Abstract

Named-Data Networking (NDN) is one such effort that exemplifies the content-centric approach to networking. Rather than naming locations (i.e., hosts or interfaces), NDN names content, which becomes first-class entity. This permits decoupling of content from the host that strength store and/or disseminate it, facilitating automatic caching and optimizing bandwidth custom. Due to its new architecture, NDN introduces new security and privacy challenges. These challenges include data privacy, anonymity, access control and authentication. It also includes some basic security features. However, NDN’s flexibility to DDoS attacks has not been analyzed to date. In this paper, we present a specific and concrete scenario of DDoS attack in NDN. We also set mechanisms that defend against DDoS attacks such as signature and network defense.

References

• Paolo Gasti, Gene Tsudik, Ersin Uzun and Lixia Zhang,‘DoS & DDoS in Named Data Networking’ (2013).
• Wang, L.J., Lv, Y.Q., Moiseenko, I., Wang, D.S, ‘A dataflow-oriented programming interface for named data networking’. J. Comput. Sci. Technol. 33, 158–168 (2018).
• L. Zhang et al., ‘Named data networking (ndn) project’, University of California and Arizona, Palo Alto Research Center and others, Tech. Rep., October (2010).
• Rai, S.DD., Sharma, K, ‘A survey on detection and mitigation of distributed denial-of-service attack in named data networking’, Advances in communication, cloud, and Big Data lecture notes in networks and systems 31 (2019).
• Van Jacobson, Diana K. Smetters, James D. Thornton, Michael F. Plass, Nicholas H. Briggs, and Rebecca L. Braynard. ‘Networking named content’. In Proceedings of the 5th ACM International Conference on Emerging Networking Experiments and Technologies, pages 1–12, (2009).
• Paul Laskowski and John Chuang. ‘Network monitors and contracting systems: competition and innovation’, SIGCOMM, pages 183–194, New York, NY, USA, (2006).
• Acs, G., M. Conti, P. Gasti, C. Ghali and G. Tsudik ‘Cache Privacy in Named-Data Networking’, ICDCS. (2013).
• Conti, M., Gasti, P., & Teoli, M. ‘A lightweight mechanism for detection of cache pollution attacks in Named Data Networking’, Computer Networks, 57(16), (2013).
• URL:http://doi.acm.org/10.1145/2378956.2378966 Comput Commun (2012).
• Ntuli, N. and S. Han. ‘Detecting router cache snooping in Named Data Networking’. ICT Convergence (ICTC), 2012 International Conference on, IEEE, (2012).
• Nguyen, T., Mai, H., Cogranne, R., Doyen, G., Mallouli, W., Nguyen, L., El Aoun, M., Montes De Oca, E., Festor, O, ‘Reliable detection of interest flooding attack in real deployment of named data networking’. IEEE Trans. Inform. Forens. Sec. 14(9), 2470–2485 (2019).
• Paolo Gasti, Gene Tsudik, Ersin Uzun and Lixia Zhang, ‘DoS & DDoS in Named-Data Networking’, (2012).
• David Dagon, Manos Antonakakis, Kevin Day, Xiapu Luo, ‘Architectures and vulnerability implications in Network and Distributed System Security Symposium’ (NDSS09), (2009).
• ‘A fully homomorphic encryption shema’, Craig Gentry Sep (2009).
• Mohammad Alhisnawi & Mahmood Ahmadi, ‘Detecting and Mitigating DDoS Attack in Named Data Networking’, Journal of Network and Systems Management volume 28, pages1343–1365 (2020).
• Ahmed, S.H., Bouk, S.H., Kim, D., Rawat, D.B., Song, H.: Named data networking for software defined vehicular networks. IEEE Commun. Magaz. 55(8), 60–66 (2017).