YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Shengquan Liao,Chunming Wu,Qiang Yang,Ming Jiang

DOI: https://doi.org/10.4304/jnw.7.11.1837-1844

2012-01-01

Journal of Networks

Abstract:The information-centric network has been proposed for years. It received much attention in the research community until that the content-centric networking (CCN) became one of the fundamental components of Future Internet Architecture (FIA). Meanwhile, current CCN faces enormous technical challenges and one of the key issues is to properly design and evaluate the adaptive forwarding strategies. This paper aims to propose a high efficient routing protocol (ELRP) for the name resolving in CCN. The ELRP incorporates the merits of hierarchical structure, channel and rendezvous network. The demands of path latency are loosen in the proposed routing design, and other metrics, e.g. communication cost, load balancing and resource consumption, are also taken into the consideration. A collection of simulation experiments are carried out and the results show that ELRP can provide improved network performances in terms of these evaluation metrics. Such research outcome implies that a more comprehensive service can be deployed with improved network performance.

MIN Er-long,CHEN Zhen,CHEN Rui,XU Hong-feng

DOI: https://doi.org/10.3969/j.issn.1671-1122.2013.02.004

2013-01-01

Abstract:CCN is one of Information-Centric Internetworking architecture aimed to replace current TCP/IP architecture with the advantage for the better dissemination of information.At the same time,this architecture has also advantageous in security,mobility and scalability over current TCP/IP based Internet.Currently CCN is the most promising future Internet architecture to solve the content distribution requirements.This paper mainly studies the privacy issues in CCN.As CCN architecture has the strong ability on the dissemination of information,this paper presents an analysis of this capability's effect on the user privacy protection problem.Also this paper gives some game theory model on the different players(i.e.CCN User,ISP and content provider) in CCN.Finally,this paper introduces several privacy protection schemes,and provides a new perspective in the study of privacy in CCN architecture.

Zhang Xinggong,Niu Tong,Guo Zongming

DOI: https://doi.org/10.3969/j.issn.1000-0801.2013.08.004

2013-01-01

Abstract:CCN is communication architecture that takes content as a primitive,and retrieves content by name,not by host IP again.It builds on publish/subscribe and network-embedded caching with bandwidth-storage tradeoff.Since it is a clean-slate design,there are many issues to be explored.The concepts,characteristics,network model and recent advances of CCN were introduced.The challenges and some key issues CCN faced were also emphasized.In order to demonstrate the feasibility and implementations,two CCN system samples were also presented.

Kaiping Xue,Jiayu Yang,Qiudong Xia,David S. L. Wei,Jian Li,Qibin Sun,Jun Lu

DOI: https://doi.org/10.1109/tnsm.2021.3136547

2021-01-01

IEEE Transactions on Network and Service Management

Abstract:As a new architecture of Internet infrastructure, Information-Centric Networking (ICN) is mainly designed to effectively handle the rapidly increasing user demand for content delivery through in-network caching. While facilitating the dissemination of content to users and making better use of the network resources, ICN is also vulnerable in that attackers can inject poisoned content into the network and isolate users from valid content sources. The introduction of signature verification in each router can effectively prevent this attack, but it also introduces great computation overhead. Existing schemes in ICN reduce verification overhead from a single routing perspective but do not consider integrating resources within ICN for collaborative content authentication and cyber self-defense. In this paper, we propose a collaborative, secure, and efficient content validation protection framework, named CSEVP, to implement a multi-router collaborative defense mechanism for ICN. On the one hand, we conduct content verification by probabilistically choosing one router involved in the transmission path to offload the computation overhead of content verification from a single router to multiple ones. On the other hand, we adopt bloom filters for routers to record and share verification results to further facilitate a more efficient content validity verification. The security and efficiency analysis shows that our proposed CSEVP can achieve efficient content validity verification among multiple routers with acceptable low communication and storage overhead.

Sen Wang,Jun Bi,Jianping Wu,Xu Yang,Lingyuan Fan

DOI: https://doi.org/10.1145/2377310.2377312

2012-01-01

Abstract:Designed around host-reachability, today's Internet architecture faces many limitations while serving content-oriented applications which generate most traffic load to the Internet. CCN (Content Centric Networking) [1] is one of the most important proposals for future Internet architecture, which aims to build a content/data oriented network to solve these limitations. On the other hand, HTTP is the most important protocol to deploy new services and applications on current TCP/IP-based Internet. In this paper, we attempt to run HTTP protocol on CCN and combine the two by stitching them semantically on their content-oriented features, such as content caching. We expect that this combination can be leveraged to build CCN testbed with real HTTP traffic which is vital to validation and redesigning of specific mechanisms of CCN and to finding a transition way of CCN in which great incentive is provided for service providers in the economic ecosystem of content distribution. We designed and implemented a HTTP-CCN gateway to transform HTTP request and HTTP response into CCN Interest and Data respectively. We illustrate how to semantically map HTTP caching to CCN caching, which is one of the most attractive properties of CCN. We also discuss how to achieve transparent caching with CCN and find out that it is nontrivial to achieve complete transparency of caching with CCN given no cooperation with CDNs and content providers.

Xu Li,Li Hui,Hu Jiawei,Wang Yunmin,Zhang Huayu

DOI: https://doi.org/10.1007/978-3-319-67807-8_3

2017-01-01

Abstract:Content-Centric Networking (CCN), is built on the notion of content-based security. With the integration of Network Coding (NC) into CCN to contribute to the best performance, security, one of the key features of CCN has been left behind. Though the permission for encoding/recoding content packets at producers and intermediate routers provides performance benefits, it also introduces additional security issues and disables existing security practices. In this paper, we fill the gap by analyzing new security challenges brought accordingly and proposing an Autonomous Systems (AS-s) based security mechanism for NC applications in CCN. It can not only guarantee the optimal performance of NC, but also offer the assurance for Integrity, Origin Authentication and Correctness of content packets, together with proving trustworthiness among border routers. More importantly, we also shed light on the performance issues and implementation problems of the mechanism. © 2017, Springer International Publishing AG.

Qi Li,Ravi Sandhu,Xinwen Zhang,Mingwei Xu

DOI: https://doi.org/10.1109/tdsc.2015.2494049

2017-01-01

Abstract:Several Information Centric Network (ICN) architectures have been proposed as candidates for the future Internet, aiming to solve several salient problems in the current IP-based Internet architecture such as mobility, content dissemination and multi-path forwarding. In general, security and privacy are considered as essential requirements in ICN. However, existing ICN designs lack built-in privacy protection for content providers (CPs), e.g., any router in an Internet Service Provider in ICN can cache any content, which may result in information leakage. In this paper, we propose Mandatory Content Access Control (MCAC), a distributed information flow control mechanism to enable a content provider to control which network nodes can cache its contents. In MCAC, a CP defines different security labels for different contents, and content routers check these labels to decide if a content object should be cached. To ensure correct enforcement of MCAC, we also propose a design of a trusted architecture by extending existing mainstream router architectures. We evaluate the performance of MCAC in the NS-3 simulator. The simulation results show that enforcing MCAC in routers does not introduce significant overhead in content forwarding.

Wang, Haopei,Chen, Zhen,Xie, Feng,Han, Fuye

DOI: https://doi.org/10.1109/ICNDC.2012.11

2012-01-01

Abstract:Content-Centric Networking (CCN) is a new network architecture that rethinks the model of network communication. In this architecture all the network sources will be looked as content and routed by name. In this paper, we describe a scheme about the memory management in CCN and explore the impact of this management. We hope to design a solution for the in-network cache. To this purpose, we set up an application platform using the open source CCNx prototype and redesign the cache management by using a different data structure-splay tree and replacement policy compared to the existing design. This data structure is very suitable for caching for that recently accessed content is quick to access again. We also imitate some related work and design a similar experiment. The experimental results show the high efficiency of our management. Our solution improves the hit probability and make the popular content less time to access.

Rui Chen,Zhen Chen,Junwei Cao,Ziwei Hu,Jing Zhou,Jinghong Guo

2016-01-01

Abstract:We present the method of user privacy protection in Content-Centric Networking (CCN) based on Oblivious Transfer (OT). Content-Centric Networking (CCN) is new network architecture to match the modern Internet usage by switching host-to-host model to content based model. Although the caching mechanism in CCN has made full use of bandwidth resource, there are certain risks that critical user data might be exposed to third-party, and very little effort has been made on ensuring such security. In this paper, Oblivious Transfer has been proposed for CCN security usage. We setup the requirements for user privacy protection in CCN, and propose CCN-CPIR, a fully user privacy protection scheme based on OT. Then, we design and implement CCN-CPIR based on 1-n OT protocol using C++. CCN-CPIR not only provides fully user privacy protection, but also outperforms former Java implementation in speed, which is a strong concern in CCN router implementation. Finally, we set up an experimental platform in LAN and conduct performance evaluation. Our experimental results show the potentials for practical usage as improved efficiency.

Cesar Ghali,Gene Tsudik,Christopher A. Wood,Edmund Yeh

DOI: https://doi.org/10.48550/arXiv.1510.01852

2015-10-07

Abstract:Content-Centric Networking (CCN) is a new class of network architectures designed to address some key limitations of the current IP-based Internet. One of its main features is in-network content caching, which allows requests for content to be served by routers. Despite improved bandwidth utilization and lower latency for popular content retrieval, in-network content caching offers producers no means of collecting information about content that is requested and later served from network caches. Such information is often needed for accounting purposes. In this paper, we design some secure accounting schemes that vary in the degree of consumer, router, and producer involvement. Next, we identify and analyze performance and security tradeoffs, and show that specific per-consumer accounting is impossible in the presence of router caches and without application-specific support. We then recommend accounting strategies that entail a few simple requirements for CCN architectures. Finally, our experimental results show that forms of native and secure CCN accounting are both more viable and practical than application-specific approaches with little modification to the existing architecture and protocol.

Networking and Internet Architecture

M. Anisetti,Filippo Berto,C. Ardagna,E. Damiani

DOI: https://doi.org/10.1109/TNSM.2022.3165144

2022-09-01

IEEE Transactions on Network and Service Management

Abstract:Information-Centric Networking is an emerging alternative to host-centric networking designed for large-scale content distribution and stricter privacy requirements. Recent research on Information-Centric Networking focused on the protection of the network from attacks targeting the content delivery protocols, while assuming genuine content can always be retrieved from trustworthy nodes. In this paper, we depart from the assumption of the trustworthiness of network nodes and propose a novel certification methodology for information-centric networks that supports continuous security verification of non-functional properties. Our methodology provides a complete and detailed view of the network security status, increasing the trustworthiness of the network and its services. The proposed approach builds on an enhanced certification model capturing the evolution of the system over time. It also defines certification services that fully integrate with existing networks to collect evidence on the target of certification and carry out the certification process. It finally proposes two certification processes, centralized and decentralized, balancing the impact on the network and the system performance. Efficiency, performance, and soundness of our approach are experimentally evaluated in a simulated Named Data Networking (NDN) network targeting property availability.

Computer Science

Kaiping Xue,Xiang Zhang,Qiudong Xia,David S. L. Wei,Hao Yue,Feng Wu

DOI: https://doi.org/10.1109/tnet.2019.2914189

2018-01-01

Abstract:Information centric networking (ICN) has been regarded as an ideal architecture for the next-generation network to handle users' increasing demand for content delivery with in-network cache. While making better use of network resources and providing better service delivery, an effective access control mechanism is needed due to the widely disseminated contents. However, in the existing solutions, making cache-enabled routers or content providers authenticate users' requests causes high computation overhead and unnecessary delay. Also, the straight-forward utilization of advanced encryption algorithms makes the system vulnerable to DoS attacks. Besides, privacy protection and service accountability are rarely taken into account in this scenario. In this paper, we propose SEAF, a secure, efficient, and accountable edge-based access control framework for ICN, in which authentication is performed at the network edge to block unauthorized requests at the very beginning. We adopt group signature to achieve anonymous authentication and use hash chain technique to reduce greatly the overhead when users make continuous requests for the same file. At the same time, we provide an efficient revocation method to make our framework more robust. Furthermore, the content providers can affirm the service amount received from the network and extract feedback information from the signatures and hash chains. By formal security analysis and the comparison with related works, we show that SEAF achieves the expected security goals and possesses more useful features. The experimental results also demonstrate that our design is efficient for routers and content providers and bring in only slight delay for users' content retrieval.

Yuemei Xu,Yang Li,Tao Lin,Guoqiang Zhang,Zihou Wang,Song Ci

DOI: https://doi.org/10.1109/ICC.2013.6655115

2013-01-01

Abstract:Content Centric Networking (CCN) is a new emerging network architecture, shifting from an end-to-end connection to a content-centric communication model. A number of content-oriented characteristics, such as name-based routing, arbitrary topology and ubiquitous caching make caching in CCN different from the previous works. In this paper, we focus on the collaborative caching in CCN and propose a dominating-set-based collaborative caching mechanism, which jointly considers the content placement and request routing in a tightly-couple manner. Extensive experiments have been performed to evaluate the proposed scheme. Simulation results show that the proposed CollaCache proposal outperforms the existing caching and routing mechanisms in CCN.

Huifang Chen,Linlin Ge,Lei Xie

DOI: https://doi.org/10.3390/s150717057

IF: 3.9

2015-01-01

Sensors

Abstract:The feature of non-infrastructure support in a wireless ad hoc network (WANET) makes it suffer from various attacks. Moreover, user authentication is the first safety barrier in a network. A mutual trust is achieved by a protocol which enables communicating parties to authenticate each other at the same time and to exchange session keys. For the resource-constrained WANET, an efficient and lightweight user authentication scheme is necessary. In this paper, we propose a user authentication scheme based on the self-certified public key system and elliptic curves cryptography for a WANET. Using the proposed scheme, an efficient two-way user authentication and secure session key agreement can be achieved. Security analysis shows that our proposed scheme is resilient to common known attacks. In addition, the performance analysis shows that our proposed scheme performs similar or better compared with some existing user authentication schemes.

Yu Wang,Mingwei Xu,Zhen Feng,Qing Li,Qi Li

DOI: https://doi.org/10.1109/pccc.2014.7017094

2014-01-01

Abstract:Information-Centric Networking (ICN) has been proposed recently to improve the efficiency of content delivery in current IP networks. ICN employs data names, instead of host addresses, as routing and forwarding indicators. Content in the ICN carries only signature of the content provider but does not contain the identity of the content consumer by default. Such information is, however, essential for many of the web applications, such as email, online social networking, online game, e-commerce, and other session-based web services.In this paper, we propose a session-based access control (SAC) mechanism for ICN scenario to bridge the gap. Key distribution protocols are designed to protect the confidentiality of the content during information delivery. We also employ a dynamic naming scheme to enhance user privacy. According to security analysis, our access control mechanism can provide communication security and privacy protection for both sides of the session. Our design can be easily applied to session-based applications in ICN with negligible overhead.

Yong Yu,Yannan Li,Xiaojiang Du,Ruonan Chen,Bo Yang

DOI: https://doi.org/10.1109/mcom.2018.1701086

IF: 9.03

2018-11-01

IEEE Communications Magazine

Abstract:ICNs are promising alternatives to current Internet architecture since the Internet struggles with a number of issues such as scalability, mobility, and security. ICN offers a number of potential benefits including reduced congestion and enhanced delivery performance by employing content caching, simpler network configurations, and stronger security for the content. NDN, an instance of ICN, enables content delivery instead of host-centric approaches by naming data rather than host. In order to make NDN practical in the real world, the challenging issues of content security need to be addressed. In this article, we examine the architecture and content security as well as possible solutions to these issues of NDN, with a special focus on the content integrity and provenance. We propose a variety of digital signature schemes to achieve the data integrity and origin authentication in NDN for various applications, which include cost-effective signatures, privacy preserving signatures, network coding signatures, and post-quantum signatures. We also present speed-up techniques in generating signatures and verifying signatures such as pre-computation, batch verification, and server-aided verification to reduce the computational cost of the producers and receivers in NDN. A number of certificate-free trust management approaches and possible adoptions in NDN are investigated.

telecommunications,engineering, electrical & electronic

Yuemei Xu,Shuai Ma,Yang Li,Fu Chen,Song Ci

DOI: https://doi.org/10.1109/PCCC.2015.7410325

2015-01-01

Abstract:Content Centric Networking (CCN) is an emerging next-generation network infrastructure around content dissemination and retrieval, shifting from physical locations to named data. The built-in caching capacity of CCN, termed as in-network caching, promises to enable fast and effective content distribution at a global scale. Because of the in-network caching, the caching strategy of content location potentially affects how to make content searching decisions, while content searching in return decides in which routers content are stored. The relationship between content caching location and content searching has not been fully exploited in CCN or further used for the whole network performance improvement. This paper exploits the content caching location and content searching mechanism of CCN, and proposes a Popularity-driven content Caching Location and Searching scheme (P-CLS) in CCN. P-CLS leverages content access popularity to realize diverse content distribution and reduce content caching redundancy, which also overcomes the oscillation and frequent replacement phenomenon in the existing content caching and searching (CLS) scheme. Extensive simulations via hierarchical and arbitrary caching topologies show that the proposed scheme outperforms the existing caching algorithms.

Jun Li,Hao Wu,Bin Liu,Zhaoxi Fang,Shaozhong Zhang,Jiong Shi

DOI: https://doi.org/10.1007/s10922-016-9394-8

2016-01-01

Journal of Network and Systems Management

Abstract:With the increasing demand of content dissemination, Content-Centric Networking (CCN) has been proposed as a promising architecture for future Internet. In response to the challenges in CCN caching, we develop an online caching scheme (named RBC-CC) exploiting the concept of Routing Betweenness Centrality (RBC) and “prefetching”, aiming at significantly reducing costly inter-ISP traffic and largely reducing content access hops. Simulation results demonstrate that the proposed caching scheme can significantly outperform the popular caching approaches in terms of the saving rate of inter-ISP traffic. Besides, RBC-CC performs well in reducing the average access hops and incurs the least cache evictions. Further, we present a thorough analysis regarding the impact of access pattern, cache size, content popularity and population on the caching performance. We then come to the conclusion that our scheme is featured with good stability and scalability as well as its effectiveness.

Xinggong Zhang,Tong Niu,Feng Lao,Zongming Guo

DOI: https://doi.org/10.1145/2534169.2491729

IF: 1.937

2013-01-01

ACM SIGCOMM Computer Communication Review

Abstract:Making data the first class entity, Information-Centric Networking (ICN) replaces conventional host-to-host model with content sharing model. However, the huge amount of content and the volatility of replicas cached across the Internet pose significant challenges for addressing content only by name. In this paper, we propose a topology-aware name-based routing protocol which combines the benefits of location-oriented routing and content-centric routing together. We adopt a URL-like naming scheme, which defines register locations and content identifier. Node with copies sends Register messages towards a register using location-oriented routing protocols. All en-path routers record forwarding entries in forwarding table (FIB) as the "bread crumb" to this content. Following the bread crumb, routers know the "best" topology path to the available copies. An Interest is either forwarded towards a "known" copy by the content identifier, or towards the register nodes where it would find the bread crumb to the "best" copies. Compared with the existing flooding or name resolution methods, Our design shows a good potential in terms of scalability, availability and overhead.