16.Google Scholar
GDPR. 2016. Complete guide to GDPR compliance. https://gdpr.eu/ Retrieved May, 2020 fromGoogle Scholar
AKM Mahmudul Hoque, Syed Obaid Amin, Adam Alyyan, Beichuan Zhang, Lixia Zhang, and Lan Wang. 2013. NLSR: named-data link state routing protocol. In Proceedings of the 3rd ACM SIGCOMM workshop on Information-centric networking. 15–20.Google ScholarDigital Library
Maria Karampela, Sofia Ouhbi, and Minna Isomursu. 2019. Exploring users’ willingness to share their health and personal data under the prism of the new GDPR: implications in healthcare. In 2019 41st Annual International Conference of the Ieee Engineering in Medicine and Biology Society (embc). IEEE, 6509–6512.Google Scholar
Dohyung Kim, Sunwook Nam, Jun Bi, and Ikjun Yeom. 2015. Efficient content verification in named data networking. In Proceedings of the 2nd ACM Conference on Information-Centric Networking. 109–116.Google ScholarDigital Library
Tobias Lauinger, Nikolaos Laoutaris, Pablo Rodriguez, Thorsten Strufe, Ernst Biersack, and Engin Kirda. 2012. Privacy risks in named data networking: What is the cost of performance? ACM SIGCOMM Computer Communication Review 42, 5 (2012), 54–57.Google ScholarDigital Library
Jun Li, Hao Wu, Bin Liu, and Jianyuan Lu. 2012. Effective caching schemes for minimizing inter-ISP traffic in named data networking. In 2012 IEEE 18th International Conference on Parallel and Distributed Systems. IEEE, 580–587.Google ScholarDigital Library
Dominique Machuletz and Rainer Böhme. 2019. Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPR. CoRR abs/1908.10048 (2019). [arxiv]1908.10048 http://arxiv.org/abs/1908.10048Google Scholar
Giulia Mauri, Mario Gerla, Federico Bruno, Matteo Cesana, and Giacomo Verticale. 2016. Optimal content prefetching in NDN vehicle-to-infrastructure scenario. IEEE Transactions on Vehicular Technology 66, 3 (2016), 2513–2525.Google Scholar
Travis Mick, Reza Tourani, and Satyajayant Misra. 2016. Muncc: Multi-hop neighborhood collaborative caching in information centric networks. In Proceedings of the 3rd ACM Conference on Information-Centric Networking. 93–101.Google ScholarDigital Library
Travis Mick, Reza Tourani, and Satyajayant Misra. 2017. LASeR: Lightweight authentication and secured routing for NDN IoT in smart cities. IEEE Internet of Things Journal 5, 2 (2017), 755–764.Google Scholar
Lokke Moerel and Corien Prins. 2016a. Privacy for the homo digitalis: Proposal for a new regulatory framework for data protection in the light of Big Data and the internet of things. Available at SSRN 2784123 (2016).Google Scholar
Lokke Moerel and Corien Prins. 2016b. Privacy for the homo digitalis: Proposal for a new regulatory framework for data protection in the light of Big Data and the internet of things. Available at SSRN 2784123 (2016).Google Scholar
NetBrain. 2018. GDPR Compliance: 6 Steps to Get your IT Network Ready for GDPR. https://www.netbraintech.com/blog/gdpr-compliance-6-steps-to-get-your-it-network-ready-for-gdpr/ Retrieved May, 2021 fromGoogle Scholar
Gaurav Panwar, Reza Tourani, Travis Mick, Abderrahmen Mtibaa, and Satyajayant Misra. 2017a. DICE: Dynamic multi-RAT selection in the ICN-enabled wireless edge. In Proceedings of the Workshop on Mobility in the Evolving Internet Architecture. 31–36.Google ScholarDigital Library
Gaurav Panwar, Reza Tourani, Satyajayant Misra, and Abderrahmen Mtibaa. 2017b. Request aggregation: the good, the bad, and the ugly. In Proceedings of the 4th ACM Conference on Information-Centric Networking. 198–199.Google ScholarDigital Library
Gaurav Panwar, Roopa Vishwanathan, and Satyajayant Misra. 2021. ReTRACe: Revocable and Traceable Blockchain Rewrites using Attribute-based Cryptosystems. Cryptology ePrint Archive, Report 2021/568. https://eprint.iacr.org/2021/568.Google Scholar
Hyundo Park, Indra Widjaja, and Heejo Lee. 2012. Detection of cache pollution attacks using randomness checks. In 2012 IEEE International Conference on Communications (ICC). IEEE, 1096–1100.Google ScholarCross Ref
Sanjeev Kaushik Ramani, Reza Tourani, George Torres, Satyajayant Misra, and Alexander Afanasyev. 2019. NDN-ABS: Attribute-Based Signature Scheme for Named Data Networking. In Proceedings of the 6th ACM Conference on Information-Centric Networking. 123–133.Google ScholarDigital Library
Thomas Reuters. 2020. Technical and Organisational Measures. https://uk.practicallaw.thomsonreuters.com/w-014-8211?transitionType=Default&contextData=(sc.Default)&firstPage=true&bhcp=1 Retrieved June,2020 fromGoogle Scholar
Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari, Abbas Razaghpanah, Narseo Vallina-Rodriguez, and Serge Egelman. 2018. “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale. Proceedings on Privacy Enhancing Technologies 2018 (06 2018), 63–83. Google ScholarCross Ref
Aashaka Shah, Vinay Banakar, Supreeth Shastri, Melissa Wasserman, and Vijay Chidambaram. 2019. Analyzing the Impact of {GDPR} on Storage Systems. In 11th {USENIX} Workshop on Hot Topics in Storage and File Systems (HotStorage 19).Google Scholar
Supreeth Shastri, Melissa Wasserman, and Vijay Chidambaram. 2019. The Seven Sins of Personal-Data Processing Systems under GDPR. In 11th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud 19). USENIX Association, Renton, WA. https://www.usenix.org/conference/hotcloud19/presentation/shastriGoogle Scholar
Junxiao Shi, Teng Liang, Hao Wu, Bin Liu, and Beichuan Zhang. 2016. Ndn-nic: Name-based filtering on network interface card. In Proceedings of the 3rd ACM Conference on Information-Centric Networking. 40–49.Google ScholarDigital Library
Reza Tourani, Satyajayant Misra, Joerg Kliewer, Scott Ortegel, and Travis Mick. 2015. Catch me if you can: A practical framework to evade censorship in information-centric networks. In Proceedings of the 2nd ACM Conference on Information-Centric Networking. 167–176.Google ScholarDigital Library
Reza Tourani, Satyajayant Misra, and Travis Mick. 2016. Application-specific secure gathering of consumer preferences and feedback in ICNs. In Proceedings of the 3rd ACM Conference on Information-Centric Networking. 65–70.Google ScholarDigital Library
Reza Tourani, Satyajayant Misra, Travis Mick, and Gaurav Panwar. 2017. Security, privacy, and access control in information-centric networking: A survey. IEEE communications surveys & tutorials 20, 1 (2017), 566–600.Google Scholar
Reza Tourani, Ray Stubbs, and Satyajayant Misra. 2018. TACTIC: Tag-based access control framework for the information-centric wireless edge networks. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS). IEEE, 456–466.Google ScholarCross Ref
CMS.Law GDPR Enforcement Tracker. 2020a. ETID-118. https://www.enforcementtracker.com/ETID-188 Retrieved November, 2020 fromGoogle Scholar
CMS.Law GDPR Enforcement Tracker. 2020b. ETID-226. https://www.enforcementtracker.com/ETID-226 Retrieved October, 2020 fromGoogle Scholar
CMS.Law GDPR Enforcement Tracker. 2020c. ETID-326. https://www.enforcementtracker.com/ETID-326 Retrieved November, 2020 fromGoogle Scholar
CMS.Law GDPR Enforcement Tracker. 2020d. ETID-34. https://www.enforcementtracker.com/ETID-34 Retrieved November, 2020 fromGoogle Scholar
CMS.Law GDPR Enforcement Tracker. 2020e. ETID-344. https://www.enforcementtracker.com/ETID-344 Retrieved November, 2020 fromGoogle Scholar
CMS.Law GDPR Enforcement Tracker. 2020f. ETID-36. https://www.enforcementtracker.com/ETID-36 Retrieved November, 2020 fromGoogle Scholar
CMS.Law GDPR Enforcement Tracker. 2020g. ETID-422. https://www.enforcementtracker.com/ETID-422 Retrieved November, 2020 fromGoogle Scholar
CMS.Law GDPR Enforcement Tracker. 2020h. ETID-74. https://www.enforcementtracker.com/ETID-74 Retrieved November, 2020 fromGoogle Scholar
Nguyen Binh Truong, Kai Sun, Gyu Myoung Lee, and Yike Guo. 2019. GDPR-Compliant Personal Data Management: A Blockchain-based Solution. CoRR abs/1904.03038 (2019).Google Scholar
Gene Tsudik, Ersin Uzun, and Christopher A Wood. 2016. Ac3n: Anonymous communication in content-centric networking. In 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC). IEEE, 988–991.Google ScholarDigital Library
Benjamin E Ujcich and William H Sanders. 2019. Data Protection Intents for Software-Defined Networking. In 2019 IEEE Conference on Network Softwarization (NetSoft). IEEE, 271–275.Google Scholar
Sandra Wachter. 2018. Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR. Computer law & security review 34, 3 (2018), 436–449.Google ScholarCross Ref
Yi Wang, Zhuyun Qi, Kai Lei, Bin Liu, and Chen Tian. 2017. Preventing" bad" content dispersal in named data networking. In Proceedings of the ACM Turing 50th Celebration Conference-China. 1–8.Google ScholarDigital Library
Ben Wolford. 2020. How to conduct a Data Protection Impact Assessment (template included). Proton Technologies AG. https://gdpr.eu/data-protection-impact-assessment-template/ Retrieved June,2020 fromGoogle Scholar
Mengjun Xie, Indra Widjaja, and Haining Wang. 2012. Enhancing cache robustness for content-centric networking. In 2012 Proceedings IEEE INFOCOM. IEEE, 2426–2434.Google Scholar
Kaiping Xue, Peixuan He, Xiang Zhang, Qiudong Xia, David SL Wei, Hao Yue, and Feng Wu. 2019. A Secure, Efficient, and Accountable Edge-Based Access Control Framework for Information Centric Networks. IEEE/ACM Transactions on Networking 27, 3 (2019), 1220–1233.Google Scholar
Yingdi Yu, Alexander Afanasyev, David Clark, KC Claffy, Van Jacobson, and Lixia Zhang. 2015. Schematizing trust in named data networking. In Proceedings of the 2nd ACM Conference on Information-Centric Networking. 177–186.Google ScholarDigital Library
Yingdi Yu, Alexander Afanasyev, Jan Seedorf, Zhiyi Zhang, and Lixia Zhang. 2017. NDN DeLorean: An authentication system for data archives in named data networking. In Proceedings of the 4th ACM Conference on Information-Centric Networking. 11–21.Google ScholarDigital Library
Lixia Zhang, Alexander Afanasyev, Jeffrey Burke, Van Jacobson, Patrick Crowley, Christos Papadopoulos, Lan Wang, Beichuan Zhang, et al. 2014. Named data networking. ACM SIGCOMM Computer Communication Review 44, 3 (2014), 66–73.Google ScholarDigital Library
Meng Zhang, Hongbin Luo, and Hongke Zhang. 2015. A survey of caching mechanisms in information-centric networking. IEEE Communications Surveys & Tutorials 17, 3 (2015), 1473–1499.Google ScholarDigital Library
Zhiyi Zhang, Yingdi Yu, Alexander Afanasyev, Jeff Burke, and Lixia Zhang. 2017. NAC: Name-based access control in named data networking. In Proceedings of the 4th ACM Conference on Information-Centric Networking. 186–187.Google ScholarDigital Library

Index Terms

Analyzing GDPR compliance of named data networking
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections

Recommendations

The Effect of the GDPR on Privacy Policies: Recent Progress and Future Promise
Special Issue on Analytics for Cybersecurity and Privacy, Part 2 and Regular Papers

The General Data Protection Regulation (GDPR) is considered by some to be the most important change in data privacy regulation in 20 years. Effective May 2018, the European Union GDPR privacy law applies to any organization that collects and processes ...
Read More
Opening Privacy Sensitive Microdata Sets in Light of GDPR
dg.o 2019: Proceedings of the 20th Annual International Conference on Digital Government Research

To enhance the transparency, accountability and efficiency of the Dutch Ministry of Justice and Security, the ministry has set up an open data program to proactively stimulate sharing its (publicly funded) data sets with the public. Disclosure of ...
Read More
On opening sensitive data sets in light of GDPR
ICEGOV '19: Proceedings of the 12th International Conference on Theory and Practice of Electronic Governance

Disclosure of personal data is considered as one of the main threats for data opening. In this contribution we consider the data that are sensitive in GDPR terms (for example, criminal justice data within the Dutch justice domain) and discuss how they ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ICN '21: Proceedings of the 8th ACM Conference on Information-Centric Networking
September 2021
150 pages
ISBN:9781450384605
DOI:10.1145/3460417
General Chairs:
Giovanna Carofiglio,
David Oran,
Program Chairs:
Jorg Ott
Technische Universität München
,
Lan Wang
University of Memphis
Copyright © 2021 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 September 2021
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
GDPR
ICN
NDN
privacy
security
Qualifiers
- research-article
Conference

Acceptance Rates
ICN '21 Paper Acceptance Rate11of43submissions,26%Overall Acceptance Rate133of482submissions,28%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 291
  Total Downloads
- Downloads (Last 12 months)58
- Downloads (Last 6 weeks)7
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Analyzing GDPR compliance of named data networking

ICN '21: Proceedings of the 8th ACM Conference on Information-Centric Networking

ABSTRACT

References

Cited By

Index Terms

Recommendations

The Effect of the GDPR on Privacy Policies: Recent Progress and Future Promise

Opening Privacy Sensitive Microdata Sets in Light of GDPR

On opening sensitive data sets in light of GDPR