Yi Wang,Zhuyun Qi,Bin Liu

DOI: https://doi.org/10.1145/3063955.3063993

2018-01-01

China Communications

Abstract:Named Data Networking (NDN) improves the data delivery efficiency by caching contents in routers. To prevent corrupted and faked contents be spread in the network, NDN routers should verify the digital signature of each published content. Since the verification scheme in NDN applies the asymmetric encryption algorithm to sign contents, the content verification overhead is too high to satisfy wire-speed packet forwarding. In this paper, we propose two schemes to improve the verification performance of NDN routers to prevent content poisoning. The first content verification scheme, called “user-assisted”, leads to the best performance, but can be bypassed if the clients and the content producer collude. A second scheme, named “Router-Cooperation”, prevents the aforementioned collusion attack by making edge routers verify the contents independently without the assistance of users and the core routers no longer verify the contents. The Router-Cooperation verification scheme reduces the computing complexity of cryptographic operation by replacing the asymmetric encryption algorithm with symmetric encryption algorithm. The simulation results demonstrate that this Router-Cooperation scheme can speed up 18.85 times of the original content verification scheme with merely extra 80 Bytes transmission overhead.

Anwen Wang,Ting Chen,Hao Chen,Xiang Ji,Wei,Xin Han,Feng Chen

DOI: https://doi.org/10.1109/access.2019.2913656

IF: 3.9

2019-01-01

IEEE Access

Abstract:Cooperative vehicle infrastructure system (CVIS) is an essential part of the future intelligent transportation system (ITS). However, CVIS is uneasy to meet different QoS requirements of various information flows in the existing traffic environment. In fact, some real-time applications highly related to traffic safety early warning cannot be easily achieved or passengers' Internet accessing experience is always not very good. To overcome the above problem, this paper proposes a communication protocol named data networking for vehicle infrastructure cooperation (NDNVIC), which can respond to the vehicle's data query timely. In this paper, we utilize some ZigBee nodes as vehicle and RSU nodes and conduct several simulation experiments under a large-scale deployment with 150 RSU nodes to verify the effectiveness of NDNVIC. Compared with the traditional TCP/IP protocol, the response rate of NDNVIC is about four times, as fast as, that of TCP/IP.

Yuxin Chen,Jiayu Yang,Xuanbo Huang,Jiangping Han,Bobo Wang,Jian Li,Kaiping Xue

DOI: https://doi.org/10.1109/icccn58024.2023.10230118

2023-01-01

Abstract:With potential advantages over TCP/IP for content delivery, mobility, and security, Named Data Networking (NDN) has become a promising architecture for the next-generation network. However, its poor performance in reliable transmission is still an unsolved problem. Many existing schemes in NDN employ inaccurate retransmission timeouts calculated with RTTs from diverse content sources to detect packet loss, which is lagging and may deteriorate transmission performance. Besides, after identifying the loss, the consumer costly resends the request to recover it, further increasing recovery time. In this paper, we propose an in-network Proactive Loss Recovery (PLR) scheme, which provides an efficient in-network method for timely detection and proactive recovery of lost packets. Deployed on each router, PLR detects the loss by monitoring queue status and sends high-priority explicit feedback to notify consumers of loss events timely. Meanwhile, lost packets are stored in each router's cache and will be retransmitted at an adaptive rate based on the detected remaining bandwidth. The simulation shows that PLR can vastly reduce the number of retransmissions on consumers, and the content completion time can be decreased by up to 21.8% compared with the baseline.

Dohyung Kim,Jun Bi,Athanasios V. Vasilakos,Ikjun Yeom

DOI: https://doi.org/10.1109/tifs.2017.2725229

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In Named-Data Networking (NDN), content is cached in network nodes and served for future requests. This property of NDN allows attackers to inject poisoned content into the network and isolate users from valid content sources. Since a digital signature is embedded in every piece of content in NDN architecture, poisoned content is discarded if routers perform signature verification; however, if every content is verified by every router, it would be overly expensive to do. In our preliminary work, we have suggested a content verification scheme that minimizes unnecessary verification and favors already verified content in the content store, which reduces the verification overhead by as much as 90% without failing to detect every piece of poisoned content. Under this scheme, however, routers are vulnerable to verification attack, in which a large amount of unverified content is accessed to exhaust system resources. In this paper, we carefully look at the possible concerns of our preliminary work, including verification attack, and present a simple but effective solution. The proposed solution mitigates the weakness of our preliminary work and allows this paper to be deployed for real-world applications.

Qing Li,Zongyi Zhao,Mingwei Xu,Yong Jiang,Yuan Yang

DOI: https://doi.org/10.1016/j.comcom.2016.09.012

IF: 5.047

2016-01-01

Computer Communications

Abstract:As the popularity of content-delivery applications (e.g., YouTube) grows, the inefficiency of transmission on the Internet has emerged, since in the TCP/IP networks, routers are unaware of the passing contents and the same content might be transmitted through the same path multiple times. To solve the problem as well as other problems, a lot of Information Centric Networking (ICN) architectures, including Named Data Networking (NDN), are proposed. These architectures enable the routers to identify and cache contents. In this paper, we design an efficient and feasible scheme of caching and routing for NDN, i.e., Selective cAching and Dynamic routing (SADO). First, we propose a selective caching method that balances caching load among routers and reduces the caching redundancy dramatically. Then, we provide a scalable method to maintain routing information for the in-router cached contents. After that, a probabilistic forwarding method for requests is proposed to minimize the expected cost of fetching contents. Finally, we evaluate the performance of SADO by comprehensive simulations. The simulation results show that SADO achieves a decrease of 34% in the cost of fetching a content and a decrease of 81% in the load carried by the source servers, and a cached content is utilized 0.8 times on average. (C) 2016 Elsevier B.V. All rights reserved.

Junjun Lou,Qichao Zhang,Zhuyun Qi,Kai Lei

DOI: https://doi.org/10.1109/hoticn.2018.8605993

2018-01-01

Abstract:Named Data Networking is built with security which requires each named Data object to be digitally signed by its producer. Thus, the NDN project has proposed a key management model on NDN testbed for verification of the Data packet to be immune to distributing poisoned content. However, in practice, this model poses two challenges for verifying fake content: (1) the centralized architecture easily leads to a single point of failure, especially when the root key fails, its difficult to verify the keys across sites due to the lack of trust between them, and (2) excessive overhead of certificate chain traversal when verifying signature. This paper first proposes a blockchain-based key management scheme in NDN to address the problem of lack of mutual trust between sites without trust anchors. Specifically, all site nodes form a permissioned blockchain for storing public key hashes to ensure the authenticity, and the proxy gateway participates in verifying to reduce excessively frequent communication between the router and the blockchain. In addition, the NDN public key content object and the scheme of their storage, verification, and revocation are redesigned. The result of our analysis and evaluation shows that the proposed scheme is capable of supporting less verification numbers and higher verification efficiency.

Qi Li,Xinwen Zhang,Qingji Zheng,Ravi Sandhu,Xiaoming Fu

DOI: https://doi.org/10.1109/tifs.2014.2365742

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Named data networking (NDN) is a new paradigm for the future Internet wherein interest and data packets carry content names rather than the current IP paradigm of source and destination addresses. Security is built into NDN by embedding a public key signature in each data packet to enable verification of authenticity and integrity of the content. However, existing heavyweight signature generation and verification algorithms prevent universal integrity verification among NDN nodes, which may result in content pollution and denial of service attacks. Furthermore, caching and location-independent content access disables the capability of a content provider to control content access, e.g., who can cache a content and which end user or device can access it. We propose a lightweight integrity verification (LIVE) architecture, an extension to the NDN protocol, to address these two issues seamlessly. LIVE enables universal content signature verification in NDN with lightweight signature generation and verification algorithms. Furthermore, it allows a content provider to control content access in NDN nodes by selectively distributing integrity verification tokens to authorized nodes. We evaluate the effectiveness of LIVE with open source CCNx project. Our paper shows that LIVE only incurs average 10% delay in accessing contents. Compared with traditional public key signature schemes, the verification delay is reduced by over 20 times in LIVE.

Kunpeng Ding,Jiayu Yang,Kaiping Xue,Jiangping Han,Jian Li,Qibin Sun,Jun Lu

DOI: https://doi.org/10.1109/tnet.2024.3451231

2024-01-01

Abstract:Named Data Networking (NDN) stands out as a promising Information Centric Networking architecture capable of facilitating large-scale content distribution through in-network caching and location-independent data access. However, attackers can easily inject poisoned content into the network, called content poisoning attacks, which leads to a substantial deterioration in user experience and transmission efficiency. In existing schemes, routers fail to determine the contamination source of received poisoned content, leading to the inability to accurately identify attacker nodes. Besides, attackers’ dynamic behaviors and network instability could disrupt identification results. In this paper, we propose a Secure and Lightweight scheme against content poisoning attacks based on Probing (SLP), where a proactive and reliable probing protocol is designed to identify adversaries quickly and precisely. In SLP, a router sends specifically chosen interest packets to probe a suspicious node, so that the returned corresponding content can straightly reflect its trustworthiness without other nodes’ interference. In addition, a hypothesis testing algorithm is developed to analyze the returned content, which can exclude the impact of transmission errors and adapt to dynamic attackers. Moreover, we utilize users’ feedback to avoid unnecessary probing costs on unaffected routers, with its reliability guaranteed by an efficient cuckoo-filter-based feedback validation mechanism. Security analysis shows that SLP achieves resistance against content poisoning attacks and malicious feedback. The experimental results demonstrate that SLP makes users hardly be affected by attacks and brings in only slight overhead.

Yong Yu,Yannan Li,Xiaojiang Du,Ruonan Chen,Bo Yang

DOI: https://doi.org/10.1109/mcom.2018.1701086

IF: 9.03

2018-11-01

IEEE Communications Magazine

Abstract:ICNs are promising alternatives to current Internet architecture since the Internet struggles with a number of issues such as scalability, mobility, and security. ICN offers a number of potential benefits including reduced congestion and enhanced delivery performance by employing content caching, simpler network configurations, and stronger security for the content. NDN, an instance of ICN, enables content delivery instead of host-centric approaches by naming data rather than host. In order to make NDN practical in the real world, the challenging issues of content security need to be addressed. In this article, we examine the architecture and content security as well as possible solutions to these issues of NDN, with a special focus on the content integrity and provenance. We propose a variety of digital signature schemes to achieve the data integrity and origin authentication in NDN for various applications, which include cost-effective signatures, privacy preserving signatures, network coding signatures, and post-quantum signatures. We also present speed-up techniques in generating signatures and verifying signatures such as pre-computation, batch verification, and server-aided verification to reduce the computational cost of the producers and receivers in NDN. A number of certificate-free trust management approaches and possible adoptions in NDN are investigated.

telecommunications,engineering, electrical & electronic

Kai Lei,Chaojun Hou,Lihua Li,Kuai Xu

DOI: https://doi.org/10.1109/CyberC.2015.67

2015-01-01

Abstract:As the rising applications of Named Data Networking (NDN) continue to increase the demand on network bandwidth, developing effective congestion mechanisms has become one of the high-priority research tasks for NDN architecture. This paper explores rate control protocol (RCP), a unique hop-by-hop feature in NDN routing, and one-to-one relationship between interest requests and data packets to develop a novel congestion control mechanism for NDN. Specifically, we have designed and implemented a rate-based, explicit and hop-by-hop congestion control algorithm, NDN Hop-by-Hop RCP, namely NHBH-RCP, to achieve high link utilization and increase overall network throughput. In addition, we compare the naive congestion control algorithm in NDN with NHBH-RCP via various experiments and find that our proposed algorithm significantly enhances the performance of data transfer in NDN and reduces flow-completion time between consumers and producers.

Junlin HUANG,Kai LEI,Yi WANG

DOI: https://doi.org/10.3979/j.issn.1673-825X.2018.01.014

2018-01-01

Abstract:With the increase of transmission bandwidth and the need of real-time application,it becomes a new problem as for how to minimize the cache usage and the transmission delay while making full use of the bottleneck bandwidth.To solve this problem,we propose a congestion control algorithm based on bottleneck bandwidth and round-trip time (RTT) in named data networking.Instead of using traditional loss-based congestion detection and control methods,our algorithm proactively controls the traffic to match the capacity of the links.The bottleneck bandwidth and physical link delay are estimated at receiver by statistically analyzing round trip time and instantaneous delivery rate in a certain time frame.These two parameters,along with the gain decided by the state,will be used to control the delivery rate and the size of window of Interest packets.Finally we implement this algorithm in ndnSIM and compare it to interest control protocol (ICP).It's demonstrated that the proposed algorithm can achieve lower transmission delay and faster convergence speed while making full use of bottleneck bandwidth.

Jun Li,Hao Wu,Bin Liu,Jianyuan Lu,Yi Wang,Xin Wang,Yanyong Zhang,Lijun Dong

DOI: https://doi.org/10.1145/2396556.2396561

2012-01-01

Abstract:The built-in caching capability of future Named Data Networking (NDN) promises to enable effective content distribution at a global scale without requiring special infrastructure. The aim of this work is to design efficient caching schemes in NDN to achieve better performance at both the network layer and application layer. With the specific objective of minimizing the inter-ISP (Internet Service Provider) traffic and average access latency, we first formulate the optimization problems for different objectives and then solve them to obtain the optimal replica placement. Then we develop popularity-driven caching schemes which dynamically place the replicas in the caches on the en-route path in a coordination fashion. Simulation results show that the performances of our caching algorithms are much closer to the optimum and outperform the widely used schemes in terms of the inter-ISP traffic and the average number of access hops. Finally, we thoroughly evaluate the impact of several important design issues such as network topology, cache size, access pattern and content popularity on the caching performance and demonstrate that the proposed schemes are effective, stable, scalable and with reasonably light overhead.

Menghan Li,Dan Pei,Xiaoping Zhang,Beichuan Zhang,Ke Xu

DOI: https://doi.org/10.1007/s11704-016-5563-x

IF: 2.6688

2017-01-01

Frontiers of Computer Science

Abstract:Named data networking (NDN) is a new Internet architecture that replaces today’s focus on where – addresses and hosts with what – the content that users and applications care about. One of NDN’s prominent advantages is scalable and efficient content distribution due to its native support of caching and multicast in the network. However, at the last hop to wireless users, often the WiFi link, current NDN implementation still treats the communication as multiple unicast sessions, which will cause duplicate packets and waste of bandwidth when multiple users request for the same popular content. WiFi’s built-in broadcast mechanism can alleviate this problem, but it suffers from packet loss since there is no MAC-layer acknowledgement as in unicast. In this paper, we develop a new NDN-based cross-layer approach called NLB for efficient and scalable live video streaming over wireless LAN. The core ideas are: using WiFi’s broadcast channel to deliver content from the access point to the users, a leader-based mechanism to suppress duplicate requests from users, and receiver-driven rate control and loss recovery. The design is implemented and evaluated in a physical testbed comprised of one software AP and 20 Raspberry Pi-based WiFi clients. While NDN with multiple unicast sessions or plain broadcast can support no more than ten concurrent viewers of a 1Mbps streaming video, NDN plus NLB supports all 20 viewers, and Received December 29, 2015; accepted April 28, 2016 E-mail: zhxp@tsinghua.edu.cn can likely support much more when present.

Li Qi,Lee Patrick P. C.,Zhang Peng,Su Purui,He Liang,Ren Kui

DOI: https://doi.org/10.1109/TNET.2017.2715822

2017-01-01

IEEE/ACM Transactions on Networking

Abstract:Named data networking (NDN) enhances traditional IP networking by supporting in-network content caching for better bandwidth usage and location-independent data accesses for multi-path forwarding. However, NDN also brings new security challenges. For example, an adversary can arbitrarily inject packets to NDN to poison content cache, or access content packets without any restrictions. We propose c...

Firdous Qaiser,Mudassar Hussain,Abdul Ahad,Ivan Miguel Pires

DOI: https://doi.org/10.7717/peerj-cs.1854

2024-02-09

PeerJ Computer Science

Abstract:Named Data Networking (NDN) has emerged as a promising network architecture for content delivery in edge infrastructures, primarily due to its name-based routing and integrated in-network caching. Despite these advantages, sub-optimal performance often results from the decentralized decision-making processes of caching devices. This article introduces a paradigm shift by implementing a Software Defined Networking (SDN) controller to optimize the placement of highly popular content in NDN nodes. The optimization process considers critical networking factors, including network congestion, security, topology modification, and flowrules alterations, which are essential for shaping content caching strategies. The article presents a novel content caching framework, Popularity-aware Caching in Popular Programmable NDN nodes (PaCPn). Employing a multi-variant vector autoregression (VAR) model driven by an SDN controller, PaCPn periodically updates content popularity based on time-series data, including 'request rates' and 'past popularity'. It also introduces a controller-driven heuristic algorithm that evaluates the proximity of caching points to consumers, considering factors such as 'distance cost,' 'delivery time,' and the specific 'status of the requested content'. PaCPn utilizes customized DATA named packets to ensure the source stores content with a valid residual freshness period while preventing intermediate nodes from caching it. The experimental results demonstrate significant improvements achieved by the proposed technique PaCPn compared to existing schemes. Specifically, the technique enhances cache hit rates by 20% across various metrics, including cache size, Zipf parameter, and exchanged traffic within edge infrastructure. Moreover, it reduces content retrieval delays by 28%, considering metrics such as cache capacity, the number of consumers, and network throughput. This research advances NDN content caching and offers potential optimizations for edge infrastructures.

computer science, information systems, artificial intelligence, theory & methods

Tao Chen,Kai Lei,Kuai Xu

DOI: https://doi.org/10.1109/pccc.2014.7017100

2014-01-01

Abstract:The new named data networking (NDN) has shifted the Internet from today's IP-based packet-delivery model to the name-based data retrieval model. The architecture shift from IP addresses to named data results in effective content delivery via in-networking cache and direct object retrieval. However, this shift has also created challenges and obstacles for securing data objects and providing appropriate access control on named data due to broad data replications and the loss of network perimeters. This paper designs, implements, and evaluates an encryption and probability based access control model for NDN with video streaming service as a case study. In particularly, we explore a combination of public-key cryptography and symmetric ciphers to encrypt video data for preventing unauthorized access. In addition, we build a bloom-filter probabilistic data structure for pre-filtering Interests from consumers without desired credentials. Our experimental results have demonstrated the capabilities of the proposed model for providing access control while incurring low system and performance overhead on producers and consumers.

Ahmed Benmoussa,Chaker Abdelaziz Kerrache,Carlos T. Calafate,Nasreddine Lagraa

DOI: https://doi.org/10.3390/fi15050167

2023-04-30

Future Internet

Abstract:Named Data Networking (NDN) is an implementation of Information-Centric Networking (ICN) that has emerged as a promising candidate for the Future Internet Architecture (FIA). In contrast to traditional networking protocols, NDN's focus is on content, rather than the source of the content. NDN enables name-based routing and location-independent data retrieval, which gives NDN the ability to support the highly dynamic nature of mobile networks. Among other important features, NDN integrates security mechanisms and prioritizes protecting content over communication channels through cryptographic signatures. However, the data verification process that NDN employs may cause significant delays, especially in mobile networks and vehicular networks. This aspect makes it unsuitable for time-critical and sensitive applications such as the sharing of safety messages. Therefore, in this work, we propose NDN-BDA, a blockchain-based decentralized mechanism that provides a faster and more efficient data authenticity mechanism for NDN-based vehicular networks.

Ming Zhu,Dan Li,Ying Liu,Jianping Wu

DOI: https://doi.org/10.1109/ICCCN.2014.6911754

2014-01-01

Abstract:A major challenge in data center networks is to provide enough network capacity to meet the ever increasing demand of large-scale distributed computing. While existing proposals focus on adding more switches and links, which cost extra hardware and energy, we explore another dimension in which spare disk space at servers is used for caching data, so as to increase network throughput without additional hardware. Leveraging the Named Data Networking (NDN) architecture and unique characteristics of data centers, we design a novel Content Driven Routing in Datacenter Network (CDRDN) that enables universal caching in data center networks in an efficient and scalable way. First, rather than using switches for “on-path” caching like in native NDN, CDRDN uses the large storage space at servers to do “off-path” caching. Second, by taking advantage of data center's regular and hierarchical network topology, CDRDN switches are able to direct requests to nearby server caches even under high dynamics of caches. Third, given the vast amount of data in data centers, the full name-based routing table would be difficult to fit in switch's limited fast memory. CDRDN adopts a compound content and location routing to ensure packet delivery while benefiting from name-based routing as much as the switches can afford. CDRDN extends NDN's adaptive forwarding mechanism to deal with cache misses, link failures, and congestion without running routing protocols or cache exchange protocols. Our packet-level simulations show that CDRDN can almost double the network throughput compared with shortest-path routing under the same setting, and CDRDN can effectively deal with link failures using adaptive forwarding.

Murali Gunti,Roberto Rojas-Cessa

2024-02-25

Abstract:In Named Data Networking (NDN), data is identified by unique names instead of IP addresses, and routers use the names of the content to forward Interest packets towards the producers of the requested content. However, the current content search mechanism in NDN is complex and slow. This mechanism not only creates congestion but also hinders practical deployment due to its slowness and cumbersome nature. To address this issue, we propose a methodology, called BalanceDN, that distributes content through the network such that sought content can be found quickly. BalanceDN uses a distributed allocation of resolvers as those used by the domain name system but differs in how content is distributed. Our approach avoids flooding the network with pending interest requests and also eliminates the need for blind search when the location of content is unknown. We tested our approach on ndnSIM; a simulation platform for NDN. The results show that the proposed routing scheme utilizes far fewer network resources compared to the NDN network when retrieving content. The proposed scheme accomplishes this performance gain by leveraging a load-balanced hashing mechanism to distribute and locate the name of the content on the distributed nameserver lookup service nodes.

Networking and Internet Architecture

Hao Wu,Jun Li,Tian Pan,Bin Liu

DOI: https://doi.org/10.1109/ICC.2013.6655117

2013-01-01

Abstract:Internet traffic has been exponentially growing with the increasing demand of content dissemination. This explosive growth in traffic poses a significant challenge to the networks, especially backbones. To address the challenge, the emerging content-oriented Named Data Networking (NDN) has been proposed due to its attractive advantages, such as network load reduction, low dissemination latency and energy efficiency. To achieve these benefits from NDN paradigm, the content caching strategy plays the most important role. In this paper, we present a popularity-based coordinated caching scheme with the objective of eliminating both the inter-domain and intra-domain redundant traffic of a backbone network. In this design, the global content popularity is obtained by the weighted aggregation of local content popularity at the routers, then the cache placement can be calculated based on the access cost guided by the global content popularity. We test our caching scheme on the publicly available backbone networks: Abilene and GEANT. Simulation results show that the proposed caching scheme achieves around 30% higher cache hit rate and 20% more traffic reduction, compared with the widely used Leaving Copies Everywhere (LCE) and Random Cache (RanCache) scheme.