Xinyue Zhang,Jingyi Wang,Hongning Li,Yuanxiong Guo,Qingqi Pei,Pan Li,Miao Pan

DOI: https://doi.org/10.1109/glocom.2018.8647637

2018-01-01

Abstract:Information-centric networking (ICN) is developed for the future Internet because of the tremendous increase of content demands in the Internet. In the ICN architecture, in-network storage for caching plays an important role in improving content delivery efficiency, scalability and availability. To enjoy the benefits of caching users' preferable contents without disclosing the users' privacy, in this paper, we aim to integrate local differential privacy (LDP) techniques into data-driven optimization, and propose a novel scheme to allow content provider (CP) to collect the locally differentially private content preferences of a selected group of users, exploit data-driven approach to predict the content popularity, and offer the cacheenabled access points (APs) economic incentives to cache the selected preferable content. Here, optimized local hashing (OLH) is employed to locally add differential private noise to the users' preference content information and the noisy data is sent to the CP. Besides, we leverage data-driven methodology to predict the content popularity according to the constructed reference distribution of the given noisy preference content data from users. We formulate a data-driven caching revenue optimization, provide feasible solutions, and conduct simulations to show the effectiveness of the proposed scheme.

Xinyue Zhang,Hongning Li,Jingyi Wang,Yuanxiong Guo,Qingqi Pei,Pan Li,Miao Pan

DOI: https://doi.org/10.1109/twc.2021.3069763

IF: 10.4

2021-01-01

IEEE Transactions on Wireless Communications

Abstract:Information-centric networking (ICN) as an emerging networking paradigm has recently gained significant attention, due to the improvement of content delivery efficiency. The built-in network storage for caching is a key component in ICN to provide low latency service and reduce high backhaul traffic by caching popular content. However, users' content preference contains individual sensitive characteristics which is distinguishable from others. Therefore, in this work, we propose a data-driven caching revenue maximization problem with the considerations of users' local differential privacy. Specifically, we employ dBitFlip, a local differential privacy (LDP) mechanism, to locally add differential private noise to the users' preference content information. We leverage data-driven approach to predict the content popularity based on the reference distribution constructed by the reported noisy preference content data from users, mathematically present the distance between the noisy reference distribution and the true distribution by the tolerance level, and prove the relationship among the tolerance level, differential privacy budget and the confidence level. We provide feasible solutions to the proposed revenue maximization problem, and conduct simulations to show the effectiveness of the proposed scheme.

Yanan Zhang,Jingru Xing,Yaozong Xu,Maode Ma,Cong Wang

DOI: https://doi.org/10.1007/978-981-97-5606-3_22

2024-01-01

Abstract:Named Data Networking (NDN) is one of the potential Future Internet Architectures, shifting from the traditional host-centric architecture to a data-centric one. Collusion Interest Flooding Attacks (CIFAs) is a new type of attack that intermittently sending malicious Interests to overwhelm the Pending Interest Table (PIT). Collusive producers working with the attackers respond to these malicious Interest packets just before they expire in the PIT, thereby disguising their attacks as legitimate, which makes detection methods against Interest Flooding Attacks (IFAs) unable to identify CIFAs. This paper proposes the DM-CIFA scheme, which aggregates decision tree and K-means algorithm for effective detection and mitigation of CIFAs. Firstly, a decision tree is trained to monitor the number of entries in the PIT, and the throughput of Interest and Data packets of the router for attack detection. Then the malicious prefix identification algorithm, based on the K-means algorithm, is activated after an attack is detected. Additionally, the bottleneck router mitigating CIFAs by informing the next hop router with a signed Interest packet (SIP) that carry the malicious prefixes to pinpoint attackers and reject forwarding malicious Interests. The simulation results demonstrate the proposed DM-CIFA has high sensitivity towards CIFAs and the capability to effectively mitigate the attack's effects on the NDN.

Shengquan Liao,Chunming Wu,Qiang Yang,Ming Jiang

DOI: https://doi.org/10.4304/jnw.7.11.1837-1844

2012-01-01

Journal of Networks

Abstract:The information-centric network has been proposed for years. It received much attention in the research community until that the content-centric networking (CCN) became one of the fundamental components of Future Internet Architecture (FIA). Meanwhile, current CCN faces enormous technical challenges and one of the key issues is to properly design and evaluate the adaptive forwarding strategies. This paper aims to propose a high efficient routing protocol (ELRP) for the name resolving in CCN. The ELRP incorporates the merits of hierarchical structure, channel and rendezvous network. The demands of path latency are loosen in the proposed routing design, and other metrics, e.g. communication cost, load balancing and resource consumption, are also taken into the consideration. A collection of simulation experiments are carried out and the results show that ELRP can provide improved network performances in terms of these evaluation metrics. Such research outcome implies that a more comprehensive service can be deployed with improved network performance.

Shi Li,Inshil Doh,Kijoon Chae

DOI: https://doi.org/10.1109/icoin.2016.7427091

2016-01-01

Abstract:Content Delivery Networks (CDN) act as trusted overlay networks that offer high-performance delivery of common Web objects, static data and rich multimedia content by distributing content load among edge servers which are close to the clients. And the interconnection of different CDNs (called CDNi) could provide more advantages and benefits to both content provider and client than a single CDN during the content delivery. However, the interconnection can also bring some security issues which are not existed in single CDN. For example, the users' privacy could be revealed to other CDNs. Thus, to focus on this issue, in this paper, we propose an anonymous IP-based privacy protection mechanism which can protect the users' privacy from leaking to all the CDNs, and the requested content can also be accurately transmitted to the end user through the closest edge server by using the anonymous IP address.

Kai Lei,Jie Xing,Yi Wang,KeKe Li,Dong Lin

DOI: https://doi.org/10.1109/infcomw.2018.8406944

2018-01-01

Abstract:As a promising future network architecture, Named Data Networking (NDN) enables efficient content distribution and significantly reduces the overall network traffic through its routing and caching mechanisms. On the other hand, the routing and caching features of NDN could cause a side-effect in which Content Providers (CPs) are unable to acquire the accurate number of access to their contents, since consumers can get contents directly from intermediate network devices such as routers. However, the accurate statistical information of content access is of great importance for CPs when making pricing and cache placement strategies based on content popularity, but now CPs can only assume the content's access information rather than the real data to make strategies. In this paper, we propose a new scheme to help CPs regain the access information of contents timely and efficiently. In our solution, network devices keep track of the requested content information and collect the statistics of the content access information in a self-adaptive manner. The statistical information is sent to CPs by routers when certain events are triggered, so that CPs could obtain the popularity of their contents. With the proposed scheme, CPs, in the context of NDN, based on the real popularity information of contents, can make appropriate caching and pricing strategies for the sake of better serving their business interest. Our simulation further indicates that the proposed scheme is not only lightweight but also exhibits good accuracy and low latency.

Yong Yu,Yannan Li,Xiaojiang Du,Ruonan Chen,Bo Yang

DOI: https://doi.org/10.1109/mcom.2018.1701086

IF: 9.03

2018-11-01

IEEE Communications Magazine

Abstract:ICNs are promising alternatives to current Internet architecture since the Internet struggles with a number of issues such as scalability, mobility, and security. ICN offers a number of potential benefits including reduced congestion and enhanced delivery performance by employing content caching, simpler network configurations, and stronger security for the content. NDN, an instance of ICN, enables content delivery instead of host-centric approaches by naming data rather than host. In order to make NDN practical in the real world, the challenging issues of content security need to be addressed. In this article, we examine the architecture and content security as well as possible solutions to these issues of NDN, with a special focus on the content integrity and provenance. We propose a variety of digital signature schemes to achieve the data integrity and origin authentication in NDN for various applications, which include cost-effective signatures, privacy preserving signatures, network coding signatures, and post-quantum signatures. We also present speed-up techniques in generating signatures and verifying signatures such as pre-computation, batch verification, and server-aided verification to reduce the computational cost of the producers and receivers in NDN. A number of certificate-free trust management approaches and possible adoptions in NDN are investigated.

telecommunications,engineering, electrical & electronic

Tao Chen,Kai Lei,Kuai Xu

DOI: https://doi.org/10.1109/pccc.2014.7017100

2014-01-01

Abstract:The new named data networking (NDN) has shifted the Internet from today's IP-based packet-delivery model to the name-based data retrieval model. The architecture shift from IP addresses to named data results in effective content delivery via in-networking cache and direct object retrieval. However, this shift has also created challenges and obstacles for securing data objects and providing appropriate access control on named data due to broad data replications and the loss of network perimeters. This paper designs, implements, and evaluates an encryption and probability based access control model for NDN with video streaming service as a case study. In particularly, we explore a combination of public-key cryptography and symmetric ciphers to encrypt video data for preventing unauthorized access. In addition, we build a bloom-filter probabilistic data structure for pre-filtering Interests from consumers without desired credentials. Our experimental results have demonstrated the capabilities of the proposed model for providing access control while incurring low system and performance overhead on producers and consumers.

Yi Wang,Zhuyun Qi,Bin Liu

DOI: https://doi.org/10.1145/3063955.3063993

2018-01-01

China Communications

Abstract:Named Data Networking (NDN) improves the data delivery efficiency by caching contents in routers. To prevent corrupted and faked contents be spread in the network, NDN routers should verify the digital signature of each published content. Since the verification scheme in NDN applies the asymmetric encryption algorithm to sign contents, the content verification overhead is too high to satisfy wire-speed packet forwarding. In this paper, we propose two schemes to improve the verification performance of NDN routers to prevent content poisoning. The first content verification scheme, called “user-assisted”, leads to the best performance, but can be bypassed if the clients and the content producer collude. A second scheme, named “Router-Cooperation”, prevents the aforementioned collusion attack by making edge routers verify the contents independently without the assistance of users and the core routers no longer verify the contents. The Router-Cooperation verification scheme reduces the computing complexity of cryptographic operation by replacing the asymmetric encryption algorithm with symmetric encryption algorithm. The simulation results demonstrate that this Router-Cooperation scheme can speed up 18.85 times of the original content verification scheme with merely extra 80 Bytes transmission overhead.

Qing Li,Zongyi Zhao,Mingwei Xu,Yong Jiang,Yuan Yang

DOI: https://doi.org/10.1016/j.comcom.2016.09.012

IF: 5.047

2016-01-01

Computer Communications

Abstract:As the popularity of content-delivery applications (e.g., YouTube) grows, the inefficiency of transmission on the Internet has emerged, since in the TCP/IP networks, routers are unaware of the passing contents and the same content might be transmitted through the same path multiple times. To solve the problem as well as other problems, a lot of Information Centric Networking (ICN) architectures, including Named Data Networking (NDN), are proposed. These architectures enable the routers to identify and cache contents. In this paper, we design an efficient and feasible scheme of caching and routing for NDN, i.e., Selective cAching and Dynamic routing (SADO). First, we propose a selective caching method that balances caching load among routers and reduces the caching redundancy dramatically. Then, we provide a scalable method to maintain routing information for the in-router cached contents. After that, a probabilistic forwarding method for requests is proposed to minimize the expected cost of fetching contents. Finally, we evaluate the performance of SADO by comprehensive simulations. The simulation results show that SADO achieves a decrease of 34% in the cost of fetching a content and a decrease of 81% in the load carried by the source servers, and a cached content is utilized 0.8 times on average. (C) 2016 Elsevier B.V. All rights reserved.

Lingjun Pu,Xu Chen,Jingdong Xu,Xiaoming Fu

DOI: https://doi.org/10.48550/arXiv.1606.06316

2016-06-20

Networking and Internet Architecture

Abstract:Recent years with the popularity of mobile devices have witnessed an explosive growth of mobile multimedia contents which dominate more than 50\% of mobile data traffic. This significant growth poses a severe challenge for future cellular networks. As a promising approach to overcome the challenge, we advocate Content Retrieval At the Edge, a content-centric cooperative service paradigm via device-to-device (D2D) communications to reduce cellular traffic volume in mobile networks. By leveraging the Named Data Networking (NDN) principle, we propose sNDN, a social-aware named data framework to achieve efficient cooperative content retrieval. Specifically, sNDN introduces Friendship Circle by grouping a user with her close friends of both high mobility similarity and high content similarity. We construct NDN routing tables conditioned on Friendship Circle encounter frequency to navigate a content request and a content reply packet between Friendship Circles, and leverage social properties in Friendship Circle to search for the final target as inner-Friendship Circle routing. The evaluation results demonstrate that sNDN can save cellular capacity greatly and outperform other content retrieval schemes significantly.

Li Qi,Lee Patrick P. C.,Zhang Peng,Su Purui,He Liang,Ren Kui

DOI: https://doi.org/10.1109/TNET.2017.2715822

2017-01-01

IEEE/ACM Transactions on Networking

Abstract:Named data networking (NDN) enhances traditional IP networking by supporting in-network content caching for better bandwidth usage and location-independent data accesses for multi-path forwarding. However, NDN also brings new security challenges. For example, an adversary can arbitrarily inject packets to NDN to poison content cache, or access content packets without any restrictions. We propose c...

Shuokang Huang,Shuai Zhu,Kai Lei,Haiyi Lian,Shouyang Wei

DOI: https://doi.org/10.1109/ispa-bdcloud-socialcom-sustaincom51426.2020.00184

2020-01-01

Abstract:Information-Centric Networking (ICN) takes advances in content distribution, thanks to the in-network caches which naturally reduce the delay of upper-layer applications. Though attaining high dissemination efficiency, the in-network caching amplifies the challenges in the consistency of cached copies. Since ICN decouples data from the locations, it's hard for ICN to synchronize the caches efficiently once an update occurs, which could lead to potential issues of correctness and security. Herein, we propose a novel cache consistency mechanism based on role division, namely RD-CCM, to achieve strong consistency in ICN. RD-CCM divides network nodes into several roles and applies the Lease model among specific routers to maintain synchronization with high efficiency. We set up an adaptive parametric model to determine the Lease duration of RD-CCM, which balances the cost between storage and communication. Further, we optimize RD-CCM based on content popularity and Invertible Bloom Filter (IBF), diminishing the overhead of synchronization. We simulate RD-CCM on ndnSim to evaluate its performance, compared against Time- To-Live (TTL) and Polling-Every- Time (PET), which are employed in Named Data Networking (NDN). RD-CCM reduces the average hop counts by 32.5% compared against NDN-PET and reduces the cache staleness rate by 59.2% compared against NDN-TTL.

Rui Chen,Zhen Chen,Junwei Cao,Ziwei Hu,Jing Zhou,Jinghong Guo

2016-01-01

Abstract:We present the method of user privacy protection in Content-Centric Networking (CCN) based on Oblivious Transfer (OT). Content-Centric Networking (CCN) is new network architecture to match the modern Internet usage by switching host-to-host model to content based model. Although the caching mechanism in CCN has made full use of bandwidth resource, there are certain risks that critical user data might be exposed to third-party, and very little effort has been made on ensuring such security. In this paper, Oblivious Transfer has been proposed for CCN security usage. We setup the requirements for user privacy protection in CCN, and propose CCN-CPIR, a fully user privacy protection scheme based on OT. Then, we design and implement CCN-CPIR based on 1-n OT protocol using C++. CCN-CPIR not only provides fully user privacy protection, but also outperforms former Java implementation in speed, which is a strong concern in CCN router implementation. Finally, we set up an experimental platform in LAN and conduct performance evaluation. Our experimental results show the potentials for practical usage as improved efficiency.

Hao Wu,Jun Li,Tian Pan,Bin Liu

DOI: https://doi.org/10.1109/ICC.2013.6655117

2013-01-01

Abstract:Internet traffic has been exponentially growing with the increasing demand of content dissemination. This explosive growth in traffic poses a significant challenge to the networks, especially backbones. To address the challenge, the emerging content-oriented Named Data Networking (NDN) has been proposed due to its attractive advantages, such as network load reduction, low dissemination latency and energy efficiency. To achieve these benefits from NDN paradigm, the content caching strategy plays the most important role. In this paper, we present a popularity-based coordinated caching scheme with the objective of eliminating both the inter-domain and intra-domain redundant traffic of a backbone network. In this design, the global content popularity is obtained by the weighted aggregation of local content popularity at the routers, then the cache placement can be calculated based on the access cost guided by the global content popularity. We test our caching scheme on the publicly available backbone networks: Abilene and GEANT. Simulation results show that the proposed caching scheme achieves around 30% higher cache hit rate and 20% more traffic reduction, compared with the widely used Leaving Copies Everywhere (LCE) and Random Cache (RanCache) scheme.

Cesar Ghali,Gene Tsudik,Ersin Uzun

DOI: https://doi.org/10.48550/arXiv.1402.3332

2014-02-13

Networking and Internet Architecture

Abstract:In contrast to today's IP-based host-oriented Internet architecture, Information-Centric Networking (ICN) emphasizes content by making it directly addressable and routable. Named Data Networking (NDN) architecture is an instance of ICN that is being developed as a candidate next-generation Internet architecture. By opportunistically caching content within the network (in routers), NDN appears to be well-suited for large-scale content distribution and for meeting the needs of increasingly mobile and bandwidth-hungry applications that dominate today's Internet. One key feature of NDN is the requirement for each content object to be digitally signed by its producer. Thus, NDN should be, in principle, immune to distributing fake (aka "poisoned") content. However, in practice, this poses two challenges for detecting fake content in NDN routers: (1) overhead due to signature verification and certificate chain traversal, and (2) lack of trust context, i.e., determining which public keys are trusted to verify which content. Because of these issues, NDN does not force routers to verify content signatures, which makes the architecture susceptible to content poisoning attacks. This paper explores root causes of, and some cures for, content poisoning attacks in NDN. In the process, it becomes apparent that meaningful mitigation of content poisoning is contingent upon a network-layer trust management architecture, elements of which we construct while carefully justifying specific design choices. This work represents the initial effort towards comprehensive trust management for NDN.

Xinggong Zhang,Tong Niu,Feng Lao,Zongming Guo

DOI: https://doi.org/10.1145/2534169.2491729

IF: 1.937

2013-01-01

ACM SIGCOMM Computer Communication Review

Abstract:Making data the first class entity, Information-Centric Networking (ICN) replaces conventional host-to-host model with content sharing model. However, the huge amount of content and the volatility of replicas cached across the Internet pose significant challenges for addressing content only by name. In this paper, we propose a topology-aware name-based routing protocol which combines the benefits of location-oriented routing and content-centric routing together. We adopt a URL-like naming scheme, which defines register locations and content identifier. Node with copies sends Register messages towards a register using location-oriented routing protocols. All en-path routers record forwarding entries in forwarding table (FIB) as the "bread crumb" to this content. Following the bread crumb, routers know the "best" topology path to the available copies. An Interest is either forwarded towards a "known" copy by the content identifier, or towards the register nodes where it would find the bread crumb to the "best" copies. Compared with the existing flooding or name resolution methods, Our design shows a good potential in terms of scalability, availability and overhead.

Peng Zhang,Chuang Lin,Yixin Jiang,Patrick P. C. Lee,John C. S. Lui

DOI: https://doi.org/10.1109/jsac.2012.121018

IF: 16.4

2012-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Practical wireless network coding (e. g., COPE) is a promising technique that can enhance the throughput of wireless networks. However, such a technique also bears a serious security drawback: it breaks the current privacy-preserving protocols (e. g., Onion Routing), since their operations conflict each other. As user privacy in wireless networks is highly valued nowadays, a new privacy-preserving scheme that can function with wireless network coding becomes indispensable.To address such a challenge, we apply the idea of cooperative networking and design a novel anonymity scheme named ANOC, which can function in network-coding-based wireless mesh networks. ANOC is built upon the classic Onion Routing protocol, and resolves its conflict with network coding by introducing efficient cooperation among relay nodes. Using ANOC, we can perform network coding to achieve a higher throughput, while still preserving user privacy in wireless mesh networks. We formally show how ANOC achieves the property of relationship anonymity, and conduct extensive experiments via nsclick to demonstrates its feasibility and efficiency when integrated with network coding.

Peng Zhang,Chuang Lin

DOI: https://doi.org/10.1007/978-3-319-31083-1_5

2016-01-01

Abstract:Wireless network coding is a promising technique that can enhance the throughput of wireless networks. However, such a technique also bears a serious security drawback: it breaks the current privacy-preserving protocols (e.g., Onion Routing), since their operations conflict each other. As user privacy in wireless networks is highly valued nowadays, a new privacy-preserving scheme that can function with wireless network coding becomes indispensable. To this end, this chapter presents a novel anonymity scheme named ANOC, which can function in network coding-based wireless mesh networks. ANOC is built upon the classic Onion Routing protocol and resolves its conflict with network coding by introducing efficient cooperation among relay nodes. Using ANOC, we can perform network coding to achieve a higher throughput, while still preserving user privacy in wireless mesh networks. We formally show how ANOC achieves the property of relationship anonymity and conduct extensive experiments via NSclick to demonstrate its feasibility and efficiency when integrated with network coding.

Qi Li,Ravi Sandhu,Xinwen Zhang,Mingwei Xu

DOI: https://doi.org/10.1109/tdsc.2015.2494049

2017-01-01

Abstract:Several Information Centric Network (ICN) architectures have been proposed as candidates for the future Internet, aiming to solve several salient problems in the current IP-based Internet architecture such as mobility, content dissemination and multi-path forwarding. In general, security and privacy are considered as essential requirements in ICN. However, existing ICN designs lack built-in privacy protection for content providers (CPs), e.g., any router in an Internet Service Provider in ICN can cache any content, which may result in information leakage. In this paper, we propose Mandatory Content Access Control (MCAC), a distributed information flow control mechanism to enable a content provider to control which network nodes can cache its contents. In MCAC, a CP defines different security labels for different contents, and content routers check these labels to decide if a content object should be cached. To ensure correct enforcement of MCAC, we also propose a design of a trusted architecture by extending existing mainstream router architectures. We evaluate the performance of MCAC in the NS-3 simulator. The simulation results show that enforcing MCAC in routers does not introduce significant overhead in content forwarding.