Yu Wang,Mingwei Xu,Zhen Feng,Qing Li,Qi Li

DOI: https://doi.org/10.1109/pccc.2014.7017094

2014-01-01

Abstract:Information-Centric Networking (ICN) has been proposed recently to improve the efficiency of content delivery in current IP networks. ICN employs data names, instead of host addresses, as routing and forwarding indicators. Content in the ICN carries only signature of the content provider but does not contain the identity of the content consumer by default. Such information is, however, essential for many of the web applications, such as email, online social networking, online game, e-commerce, and other session-based web services.In this paper, we propose a session-based access control (SAC) mechanism for ICN scenario to bridge the gap. Key distribution protocols are designed to protect the confidentiality of the content during information delivery. We also employ a dynamic naming scheme to enhance user privacy. According to security analysis, our access control mechanism can provide communication security and privacy protection for both sides of the session. Our design can be easily applied to session-based applications in ICN with negligible overhead.

SUN Yan-bin,ZHANG Yu,ZHANG Hong-li

DOI: https://doi.org/10.3969/j.issn.0372-2112.2016.08.034

2016-01-01

Abstract:The application model in the Internet has shifted into information sharing,while the architecture is still based on the end-to-end communication.The conflict between them is becoming increasingly acute.To solve such a mis-match,ICN (Information-Centric Networking)is proposed.In this paper,a basic architecture framework for ICNs is first proposed,functional modules and properties are adopted to explore the design of ICN.Then,the relationships between ICN and other future network technologies are analyzed,the experiment platform and the deployment of ICN are discussed.Final-ly,crucial issues and future researches are concluded.

Qi Li,Ravi Sandhu,Xinwen Zhang,Mingwei Xu

DOI: https://doi.org/10.1109/tdsc.2015.2494049

2017-01-01

Abstract:Several Information Centric Network (ICN) architectures have been proposed as candidates for the future Internet, aiming to solve several salient problems in the current IP-based Internet architecture such as mobility, content dissemination and multi-path forwarding. In general, security and privacy are considered as essential requirements in ICN. However, existing ICN designs lack built-in privacy protection for content providers (CPs), e.g., any router in an Internet Service Provider in ICN can cache any content, which may result in information leakage. In this paper, we propose Mandatory Content Access Control (MCAC), a distributed information flow control mechanism to enable a content provider to control which network nodes can cache its contents. In MCAC, a CP defines different security labels for different contents, and content routers check these labels to decide if a content object should be cached. To ensure correct enforcement of MCAC, we also propose a design of a trusted architecture by extending existing mainstream router architectures. We evaluate the performance of MCAC in the NS-3 simulator. The simulation results show that enforcing MCAC in routers does not introduce significant overhead in content forwarding.

Xifeng AN,Weihua LI,Zun LIU

DOI: https://doi.org/10.3321/j.issn:0253-987X.2008.12.013

2008-01-01

Abstract:A novel network security cooperative defense technology is studied and a cooperative control framework based on agent mechanism is proposed to solve the lack of cooperative control and whole effect in traditional defense systems. The technology supports both IPv4 and IPv6 protocols and security modules in the framework are associated with each other to accomplish communication and work together. Furthermore, a network security cooperative defense system is composed and the key functions that support the early-alert, audit, accident recovery, network camouflage and so on are also achieved. The pivotal research is emphasized on the key technologies of system call sequences audit model based on machine learning and cooperative accident recovery. Under the condition of 100 M Data flow speed, the NSCDS software's false negative is less than 6% and its false positive is less than 8%. Besides, all module functions work normally and the system can be used to carry out cooperative defense capability.

Zheng CHEN,Xing-jian ZHANG,Yong SHI,Zhi XUE

DOI: https://doi.org/10.3969/j.issn.1002-0802.2018.03.028

2018-01-01

Abstract:The development of intelligent industrial control is closely related with the innovation and evolution of communication technology. With the development of new industrial control, such as Industry 4.0 and intelligent manufacturing, the open industrial control system faces more and more threats from the Internet. As a new type of communication network, the communication model of ICN in the information center network takes the information as the center, instead of the address - centered approach in the TCP/IP network. Therefore, the communication mode evolves from host-to-host to host-to-network, and the security mechanism is built up on information itself, while the forwarding mechanism evolves from storage and forwarding to cache forwarding. In view of this, a new smart industrial control communication service mechanism based on the ICN architecture is designed. Aiming at the defects and deficiencies in the design of TCP/IP, the fundamental solution to the design of the network architecture is proposed. Finally, security analysis and simulation experiments indicate the effectiveness of the proposed mechanism. The experiment result is of good theoretical value and application prospects in improving the safety of intelligent industrial control.

Xin,Xing Wei Wang,Jie Li,Min Huang

DOI: https://doi.org/10.4028/www.scientific.net/amm.543-547.3555

2014-01-01

Applied Mechanics and Materials

Abstract:Internet has become as a social infrastructure. The current Internet architecture based on TCP/IP is faced with many challenges. This fact makes the clean slate design of future Internet architecture represented by ICN (Information-Centric Networking) be a hot research topic. In this paper, a novel routing scheme for ICN (Information-Centric Networking) is proposed. On the basis of name-based routing, a process was designed to look for other available interface through which the backtracking-condition-met interest packet will be forwarded, which can reduce the network blocking rate. Moreover, FIB (Forwarding Information Base) of neighbor nodes will be modified when data packets go through a router, which can realize the efficient use of cache. Also, a concept of "popularity" is introduced to improve CS (Content Store) hit rate. The proposed routing scheme is implemented on NSFNET by simulation, and the experimental results have shown that it is feasible and effective.

LI Jun,CHEN Zhen,SHI Xi

DOI: https://doi.org/10.3969/j.issn.1671-1122.2012.04.021

2012-01-01

Abstract:The current Internet architecture is based on packet switching between the end to end communication architecture.With the growing surge of multimedia traffic and other communication services,especially video traffic,this architecture comes under increasing challenges in delivering contents over the Internet due to the obstacles of its inherent structure,which results in low content distribution efficiency,long retrieval latency and poor user experience etc.Information-Centric Networking(ICN) comes into being and tries to rescue this situation in this context.ICN separates content with the place where it stored,and brings out a new hot wave in research for the future Internet architecture.

Boubakr Nour,Spyridon Mastorakis,Rehmat Ullah,Nicholas Stergiou

DOI: https://doi.org/10.48550/arXiv.2103.02085

2021-03-03

Abstract:Information-Centric Networking (ICN) has emerged as a paradigm to cope with the lack of built-in security primitives and efficient mechanisms for content distribution of today's Internet. However, deploying ICN in a wireless environment poses a different set of challenges compared to a wired environment, especially when it comes to security. In this paper, we present the security issues that may arise and the attacks that may occur from different points of view when ICN is deployed in wireless environments. The discussed attacks may target both applications and the ICN network itself by exploiting elements of the ICN architecture, such as content names and in-network content caches. Furthermore, we discuss potential solutions to the presented issues and countermeasures to the presented attacks. Finally, we identify future research opportunities and directions.

Networking and Internet Architecture

Jiang Xiaoke,Bi Jun,Nan Guoshun,Li Zhaogeng

DOI: https://doi.org/10.1109/cc.2015.7188520

2015-01-01

Abstract:The basic function of the Internet is to delivery data（what） to serve the needs of all applications. IP names the attachment points（where） to facilitate ubiquitous interconnectivity as the current way to deliver data. The fundamental mismatch between data delivery and naming attachment points leads to a lot of challenges, e.g., mapping from data name to IP address, handling dynamics of underlying topology, scaling up the data distribution, and securing communication, etc. Informationcentric networking（ICN） is proposed to shift the focus of communication paradigm from where to what, by making the named data the first-class citizen in the network, The basic consensus of ICN is to name the data independent from its container（space dimension） and session（time dimension）, which breaks the limitation of point-to-point IP semantic. It scales up data distribution by utilizing available resources, and facilitates communication to fit diverse connectivity and heterogeneous networks. However, there are only a few consensuses on the detailed design of ICN, and quite a few different ICN architectures are proposed. This paper reveals the rationales of ICN from the perspective of the Internet evolution, surveys different design choices, and discusses on two debatable topics in ICN, i.e.,self-certifying versus hierarchical names, and edge versus pervasive caching. We hope this survey helps clarify some mis-understandings on ICN and achieve more consensuses.

Kaiping Xue,David S. L. Wei,Roberto Bruschi,I Chih-Lin

DOI: https://doi.org/10.1109/mcom.2019.8740785

IF: 9.03

2019-01-01

IEEE Communications Magazine

Abstract:The articles in this special section focus on the topic of information centric networking (ICN), an approach that shifts the Internet infrastructure from a host-centric paradigm, based on perpetual connectivity and the end-to-end principle, to a new paradigm where named data becomes independent from location, application, storage, and means of transportation, enabling in-network storage and replication. The expected benefits include improved effi ciency, better scalability with respect to information/bandwidth demand, and better robustness in challenging communication scenarios. As the most promising clean-slate approach for future Internet, ICN has attracted much attention in the past few years, and created a trajectory that is to replace the current IP-based Internet. There have been many prototypes of ICN, but more research is still ongoing, which includes naming, forwarding/routing, and caching policy, deployment strategy, security policy, and so on.

Chunmei XIA,Mingwei XU

DOI: https://doi.org/10.3778/j.issn.1673-9418.1303025

2013-01-01

Abstract:Network requirements are evolved from data communications between two hosts to accessing a large amount of information through networks. The current Internet uses address-centric network communication model,which is suitable for the communications between hosts but not efficient in the communications between hosts and networks. Given this fact, information-centric networking(ICN) becomes the hot spot to meet the new requirements.Firstly, this paper presents the basic idea of ICN, analyzes the features of ICN, and classifies different ICN approaches,including the following aspects: naming, resolving, routing and caching. Secondly, this paper summarizes the five key technologies in ICN which are naming, resolving, routing, distribution and caching, and then analyzes and evaluates the existing ICN schemes. Finally, several key issues in ICN are discussed and future directions are pointed out.

Zuoqi Jiang,Jiangtao Luo,Fei Zhang,Chen He,Mengnan Wang,Yanyong Zhang

DOI: https://doi.org/10.1109/hoticn48464.2019.9063215

2019-01-01

Abstract:The current data-centric security architecture for the Information Centric Network (ICN) does not provide efficient user authentication mechanisms, thus causing undesirable issues such as interest flooding a ttacks (IFA). I no rder to address them, this paper proposes a pseudonym authentication scheme on network layer based on the system of identity-based cryptography (IBC). In the proposed approach, each consumer needs to be authenticated before sending Interest packets into the network. After successful authentication, the consumer will be assigned a temporary nickname to be used in later data request. During the procedure, IBC is adopted to protect real names of consumers and verify the interest origin. As a result, this approach can complete user authentication and protect his real identity simultaneously. The proposed approach is case studied in IFA depression and expected results are achieved.

Bingyue ZHANG,Lei WANG,Haoqi WANG

DOI: https://doi.org/10.3969/j.issn.2095-347X.2017.01.003

2017-01-01

Abstract:In the existing information center network (ICN) implementation,there is little regard for information classification.However,different types of information using the same way for routing and caching is unreasonable.In this paper,we aim at a common type of information in the Internet and information dissemination protocol,and the request for information aggregation and content caching,analysis and processing of information in the differences between different types of ICN architecture,and gives information about the naming requests and caching applications.Experimental results show that,ICN applications based on classified information can significantly improve system performance.

Liu Yi,Li Jianhua

DOI: https://doi.org/10.15302/J-SSCAE-2020.06.017

2020-01-01

Abstract:The information-centric network (ICN) provides network protocols oriented to information itself, including a content-centric subscription mechanism and semantic-led naming, routing, and caching strategies. It has shown great potential in solving attacks on current IP address based network. This paper aims to propose a smart firewall model for ICN, and to build a firewall based on a semantic inference algorithm to isolate content. The ICN firewall module uses the fog computing paradigm to sense content threats from ICN, and generates customized filtering strategies for different contents. On the basis of analyzing the types of ICN attacks and the development of the fog computing architecture in ICN, this article introduces the fog-based ICN firewall model from three aspects: the overall structure of content defense, the host-oriented defense fog model, and the network-oriented defense fog model. This article also proposes an ICN-oriented detection and defense mechanism in order to alleviate the interest flooding attacks. Finally, by building the ndnSIM network simulation platform, this article evaluates the ICN cache hit rate and network communication delay, and verifies the feasibility and efficiency of the proposed fog computing-based ICN firewall module and defense algorithm.

M. Anisetti,Filippo Berto,C. Ardagna,E. Damiani

DOI: https://doi.org/10.1109/TNSM.2022.3165144

2022-09-01

IEEE Transactions on Network and Service Management

Abstract:Information-Centric Networking is an emerging alternative to host-centric networking designed for large-scale content distribution and stricter privacy requirements. Recent research on Information-Centric Networking focused on the protection of the network from attacks targeting the content delivery protocols, while assuming genuine content can always be retrieved from trustworthy nodes. In this paper, we depart from the assumption of the trustworthiness of network nodes and propose a novel certification methodology for information-centric networks that supports continuous security verification of non-functional properties. Our methodology provides a complete and detailed view of the network security status, increasing the trustworthiness of the network and its services. The proposed approach builds on an enhanced certification model capturing the evolution of the system over time. It also defines certification services that fully integrate with existing networks to collect evidence on the target of certification and carry out the certification process. It finally proposes two certification processes, centralized and decentralized, balancing the impact on the network and the system performance. Efficiency, performance, and soundness of our approach are experimentally evaluated in a simulated Named Data Networking (NDN) network targeting property availability.

Computer Science

Kedi Wang,Lei Wang,Ping Li

DOI: https://doi.org/10.1109/compcomm.2017.8322731

2017-01-01

Abstract:As two of the mainstream future network architectures, Software-Defined Networking (SDN) has been applied in real network, while Information-Centric Networking (ICN) is still in the experimental stage. Existing research shows that combination of ICN and SDN is feasible but need further research. In this paper, we propose a novel architecture POF-ICN based on the new SDN protocol-Protocol-Oblivious Forwarding (POF). In POF-ICN, control plane takes responsibility for route computation, and forwarding plane is responsible for forwarding data according to protocol-independent flow tables. In our architecture, Named-Object Routing Protocol is proposed based on object's name which consists of the resolvable name and its corresponding global unique identifier (GUID). Besides, we present a caching scheme based on object classification. Experiment results prove that our proposal can combine ICN and SDN effectively, and make better use of the in-network cache to reduce the content acquisition delay.

MIN Er-long,CHEN Zhen,CHEN Rui,XU Hong-feng

DOI: https://doi.org/10.3969/j.issn.1671-1122.2013.02.004

2013-01-01

Abstract:CCN is one of Information-Centric Internetworking architecture aimed to replace current TCP/IP architecture with the advantage for the better dissemination of information.At the same time,this architecture has also advantageous in security,mobility and scalability over current TCP/IP based Internet.Currently CCN is the most promising future Internet architecture to solve the content distribution requirements.This paper mainly studies the privacy issues in CCN.As CCN architecture has the strong ability on the dissemination of information,this paper presents an analysis of this capability's effect on the user privacy protection problem.Also this paper gives some game theory model on the different players(i.e.CCN User,ISP and content provider) in CCN.Finally,this paper introduces several privacy protection schemes,and provides a new perspective in the study of privacy in CCN architecture.

Ping LI,Lei WANG

DOI: https://doi.org/10.3969/j.issn.2095-347X.2017.06.002

2017-01-01

Abstract:Information-Centric Networking is a future direction of the evolution of the network,which basic idea is to replace the IP with the content name to become the core of the network,and thus can meet the demand of content distribution.However,the existing network infrastructure cannot directly support the implementation of ICN network.Software Defined Network decouples data plane and control plane,providing flexible network programmability and making it possible for the ICN architecture to be implemented in real networks.Implementation of ICN network based on SDN architecture has become a hot research direction.This paper first summarizes the technical characteristics of ICN and SDN,and then analyzes the existing ICN network implementation scheme under SDN architecture.Finally,we discuss the benefits of SDN in terms of key issues such as route forwarding,cache management,and mobility in ICN implementation.

Athanasios V. Vasilakos,Zhe Li,Gwendal Simon,Wei You

DOI: https://doi.org/10.1016/j.jnca.2015.02.001

IF: 7.574

2015-01-01

Journal of Network and Computer Applications

Abstract:For more than a decade, the inherent drawbacks of current Internet have been calling for its revolutionary designs. The end-to-end model, which was designed for special data transmission in the early age of Internet, is causing troubles everywhere in nowadays content based web services. Consequently, Information Centric Network (ICN) is proposed to solve these problems. As the most permanent clean-slate approach for next generation Internet, ICN has attracted much attention from network researchers in the passed few years. This survey focuses on the current progress of the research work in ICN. It investigates various key aspects such as naming and routing schemes, in-network caching policies, etc., and highlights the benefit of implementing ICN, open research issues and new interests in this domain.

Hengyang Zhang,Shixiang Zhu,Renchao Xie,Tao Huang,Yunjie Liu

DOI: https://doi.org/10.1109/cc.2017.8014352

2017-01-01

China Communications

Abstract:Information centric networking（ICN） is a new network architecture that is centred on accessing content. It aims to solve some of the problems associated with IP networks, increasing content distribution capability and improving users’ experience. To analyse the requests’ patterns and fully utilize the universal cached contents, a novel intelligent resources management system is proposed, which enables effi cient cache resource allocation in real time, based on changing user demand patterns. The system is composed of two parts. The fi rst part is a fi ne-grain traffi c estimation algorithm called Temporal Poisson traffi c prediction（TP2） that aims at analysing the traffi c pattern（or aggregated user requests’ demands） for different contents. The second part is a collaborative cache placement algorithm that is based on traffic estimated by TP2. The experimental results show that TP2 has better performance than other comparable traffi c prediction algorithms and the proposed intelligent system can increase the utilization of cache resources and improve the network capacity.