Qi Li,Ravi Sandhu,Xinwen Zhang,Mingwei Xu

DOI: https://doi.org/10.1109/tdsc.2015.2494049

2017-01-01

Abstract:Several Information Centric Network (ICN) architectures have been proposed as candidates for the future Internet, aiming to solve several salient problems in the current IP-based Internet architecture such as mobility, content dissemination and multi-path forwarding. In general, security and privacy are considered as essential requirements in ICN. However, existing ICN designs lack built-in privacy protection for content providers (CPs), e.g., any router in an Internet Service Provider in ICN can cache any content, which may result in information leakage. In this paper, we propose Mandatory Content Access Control (MCAC), a distributed information flow control mechanism to enable a content provider to control which network nodes can cache its contents. In MCAC, a CP defines different security labels for different contents, and content routers check these labels to decide if a content object should be cached. To ensure correct enforcement of MCAC, we also propose a design of a trusted architecture by extending existing mainstream router architectures. We evaluate the performance of MCAC in the NS-3 simulator. The simulation results show that enforcing MCAC in routers does not introduce significant overhead in content forwarding.

Bing Li,Ashwin Prabhu Verleker,Dijiang Huang,Zhijie Wang,Yan Zhu

DOI: https://doi.org/10.1109/tdsc.2016.2550437

2018-01-01

Abstract:Information Centric Networking (ICN) is a new network architecture that aims to overcome the weakness of existing IP-based networking architecture. Instead of establishing a connection between the communicating hosts, ICN focuses on the content, i.e. data, transmitted in network. Content copies in ICN can be cached at different locations. The content is out of the owner's control once it's published. Thus, enforcing access control policies on distributed content copies is crucial in ICN. Attribute-Based Encryption (ABE) is a feasible approach to enforce such control mechanisms. However, applying ABE in ICN has two challenges: from management perspective, managing attributes is complicated in distributed manners; from privacy perspective, unlike in traditional networks, the enforced content access policies are public to all the ICN users. Thus, it is desirable that unauthorized content viewers are not able to retrieve the access policy. To this end, a privacy-preserving access control scheme for ICN and associated attribute management solution are presented in this paper. This proposed approach is compatible with existing flat name based ICN architectures.

Kaiping Xue,Xiang Zhang,Qiudong Xia,David S. L. Wei,Hao Yue,Feng Wu

DOI: https://doi.org/10.1109/tnet.2019.2914189

2018-01-01

Abstract:Information centric networking (ICN) has been regarded as an ideal architecture for the next-generation network to handle users' increasing demand for content delivery with in-network cache. While making better use of network resources and providing better service delivery, an effective access control mechanism is needed due to the widely disseminated contents. However, in the existing solutions, making cache-enabled routers or content providers authenticate users' requests causes high computation overhead and unnecessary delay. Also, the straight-forward utilization of advanced encryption algorithms makes the system vulnerable to DoS attacks. Besides, privacy protection and service accountability are rarely taken into account in this scenario. In this paper, we propose SEAF, a secure, efficient, and accountable edge-based access control framework for ICN, in which authentication is performed at the network edge to block unauthorized requests at the very beginning. We adopt group signature to achieve anonymous authentication and use hash chain technique to reduce greatly the overhead when users make continuous requests for the same file. At the same time, we provide an efficient revocation method to make our framework more robust. Furthermore, the content providers can affirm the service amount received from the network and extract feedback information from the signatures and hash chains. By formal security analysis and the comparison with related works, we show that SEAF achieves the expected security goals and possesses more useful features. The experimental results also demonstrate that our design is efficient for routers and content providers and bring in only slight delay for users' content retrieval.

Jiang Xiaoke,Bi Jun,Nan Guoshun,Li Zhaogeng

DOI: https://doi.org/10.1109/cc.2015.7188520

2015-01-01

Abstract:The basic function of the Internet is to delivery data（what） to serve the needs of all applications. IP names the attachment points（where） to facilitate ubiquitous interconnectivity as the current way to deliver data. The fundamental mismatch between data delivery and naming attachment points leads to a lot of challenges, e.g., mapping from data name to IP address, handling dynamics of underlying topology, scaling up the data distribution, and securing communication, etc. Informationcentric networking（ICN） is proposed to shift the focus of communication paradigm from where to what, by making the named data the first-class citizen in the network, The basic consensus of ICN is to name the data independent from its container（space dimension） and session（time dimension）, which breaks the limitation of point-to-point IP semantic. It scales up data distribution by utilizing available resources, and facilitates communication to fit diverse connectivity and heterogeneous networks. However, there are only a few consensuses on the detailed design of ICN, and quite a few different ICN architectures are proposed. This paper reveals the rationales of ICN from the perspective of the Internet evolution, surveys different design choices, and discusses on two debatable topics in ICN, i.e.,self-certifying versus hierarchical names, and edge versus pervasive caching. We hope this survey helps clarify some mis-understandings on ICN and achieve more consensuses.

Qiuyun Lyu,Yizhen Qi,Xiaochen Zhang,Huaping Liu,Qiuhua Wang,Ning Zheng

DOI: https://doi.org/10.1016/j.jnca.2019.102444

IF: 7.574

2020-01-01

Journal of Network and Computer Applications

Abstract:The information-centric networking (ICN) has been proposed to meet the increasing demand for efficient content delivery. However, the in-network caching mechanism of ICN makes it hard to provide data security and privacy for content providers (CPs). Although many access control schemes are proposed to improve the security of ICN, there are still some problems unsolved. On the one hand, in spite of the centralized access control schemes are proposed to improve the security of data sharing, the single point of failure issue is inevitable. On the other hand, the decentralized access control schemes allow the content provider to control the key distribution for encrypted content, but it is inefficient when they are applied in hierarchical access, and the audit of content access is ignored. In this paper, we propose a secure blockchain-based access control framework which is called as SBAC, to provide a content provider with the ability of sharing, audit and revocation on his content in a secure way. Specifically, we design a matching-based access control model to achieve hierarchical access, and present a blockchain-based access token mechanism to resist the single point of failure and balance privacy and audit. And Cuckoo filter is introduced to achieve efficient query of access token in verification. Furthermore, our SBAC keeps the characteristic of pervasive caching of ICN. The security analysis and experimental results demonstrate that SBAC is suitable in practice.

Xiaobin Tan,Shunyi Wang,Liguo Ji,Xinxin Tong,Cliff Zou,Quan Zheng,Jian Yang

DOI: https://doi.org/10.1109/twc.2023.3332930

IF: 10.4

2024-01-01

IEEE Transactions on Wireless Communications

Abstract:The rapid growth of mobile network traffic poses major challenges for current wireless networks regarding bandwidth, delay, mobility, and stability. To overcome these obstacles, a new network architecture called Information-Centric Networking (ICN) has emerged, effectively addressing these issues and enhancing content delivery efficiency. However, with the in-network content cache, anyone including unauthorized users can access the content from intermediate network nodes. In response to this challenge, this paper proposes an efficient and lightweight ICN content access control framework based on a hybrid-coding mechanism that combines two or more encoding operations, which does not impose additional complexity on ICN routers. In the proposed scheme, the content is first divided into multiple original blocks, and these original blocks are encoded into encoded blocks using hybrid-coding operations. Each authorized user can obtain private decoding information from the content provider, and decode them into original content using its private decoding information. The proposed scheme can fully utilize ICN’s in-network cache capability and defend against a wide range of attacks. Furthermore, security analysis, ndnSIM-based simulation, and real-world experiments demonstrate the scheme’s security, performance, and scalability.

Jiefang Liu,Bin Zhao,Ning Zhou

DOI: https://doi.org/10.3969/j.issn.1001-3695.2015.11.051

2015-01-01

Abstract:Information-centric networking(ICN)has been a novel hotspot in the field of future Internet architecture.Aiming at NRS is vulnerable to masquerading and content poisoning attacks in the NetInf,because of invalid data registration,this pa-per proposed a registration stage,which integrated authentication and authorization scheme and took place before the publica-tion and retrieval.The stage authenticated hosts before they accessed the NetInf system.In addition,the registration stage used the capability-based access policies to solve the problem of unauthorized access.It formally verified the proposed schemes by using formal methods.The results show the schemes improves the security of the NetInf framework.

Chunmei XIA,Mingwei XU

DOI: https://doi.org/10.3778/j.issn.1673-9418.1303025

2013-01-01

Abstract:Network requirements are evolved from data communications between two hosts to accessing a large amount of information through networks. The current Internet uses address-centric network communication model,which is suitable for the communications between hosts but not efficient in the communications between hosts and networks. Given this fact, information-centric networking(ICN) becomes the hot spot to meet the new requirements.Firstly, this paper presents the basic idea of ICN, analyzes the features of ICN, and classifies different ICN approaches,including the following aspects: naming, resolving, routing and caching. Secondly, this paper summarizes the five key technologies in ICN which are naming, resolving, routing, distribution and caching, and then analyzes and evaluates the existing ICN schemes. Finally, several key issues in ICN are discussed and future directions are pointed out.

Danye Wu,Zhiwei Xu,Bo Chen,Yujun Zhang,Zhu Han

DOI: https://doi.org/10.1109/tcomm.2020.3026380

IF: 6.166

2021-01-01

IEEE Transactions on Communications

Abstract:By moving computing resources close to where they are needed (i.e., the network edges), edge computing can significantly reduce burden on the centric cloud data centers. However, extreme scale of on-line big data may impose a significant burden on the network backbones. Information-centric edge networking can address this challenge by incorporating in-network caching into edge networks. This however, opens a door for many new security issues and requires various security defenses. One of those is efficient access control design specifically for information-centric edge networking. In this work, we aim to design an efficient and secure access control scheme for information-centric edge networking. In our design, we propose the confidentiality-enhanced network coding which can ensure that, without having access to the authorization key, the attacker will not be able to obtain the original content. And thanks to the properties of confidentiality-enhanced network coding, highly efficient access control can be realized by encrypting only part of the encoding matrix. In addition, our design can allow efficiently revoking users. Security analysis and experimental evaluation on NS3 demonstrate that our scheme can successfully enforce access control in information-centric edge networking with a small overhead.

telecommunications,engineering, electrical & electronic

Qiang Wang,Wenchao Li,Zhiguang Qin

DOI: https://doi.org/10.1109/ACCESS.2019.2908009

IF: 3.9

2019-01-01

IEEE Access

Abstract:As a novel network architecture, information-centric networking (ICN) has a good performance in facilitating content sharing among users. Although in-network cache used in ICN can effectively solve the problem of network congestion. Meanwhile, it also brings a lot of challenges such as security and privacy issues during data transformation. Some of the current solutions are based on the traditional encryption technology, but these solutions introduce significant overhead in the client side and have a high requirement to the memory and computing power of end user. In this paper, we use an efficient proxy re-encryption (PRE) scheme in ICN framework to help reduce the overhead on the user-side while guaranteeing flexible data sharing between subscribers and even their cooperator. Our proposal has the additional benefits of a non-interactivity and collusion resistance. We also prove that our scheme is secure against adaptive replayable adaptive chosen ciphertext attack (RCCA) in re-encryption and chosen ciphertext attack (CCA) secure in complete ICN encryption. Our analysis of this program also shows that the scheme has a relatively good performance in computation cost and communication complexity aspects.

Satyajayant Misra,Reza Tourani,Frank Natividad,Travis Mick,Nahid Ebrahimi Majd,Hong Huang

DOI: https://doi.org/10.1109/tdsc.2017.2672991

2017-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The fast-growing Internet traffic is increasingly becoming content-based and driven by mobile users, with users more interested in data rather than its source. This has precipitated the need for an information-centric Internet architecture. Research in information-centric networks (ICNs) have resulted in novel architectures, e.g., CCN/NDN, DONA, and PSIRP/PURSUIT; all agree on named data based addressing and pervasive caching as integral design components. With network-wide content caching, enforcement of content access control policies become non-trivial. Each caching node in the network needs to enforce access control policies with the help of the content provider. This becomes inefficient and prone to unbounded latencies especially during provider outages. In this paper, we propose an efficient access control framework for ICN, which allows legitimate users to access and use the cached content directly, and does not require verification/authentication by an online provider authentication server or the content serving router. This framework would help reduce the impact of system down-time from server outages and reduce delivery latency by leveraging caching while guaranteeing access only to legitimate users. Experimental/simulation results demonstrate the suitability of this scheme for all users, but particularly for mobile users, especially in terms of the security and latency overheads.

He Bai,Hui Li,Jianming Que,Abla Smahi,Minglong Zhang,Peter Han Joo Chong,Shuo-Yen Robert Li,Xiyu Wang,Ping Lu

DOI: https://doi.org/10.1109/tnsm.2024.3486052

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Information-Centric Networking (ICN) is a promising future network architecture that shifts the host-based network paradigm to a content-oriented one. Over the past decade, numerous ICN congestion control (CC) schemes have been proposed, tailored to address congestion issues based on ICN’s transmission characteristics. However, several key challenges still need to be addressed. One critical issue is that most existing CC studies for ICN do not consider the diverse Quality of Service (QoS) requirements of modern network applications. This limitation hinders their applicability across various applications with different network performance preferences. Another ongoing challenge lies in improving transmission performance, particularly considering how to appropriately coordinate congestion control participants to enhance content retrieval efficiency and ensure reasonable resource allocation, especially in multipath scenarios. To tackle these challenges, we propose QSCCP, a QoS-aware congestion control protocol built upon NDN (Named Data Networking), a well-known ICN architecture. In QSCCP, diverse QoS preferences of various traffic are supported within a collaborative congestion control framework. A novel multi-level, class-based scheduling and forwarding mechanism is designed to ensure varied and fine-grained QoS guarantees. A distributed congestion notification and precise feedback mechanism is also provided, which efficiently collaborates with an adaptive multipath forwarding strategy and consumer rate adjustment to rationally allocate network resources and improve transmission efficiency, particularly in multipath scenarios. Extensive experimental results demonstrate that QSCCP satisfies diverse QoS requirements while achieving outstanding transmission performance. It outperforms existing schemes in throughput, fairness, delay, and packet loss, with a rapid convergence rate and excellent stability.

Kaiping Xue,David S. L. Wei,Roberto Bruschi,I Chih-Lin

DOI: https://doi.org/10.1109/mcom.2019.8740785

IF: 9.03

2019-01-01

IEEE Communications Magazine

Abstract:The articles in this special section focus on the topic of information centric networking (ICN), an approach that shifts the Internet infrastructure from a host-centric paradigm, based on perpetual connectivity and the end-to-end principle, to a new paradigm where named data becomes independent from location, application, storage, and means of transportation, enabling in-network storage and replication. The expected benefits include improved effi ciency, better scalability with respect to information/bandwidth demand, and better robustness in challenging communication scenarios. As the most promising clean-slate approach for future Internet, ICN has attracted much attention in the past few years, and created a trajectory that is to replace the current IP-based Internet. There have been many prototypes of ICN, but more research is still ongoing, which includes naming, forwarding/routing, and caching policy, deployment strategy, security policy, and so on.

Abedelaziz Mohaisen,Xinwen Zhang,Max Schuchard,Haiyong Xie,Yongdae Kim

DOI: https://doi.org/10.1145/2484313.2484335

2012-01-01

Abstract:In information centric network (ICN), contents are fetched by their names from caches deployed in the network or from origin servers. Once the contents are fetched from the origin server, it is replicated and cached in all routers along the routing and forwarding paths from the user that issues the interest to the origin server, thus allowing further "interests" by other users to be fulfilled quickly. However, the way ICN caching and interest fulfillment work pose a great privacy risk; the time difference between response for interest of cached and uncached contents can be used as an indicator to infer whether or not a near-by user previously requested the same contents requested by the adversary. This work introduces the extent to which the problem is applicable in ICN and provides several solutions to address it.

Zuoqi Jiang,Jiangtao Luo,Fei Zhang,Chen He,Mengnan Wang,Yanyong Zhang

DOI: https://doi.org/10.1109/hoticn48464.2019.9063215

2019-01-01

Abstract:The current data-centric security architecture for the Information Centric Network (ICN) does not provide efficient user authentication mechanisms, thus causing undesirable issues such as interest flooding a ttacks (IFA). I no rder to address them, this paper proposes a pseudonym authentication scheme on network layer based on the system of identity-based cryptography (IBC). In the proposed approach, each consumer needs to be authenticated before sending Interest packets into the network. After successful authentication, the consumer will be assigned a temporary nickname to be used in later data request. During the procedure, IBC is adopted to protect real names of consumers and verify the interest origin. As a result, this approach can complete user authentication and protect his real identity simultaneously. The proposed approach is case studied in IFA depression and expected results are achieved.

Liu Huiling,Li Hui,Yu Chaoqi,Zhu Bing,Pan Kai

DOI: https://doi.org/10.1109/ICCChina.2015.7448622

2015-01-01

Abstract:Identity/locator separation and software defined networking (SDN) have emerged in recent years as two promising technologies within the Internet community. Identity/locator separation supports mobility and shows good performance in scaling problems. By separating the control and data plane, SDN achieves the software control of the networks evolving independently of the hardware. Constant attempts are made to integrate identity/locator separation and SDN dedicated to a new network architecture incorporating these two technologies so as to retain the advantages from both of them. In this paper, we propose a novel identity-based centralized control network architecture (ICCN) by mapping identity into locator to route and decoupling control strategy from packet forwarding. ICCN provides efficient communication and host mobility. We implement ICCN and conducts experiments on a SDN-based network with up to 10 nodes, and the results show that ICCN is feasible and scalable.

Ping LI,Lei WANG

DOI: https://doi.org/10.3969/j.issn.2095-347X.2017.06.002

2017-01-01

Abstract:Information-Centric Networking is a future direction of the evolution of the network,which basic idea is to replace the IP with the content name to become the core of the network,and thus can meet the demand of content distribution.However,the existing network infrastructure cannot directly support the implementation of ICN network.Software Defined Network decouples data plane and control plane,providing flexible network programmability and making it possible for the ICN architecture to be implemented in real networks.Implementation of ICN network based on SDN architecture has become a hot research direction.This paper first summarizes the technical characteristics of ICN and SDN,and then analyzes the existing ICN network implementation scheme under SDN architecture.Finally,we discuss the benefits of SDN in terms of key issues such as route forwarding,cache management,and mobility in ICN implementation.

Daibo MAO,Qi LI,Yuan YANG

DOI: https://doi.org/10.3969/j.issn.2095-347X.2013.04.005

2013-01-01

Abstract:Several Information Centric Network(ICN) architectures have been proposed to solve several problems in the current IP-based Internet architecture such as mobility and multi-path forwarding.Among these schemes,security and privacy are considered as essential part in ICN.We analyze that existing ICN designs lack built-in privacy protection for content providers.For example,any router in an Internet Service Provider(ISP) in ICN can cache any content,which may incur information leakage.In this paper,we analyze the privacy leakage problem in ICN,and compare the features of the existing ICN security solutions.Finally,we discuss the key issues in designing privacy protection mechanisms in ICNs.

Haipeng Yao,Mengnan Li,Jun Du,Peiying Zhang,Chunxiao Jiang,Zhu Han

DOI: https://doi.org/10.1109/mcom.2019.1800734

IF: 9.03

2019-01-01

IEEE Communications Magazine

Abstract:The current Internet is an end-to-end communication architecture based on packet switching between terminals. However, with the development of computer networks and increasing proliferation of communication services, the ability of this architecture-based Internet to transmit and process data has encountered challenges, and it has been unable to adapt to the rapid development of today's application requirements. Thus, information-centric networking (ICN) is emerging as a feasible solution and has become a new hot topic for future research in network architecture. The ICN strips content from terminal locations and provides services such as storage and multi-party communication through the publish/ subscribe paradigm. Although the ICN brings new opportunities for network development, there are plenty of problems existing in the ICN that have not been settled. For example, the conflict between polymerizability and mobility in the naming scheme, scalability problems of the name routing, as well as the inefficiency of transmission control algorithms under the circumstance of rich interest are all worth discussing. However, utilizing the computational and analytical features of artificial intelligence (AI) can help the ICN break through the bottleneck of existing technology development. With regard to the issues above, this article introduces and investigates some related technologies of AI in the ICN, that is, naming mechanism, transmission control, and content distribution, and introduces and surveys problems in ICN research. Furthermore, the next development direction of ICN and issues that need to be studied are discussed in this work.

SUN Yan-bin,ZHANG Yu,ZHANG Hong-li

DOI: https://doi.org/10.3969/j.issn.0372-2112.2016.08.034

2016-01-01

Abstract:The application model in the Internet has shifted into information sharing,while the architecture is still based on the end-to-end communication.The conflict between them is becoming increasingly acute.To solve such a mis-match,ICN (Information-Centric Networking)is proposed.In this paper,a basic architecture framework for ICNs is first proposed,functional modules and properties are adopted to explore the design of ICN.Then,the relationships between ICN and other future network technologies are analyzed,the experiment platform and the deployment of ICN are discussed.Final-ly,crucial issues and future researches are concluded.