Xinyue Zhang,Jingyi Wang,Hongning Li,Yuanxiong Guo,Qingqi Pei,Pan Li,Miao Pan

DOI: https://doi.org/10.1109/glocom.2018.8647637

2018-01-01

Abstract:Information-centric networking (ICN) is developed for the future Internet because of the tremendous increase of content demands in the Internet. In the ICN architecture, in-network storage for caching plays an important role in improving content delivery efficiency, scalability and availability. To enjoy the benefits of caching users' preferable contents without disclosing the users' privacy, in this paper, we aim to integrate local differential privacy (LDP) techniques into data-driven optimization, and propose a novel scheme to allow content provider (CP) to collect the locally differentially private content preferences of a selected group of users, exploit data-driven approach to predict the content popularity, and offer the cacheenabled access points (APs) economic incentives to cache the selected preferable content. Here, optimized local hashing (OLH) is employed to locally add differential private noise to the users' preference content information and the noisy data is sent to the CP. Besides, we leverage data-driven methodology to predict the content popularity according to the constructed reference distribution of the given noisy preference content data from users. We formulate a data-driven caching revenue optimization, provide feasible solutions, and conduct simulations to show the effectiveness of the proposed scheme.

Shengquan Liao,Chunming Wu,Qiang Yang,Ming Jiang

DOI: https://doi.org/10.4304/jnw.7.11.1837-1844

2012-01-01

Journal of Networks

Abstract:The information-centric network has been proposed for years. It received much attention in the research community until that the content-centric networking (CCN) became one of the fundamental components of Future Internet Architecture (FIA). Meanwhile, current CCN faces enormous technical challenges and one of the key issues is to properly design and evaluate the adaptive forwarding strategies. This paper aims to propose a high efficient routing protocol (ELRP) for the name resolving in CCN. The ELRP incorporates the merits of hierarchical structure, channel and rendezvous network. The demands of path latency are loosen in the proposed routing design, and other metrics, e.g. communication cost, load balancing and resource consumption, are also taken into the consideration. A collection of simulation experiments are carried out and the results show that ELRP can provide improved network performances in terms of these evaluation metrics. Such research outcome implies that a more comprehensive service can be deployed with improved network performance.

Yu Wang,Mingwei Xu,Zhen Feng,Qing Li,Qi Li

DOI: https://doi.org/10.1109/pccc.2014.7017094

2014-01-01

Abstract:Information-Centric Networking (ICN) has been proposed recently to improve the efficiency of content delivery in current IP networks. ICN employs data names, instead of host addresses, as routing and forwarding indicators. Content in the ICN carries only signature of the content provider but does not contain the identity of the content consumer by default. Such information is, however, essential for many of the web applications, such as email, online social networking, online game, e-commerce, and other session-based web services.In this paper, we propose a session-based access control (SAC) mechanism for ICN scenario to bridge the gap. Key distribution protocols are designed to protect the confidentiality of the content during information delivery. We also employ a dynamic naming scheme to enhance user privacy. According to security analysis, our access control mechanism can provide communication security and privacy protection for both sides of the session. Our design can be easily applied to session-based applications in ICN with negligible overhead.

Kaiping Xue,Xiang Zhang,Qiudong Xia,David S. L. Wei,Hao Yue,Feng Wu

DOI: https://doi.org/10.1109/tnet.2019.2914189

2018-01-01

Abstract:Information centric networking (ICN) has been regarded as an ideal architecture for the next-generation network to handle users' increasing demand for content delivery with in-network cache. While making better use of network resources and providing better service delivery, an effective access control mechanism is needed due to the widely disseminated contents. However, in the existing solutions, making cache-enabled routers or content providers authenticate users' requests causes high computation overhead and unnecessary delay. Also, the straight-forward utilization of advanced encryption algorithms makes the system vulnerable to DoS attacks. Besides, privacy protection and service accountability are rarely taken into account in this scenario. In this paper, we propose SEAF, a secure, efficient, and accountable edge-based access control framework for ICN, in which authentication is performed at the network edge to block unauthorized requests at the very beginning. We adopt group signature to achieve anonymous authentication and use hash chain technique to reduce greatly the overhead when users make continuous requests for the same file. At the same time, we provide an efficient revocation method to make our framework more robust. Furthermore, the content providers can affirm the service amount received from the network and extract feedback information from the signatures and hash chains. By formal security analysis and the comparison with related works, we show that SEAF achieves the expected security goals and possesses more useful features. The experimental results also demonstrate that our design is efficient for routers and content providers and bring in only slight delay for users' content retrieval.

Daibo MAO,Qi LI,Yuan YANG

DOI: https://doi.org/10.3969/j.issn.2095-347X.2013.04.005

2013-01-01

Abstract:Several Information Centric Network(ICN) architectures have been proposed to solve several problems in the current IP-based Internet architecture such as mobility and multi-path forwarding.Among these schemes,security and privacy are considered as essential part in ICN.We analyze that existing ICN designs lack built-in privacy protection for content providers.For example,any router in an Internet Service Provider(ISP) in ICN can cache any content,which may incur information leakage.In this paper,we analyze the privacy leakage problem in ICN,and compare the features of the existing ICN security solutions.Finally,we discuss the key issues in designing privacy protection mechanisms in ICNs.

MIN Er-long,CHEN Zhen,CHEN Rui,XU Hong-feng

DOI: https://doi.org/10.3969/j.issn.1671-1122.2013.02.004

2013-01-01

Abstract:CCN is one of Information-Centric Internetworking architecture aimed to replace current TCP/IP architecture with the advantage for the better dissemination of information.At the same time,this architecture has also advantageous in security,mobility and scalability over current TCP/IP based Internet.Currently CCN is the most promising future Internet architecture to solve the content distribution requirements.This paper mainly studies the privacy issues in CCN.As CCN architecture has the strong ability on the dissemination of information,this paper presents an analysis of this capability's effect on the user privacy protection problem.Also this paper gives some game theory model on the different players(i.e.CCN User,ISP and content provider) in CCN.Finally,this paper introduces several privacy protection schemes,and provides a new perspective in the study of privacy in CCN architecture.

Kaiping Xue,Peixuan He,Jiayu Yang,Qiudong Xia,David S. L. Wei

DOI: https://doi.org/10.1109/tnet.2022.3155110

2022-01-01

IEEE/ACM Transactions on Networking

Abstract:As one of the promising next generation network architectures, information centric networking (ICN) is highly anticipated to improve the bandwidth usage of the Internet and reduce duplicate traffic. Since contents in ICN are disseminated in the whole network, ICN is much more vulnerable and the issue of how to deliver contents securely has been intensively discussed. However, the scalability of the existing schemes is limited. A scalable scheme is expected to be able to achieve fine-grained access control and at the same time also support multiple content providers scenario with efficient key management at user side. Besides, different content providers may publish some identical contents and these contents may be cached in the same intermediate routers, which causes high data redundancy and in turn exerts an adverse impact on the performance of ICN. In this paper, we propose a Secure Content Delivery and Deduplication scheme, called SCD2, to achieve secure and efficient fine-grained access control in ICN with multiple content providers. We first propose a scalable key-policy attribute-based encryption (SKP-ABE) to provide fine-grained access control and allow different attribute authorities to share some public attributes to simplify the key management. Furthermore, based on SKP-ABE, we design a simple but effective mechanism to conduct content deduplication. Finally, we implement a prototype of SCD2 to test its performance and compare it with some existing schemes. The results show that SCD2 has lower storage overhead, a higher degree of deduplication, and better retrieval efficiency.

Enkeleda Bardhi,Mauro Conti,Riccardo Lazzeretti,Eleonora Losiouk

2023-07-11

Abstract:Today Internet is experiencing a massive number of users with a continuously increasing need for data, which is the leading cause of introduced limitations among security and privacy issues. To overcome these limitations, a shift from host-centric to data-centric is proposed, and in this context, Information-Centric Networking (ICN) represents a promising solution. Nevertheless, unsettling the current Internet network layer, i.e., Internet Protocol (IP), with ICN is a challenging, expensive task since it requires worldwide coordination among Internet Service Providers (ISPs), backbone, and Autonomous Services (AS). Therefore, researchers foresee that the replacement process of the current Internet will transition through the coexistence of IP and ICN. In this perspective, novel architectures combine IP and ICN protocols. However, only a few of the proposed architectures place the security-by-design feature. Therefore, this article provides the first comprehensive Security and Privacy (SP) analysis of the state-of-the-art IP-ICN coexistence architectures by horizontally comparing the SP features among three deployment approaches, i.e., overlay, underlay, and hybrid, and vertically comparing among the ten considered SP features. Lastly, the article sheds light on the open issues and possible future directions for IP-ICN coexistence. Our analysis shows that most architectures fail to provide several SP features, including data and traffic flow confidentiality, availability, and anonymity of communication. Thus, this article shows the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across.

Cryptography and Security,Computers and Society,Networking and Internet Architecture

Danye Wu,Zhiwei Xu,Bo Chen,Yujun Zhang,Zhu Han

DOI: https://doi.org/10.1109/tcomm.2020.3026380

IF: 6.166

2021-01-01

IEEE Transactions on Communications

Abstract:By moving computing resources close to where they are needed (i.e., the network edges), edge computing can significantly reduce burden on the centric cloud data centers. However, extreme scale of on-line big data may impose a significant burden on the network backbones. Information-centric edge networking can address this challenge by incorporating in-network caching into edge networks. This however, opens a door for many new security issues and requires various security defenses. One of those is efficient access control design specifically for information-centric edge networking. In this work, we aim to design an efficient and secure access control scheme for information-centric edge networking. In our design, we propose the confidentiality-enhanced network coding which can ensure that, without having access to the authorization key, the attacker will not be able to obtain the original content. And thanks to the properties of confidentiality-enhanced network coding, highly efficient access control can be realized by encrypting only part of the encoding matrix. In addition, our design can allow efficiently revoking users. Security analysis and experimental evaluation on NS3 demonstrate that our scheme can successfully enforce access control in information-centric edge networking with a small overhead.

telecommunications,engineering, electrical & electronic

Rui Chen,Zhen Chen,Junwei Cao,Ziwei Hu,Jing Zhou,Jinghong Guo

2016-01-01

Abstract:We present the method of user privacy protection in Content-Centric Networking (CCN) based on Oblivious Transfer (OT). Content-Centric Networking (CCN) is new network architecture to match the modern Internet usage by switching host-to-host model to content based model. Although the caching mechanism in CCN has made full use of bandwidth resource, there are certain risks that critical user data might be exposed to third-party, and very little effort has been made on ensuring such security. In this paper, Oblivious Transfer has been proposed for CCN security usage. We setup the requirements for user privacy protection in CCN, and propose CCN-CPIR, a fully user privacy protection scheme based on OT. Then, we design and implement CCN-CPIR based on 1-n OT protocol using C++. CCN-CPIR not only provides fully user privacy protection, but also outperforms former Java implementation in speed, which is a strong concern in CCN router implementation. Finally, we set up an experimental platform in LAN and conduct performance evaluation. Our experimental results show the potentials for practical usage as improved efficiency.

Peixuan He,Yinxin Wan,Qiudong Xia,Shaohua Li,Jianan Hong,Kaiping Xue

DOI: https://doi.org/10.1109/ICC.2018.8422829

2018-01-01

Abstract:Information Centric Networking (ICN), a future network architecture candidate, aims to alleviate the problem of insufficient bandwidth in traditional IP network. In ICN, contents are distributed in the whole network, so access control becomes more intractable. As we know, almost all of existing solutions consider it as a "Yes or No" problem, where a user either has the permission to access the corresponding content or not. However, in many practical situations, a content provider doesn't expect a single authorized user has the ability to access its repertory without times limitation when taking copyright protection into account. In this paper, we propose LASA, a lightweight, auditable and secure solution where legitimate users are limited to access a content provider's data within pre-designate times. In LASA, each content provider sets maximum access times for each legitimate user and edge routers perform authentication and audit based on users' signatures attached to interest packets. Once a legitimate user attempts to exceed his/her limited access times, his/her secret key will be leaked and the dishonest behavior will be detected. Our security analysis shows that LASA can provide signature unforgeability, data confidentiality and other security features. Experiment results show that our scheme LASA brings a little computational cost.

Jiachen Chen,Haoyuan Xu,Shashikanth Penugonde,Yanyong Zhang,Dipankar Raychaudhuri

DOI: https://doi.org/10.1109/HotWeb.2016.11

2016-01-01

Abstract:The Content Delivery Network (CDN) has become an important element in the Internet, which uses applicationlayer caches to improve user experience and reduce network/server load. However, CDNs face efficiency issues due to the following two reasons: 1) they are not aware of the network status, and 2) the underlying location-centric network (IP) does not understand content. At the same time, the Information-Centric Network (ICN) has been developed to address these issues: they use content identities as routing labels and support functions such as multi-source, multicast and in-network caching. While these in-network caches can help improve the content delivery performance, they are unaware of applicationspecific characteristics like policy and popularity. As a result, we believe application-layer CDN solutions are still beneficial in ICN. They can take advantage of ICN content delivery capabilities while having access to application-level details, therefore getting the best from both worlds. In this paper, we propose a CDN architecture over Mobility-First - a representative example of ICN - to show the benefit of such a design. The solution uses self-certifying names that can enable efficient content validation in CDNs, an applicationlayer CDN design that can maximize the utility of caches, and a pushing mechanism that allows content providers cache content proactively. Through a prototype, we show the feasibility and efficiency of the architecture.

Qiudong Xia,Peixuan He,Kaiping Xue,Jiangping Han,David S. L. Wei,Hao Yue,Jin Qin

DOI: https://doi.org/10.1109/globecom38437.2019.9014220

2019-01-01

Abstract:Information Centric Networking (ICN), a new paradigm of Internet infrastructure, aims to better accommodate users' rapid growing demand for content delivery and optimize bandwidth utilization. Although the in-network cache feature of ICN facilitates the dissemination of content to users, it also poses new challenges on access control for content and network resource. Moreover, it is common that the access privilege of content dynamically change over time. However, existing access control mechanisms in ICN cannot support the publication and distribution of such time-sensitive content. In this paper, we propose a time-sensitive, lightweight, and secure access control mechanism, called TSLS, to solve this problem. We introduce broadcast encryption combined with time tokens for content providers to protect content confidentiality, and only authorized users satisfying the time limitation have capability to decrypt and access the content. Besides, a fast lightweight challenge-response verification is implemented at the edge routers to block unauthorized request from injecting into the network. The responses of authorized users are forwarded to content providers for pre-distribute popular content at in-network caches in advance. Our security analysis shows that TSLS possesses the properties of data confidentiality, unforgeability, anonymity, and DoS/DDoS attacks resistance. Our simulation results indicate that our proposed TSLS is an efficient mechanism with low computation cost and network delay.

Kaiping Xue,Jiayu Yang,Qiudong Xia,David S. L. Wei,Jian Li,Qibin Sun,Jun Lu

DOI: https://doi.org/10.1109/tnsm.2021.3136547

2021-01-01

IEEE Transactions on Network and Service Management

Abstract:As a new architecture of Internet infrastructure, Information-Centric Networking (ICN) is mainly designed to effectively handle the rapidly increasing user demand for content delivery through in-network caching. While facilitating the dissemination of content to users and making better use of the network resources, ICN is also vulnerable in that attackers can inject poisoned content into the network and isolate users from valid content sources. The introduction of signature verification in each router can effectively prevent this attack, but it also introduces great computation overhead. Existing schemes in ICN reduce verification overhead from a single routing perspective but do not consider integrating resources within ICN for collaborative content authentication and cyber self-defense. In this paper, we propose a collaborative, secure, and efficient content validation protection framework, named CSEVP, to implement a multi-router collaborative defense mechanism for ICN. On the one hand, we conduct content verification by probabilistically choosing one router involved in the transmission path to offload the computation overhead of content verification from a single router to multiple ones. On the other hand, we adopt bloom filters for routers to record and share verification results to further facilitate a more efficient content validity verification. The security and efficiency analysis shows that our proposed CSEVP can achieve efficient content validity verification among multiple routers with acceptable low communication and storage overhead.

Xu Li,Li Hui,Hu Jiawei,Wang Yunmin,Zhang Huayu

DOI: https://doi.org/10.1007/978-3-319-67807-8_3

2017-01-01

Abstract:Content-Centric Networking (CCN), is built on the notion of content-based security. With the integration of Network Coding (NC) into CCN to contribute to the best performance, security, one of the key features of CCN has been left behind. Though the permission for encoding/recoding content packets at producers and intermediate routers provides performance benefits, it also introduces additional security issues and disables existing security practices. In this paper, we fill the gap by analyzing new security challenges brought accordingly and proposing an Autonomous Systems (AS-s) based security mechanism for NC applications in CCN. It can not only guarantee the optimal performance of NC, but also offer the assurance for Integrity, Origin Authentication and Correctness of content packets, together with proving trustworthiness among border routers. More importantly, we also shed light on the performance issues and implementation problems of the mechanism. © 2017, Springer International Publishing AG.

Zhen Feng,Mingwei Xu,Yu Wang,Qing Li

DOI: https://doi.org/10.1109/glocom.2013.6831389

2013-01-01

Abstract:Information centric networking is proposed to deal with the inefficiency of content distributions in traditional networks. It replaces the current host-centric communication paradigm with the content-centric one, so all the network devices can identify and cache the contents passed by.Traditional cache consistency approaches which rely on the origin server to validate cached contents will not be practical in ICN. The origin server might be overwhelmed by the large volume of validation requests from ubiquitous caches.In this paper, we propose a cache consistency architecture named Content Update Validation System (CUVS). It makes use of the servers located in each domain to provide the content validation service. It relieves the origin server and the routing protocols from caring about the cache consistency issue. The system is designed as a hierarchical overlay network in ICN, so it is easy to deploy and scales well.

Bo Chen,Liang Liu,Huadong Ma

DOI: https://doi.org/10.1109/jiot.2020.2989361

IF: 10.6

2020-10-01

IEEE Internet of Things Journal

Abstract:Information-centric networking (ICN) is regarded as a promising architecture for Internet of Things (ICN-IoT) and access control is one of the critical problems to enable secure ICN-IoT. This article proposes high efficient access control (HAC), a high efficient access control system for ICN-IoT. Specifically, HAC enables access control via an elaborate designed hierarchical key tree (HKT) mechanism based on the hierarchical naming scheme of ICN. The proposed HKT contains the hierarchical authority information and allow users to locally derive the key according to their needs, thus greatly decreasing the overhead in IoT's many-to-many communication scenario. To ensure the security and efficiency of HKT, we further propose a level-oriented ciphertext policy attribute-based encryption (LOCP-ABE) algorithm such that users can only obtain the authority level according to their attributes, and also utilize the ICN's receiver-driven model and the in-network caching mechanism to speed up the distribution efficiency. Moreover, an attribute-based command verification mechanism is used to improve the efficiency of command verification for resource-constrained and isolated IoT edge. We evaluate the proposed HAC by theoretical security analysis and real-world experiments. The theoretical analysis proves that the proposed HAC is secure and experiment results show that HAC can greatly improve the access control efficiency in ICN-IoT compared with the state of the art.

computer science, information systems,telecommunications,engineering, electrical & electronic

Peixuan He,Kaiping Xue,Jie Xu,Qiudong Xia,Jianqing Liu,Hao Yue

DOI: https://doi.org/10.1109/ICME.2019.00139

2019-01-01

Abstract:Nowadays, multimedia content retrieval has become the major service requirement of the Internet and the traffic of these contents has dominated the IP traffic. To reduce the duplicated traffic and improve the performance of distributing massive volumes of multimedia contents, in-network caching has been proposed recently. However, because in-network content caching can be directly utilized to respond users' requests, multimedia content retrieval is beyond content providers' control and makes it hard for them to implement access control and service accounting. In this paper, we propose an attribute-based accountable access control scheme for multimedia content distribution while making the best of in-network caching, in which content providers can be fully offline. In our scheme, the attribute-based encryption at multimedia content provider side and access policy based authentication at the edge router side jointly ensure the secure access control, which is also efficient in both space and time. Besides, secure service accounting is implemented by letting edge routers collect service credentials generated during users' request process. Through the informal security analysis, we prove the security of our scheme. Simulation results demonstrate that our scheme is efficient with acceptable overhead.

He Bai,Hui Li,Jianming Que,Abla Smahi,Minglong Zhang,Peter Han Joo Chong,Shuo-Yen Robert Li,Xiyu Wang,Ping Lu

DOI: https://doi.org/10.1109/tnsm.2024.3486052

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Information-Centric Networking (ICN) is a promising future network architecture that shifts the host-based network paradigm to a content-oriented one. Over the past decade, numerous ICN congestion control (CC) schemes have been proposed, tailored to address congestion issues based on ICN’s transmission characteristics. However, several key challenges still need to be addressed. One critical issue is that most existing CC studies for ICN do not consider the diverse Quality of Service (QoS) requirements of modern network applications. This limitation hinders their applicability across various applications with different network performance preferences. Another ongoing challenge lies in improving transmission performance, particularly considering how to appropriately coordinate congestion control participants to enhance content retrieval efficiency and ensure reasonable resource allocation, especially in multipath scenarios. To tackle these challenges, we propose QSCCP, a QoS-aware congestion control protocol built upon NDN (Named Data Networking), a well-known ICN architecture. In QSCCP, diverse QoS preferences of various traffic are supported within a collaborative congestion control framework. A novel multi-level, class-based scheduling and forwarding mechanism is designed to ensure varied and fine-grained QoS guarantees. A distributed congestion notification and precise feedback mechanism is also provided, which efficiently collaborates with an adaptive multipath forwarding strategy and consumer rate adjustment to rationally allocate network resources and improve transmission efficiency, particularly in multipath scenarios. Extensive experimental results demonstrate that QSCCP satisfies diverse QoS requirements while achieving outstanding transmission performance. It outperforms existing schemes in throughput, fairness, delay, and packet loss, with a rapid convergence rate and excellent stability.

Kai Lei,Zhongjie Wang

DOI: https://doi.org/10.1109/iccse.2012.6295245

2012-01-01

Abstract:Content-Centric Networking (CCN) is a predominant substitute of the current TCP/IP networking and it is proposed to be the next generation Internet foundation. The evident characteristic of this network architecture is caching and indexing contents by the inner nodes - the routers, so as to reduce the redundant transmission and thereby shorten the distance between user and content. In this paper, we propose and implement a user authentication scheme over CCN. We adopt the trust model based on certificate authority (CA) to provide the service of binding certificate with user's identity, and help user determine the authenticity and reliability of the publisher of the network content. Also the specialized CA we designed for CCN takes advantage of the decentralization characteristic and cache mechanism of CCN to distribute the certificates and certificate revocation list (CRL) into the network, and it reduces the load of the CA central server when retrieving and verifying certificates. Besides, we propose a timeline-based method to segment the CRL with certificate issue date, thereby making the retrieval of CRL more effective.