Team 02 Group 10

Security issues and Counter-measures

Named Data Network

Dr.V.Vetriselvi Associate Professor

Arvind M(2010103507) Hitesh Kumar R(2010103011) Venkatakrishnan R(2010103551)

Abstract
Named Data Networking, like any internet architecture is vulnerable to attacks. The routers is vulnerable to attacks on the content store and pending interest table, which are components of a router in Named Data Networking. Various attacks such as pollution attack, poisoning attack, flooding attack and privacy attacks. Aimed at resolving those attacks.

Introduction

Introduction
Uses name to route and retrieve content. Router contains Content Store (CS) cache used for content caching and retrieval. Forwarding Interest Base (FIB) routing table of name prefixes and corresponding outgoing interfaces (to route interests). Pending Interest Table (PIT) table of currently not yetsatisfied (pending) interests and a set of corresponding incoming interfaces.

Introduction
Named data network to overcome the shortcomings of IP architecture. Caching at router - increased performance, degrades privacy concerns. Constant trade off between performance and security.

Introduction
Problems? Past communication of one user transited through cache. Cached voice data, even if encrypted, indicate that a phone call is going on, and its addressing metadata can leak who is communicating with whom. Breach of privacy !!!

Introduction
False producer may interrupt and provide the false content -cache poisoning attack No trust mechanism !!! cache pollution attack, the goal of the adversary is to force routers (i.e., the victims of the attack) to cache non-popular content The attacker generates a large number of closely spaced interest packets, aiming to overflow PITs in routers-Interest Flooding attack

Related Work
Paper Named data networking for military communication system (2012) Scalable NDN forwarding (2012) Author Basil Etefia, Lixia zhang Problem dealt Problem with IP based protocol in military application Solution Named data network replacing IP protocol What we concluded NDN a future way to get content across network

Haowei Yaun, Difficulty in Tian Song, Patrick designing and Crowley evaluating scalable NDN forwarding node Ravishankar, Lo, Zhang, Wang IP problem in mobility in real time application

Making NDN scalability forwarding plane issue reasonably with fast name solved lookup Proposed three cross layer network-assisted seamless mobility shemes NDN - Mobility no longer a problem

Supporting seamless mobility in NDN (2012)

Related Work
Paper Author Problem dealt Increased InterISP traffic across network Solution InterISP traffic savings achieved through caching What we concluded NDN caching improving performance Effective caching Jun Li, Hao Wu, schemes for Bin Liu, Jianyuan minimizing interISP Traffic in NDN (2012) Detecting router cache snooping in NDN (2012) Named-data security scheme for NDN (2012)

Nonhlanhla Ntuli, Caching at router Detects snooping Detection limited Sunyoung Han snooping of in low level to customers data , possible routers. limited to same router cache Hamdane, Serhrouchni, Fadlallah, Fatmi Existing Security enhancement PKI and HIBC proposed to defend potential attack NDN Security still requires enhancement

Related Work
Paper Interest Propagation in named data MANETs (2012) Supervisor application for content management in NDN (2012) Author Yu, Dilmaghani, Calo, Sanadidi, and Mario Gerla Problem dealt Mobility and connectivity challenges in MANETs Solution Proposed ListenFirst Broadcast later and NeighbourhoodAware Interest forwarding Deletion illegal content in network by content owner What we concluded NDN Decreased bandwidth usage and shortens response time in mobility NDN providing firewall to content at routers. But the proposed suffers from security and scaling loopholes

Kusunoski, Kawahara, Asami

Difficulty in managing copyright violation by content in network

Privacy Risk in NDN (2012)

Laugier, Laoutaries, Rodriguez

Privacy issues at caching

Assessing Privacy of data Sensitivity of data need to be difficult ensured

Related Work
Paper Cache Privacy in Named-Data Networking (2012) Author Acs, Contiy, Gastiz, Ghalix, Tsudik Problem dealt Problem in privacy of both consumers and producers of content cache poisoning and DoS attack Solution Consumers and Producers indicate which content is privacy-sensitive and proposed various algorithms Identifying, assessment and counter-measures to mitigate effect What we concluded Trade off between privacy and latency

DoS & DDoS in Named Data Networking (2013) Interest flooding attack and countermeasures in NDN (2013)

Gasti, Tsudik, Uzun, and Zhang

Evaluating effectiveness of countermeasure difficult

Afanasyev, Mahadevany, Moiseenko, Uzuny, Zhang

DDoS attack interest flooding attack

restrict the number Complex with of Interests increased forwarded security satisfaction-based pushback algorithm

Related Work
Paper lightweight mechanism for detection of cache pollution attacks (2013) Author Mauro Conti, Paolo Gasti, Marco Teoli Problem dealt localitydisruption and false-locality of content Solution Cache shield keeps track of absolute number of repeated requests, and ratio of repeated requests over number of cache hits What we concluded do not address attack reaction techniques

Block Diagram

Proposed System
The research related to security in NDN is scattered across many papers and some are only proposed and not implemented practically. We take into consideration the most important of an NDN router-the Content store along with Pending Information Table (PIT) and we try to find its vulnerabilities to different attacks. We will detect and propose the different algorithms to solve these security vulnerabilities and we will try to implement it in a simulator and measure its performance along with its security.

Input and Output

To the entire system:
Input:
Unsecured data transmission with lots of vulnerabilities in the router.

Output:
Secured data transmission and storage minimizing all attacks, without affecting the performance of the router.

 To individual Modules
Modules Cache Privacy Attack Module Input An interest(request for content) Output Secure Content object without revealing its privacy(cache miss or cache hit)

Cache Poisoning Attack Module

Content Store containing Content Store with only legitimate contents or fake legitimate contents(Prevent contents or corrupted contents. cache poisoning by limiting the bandwidth to the adversary) Content Store with relevant or irrelevant(caching contents with the aim of polluting the content store) content objects. Content Store with only relevant content objects(irrelevant contents are removed and a strict action is taken against the adversary) Clean PIT(Detection the harmful interests and taking appropriate actions)

Cache Pollution Attack

Interest Flooding Attack

PIT infiltrated with Interests with the aim of affecting its performance.

Details of Each Module

1. Cache Privacy attack module

Based on the cache hits and cache misses of a content in the router, an adversary can detect whether the content is previously cached and is requested by some user in the same network or organisation, or not. So, first, the content sensitivity(private or not private) is determined by producer-driven or consumer-driven approach. A special privacy bit in the interest or the the content header determines the privacy of the content requested by the consumer or responded by the producer respectively.

 Now, Requests for non-private cached content always result in a cache-hit if its present in Content Store. While the requests for private cached content is handled by random caching algorithm. Random caching algorithm: This module maintains a counter cC for each Content C. The first request for C always is a cache miss, and cC is initialized to 0. Also, kC is picked from [0;K) according to a distribution on domain [0;K), described by a random variable K. Upon receipt of a new request for C, the router increments cC and checks whether cC <= kC. If so, it generates a cache miss and a cache hit otherwise. Thus, since its based on a random variable, its not possible for an attacker to find whether a content is private and if its accessed by anyone in his network.

2. Cache Pollution Attack module:

Routers can learn how the traffic is distributed by counting how often each content object is returned in response to an interest. Therefore, we can determine cache pollution by using a detection algorithm of learning and testing against the standard normal retrieval frequency of a content in the content store.

3. Cache Poisoning attack module:

Routers can do signature verification for its content to prevent cache poisoning. However it causes too much overhead. Therfore, we introduce a trust value T E [0; 1] for each content in a routers cache where the trust value is calculated from explicit consumer feedback and neighbour feedback. T = 1 indicates that the corresponding content has been verified, while T = 0 indicates that it should be selected for verification with probability proportional to 1 - T

 A new content is assigned T = 0.5. This value increases every time the content is forwarded, and decreases whenever the router receives negative feedback. When a neighbour(router) determines that a given content is corrupted, it issues a special warning interest on all its interfaces, thus giving out neighbouring feedback.

4. Interest Flooding attack module:

Mainly, there are two types of interest flooding attacks based on the type of content requested one is nonexistent and the other is dynamically-generated. Using the time-outs and tracking how often time-outs occur in PIT, we can determine the non-existent interest flooding attack. For dynamically generated content, we can set the PIT quota for incoming interface from the consumer to prevent it from flooding it and for outgoing interface to the producer to prevent the DoS attack on the server.

Cache Privacy Attack Module (Pseudo-Code)

Input: Interest Header (specifically privacy bit)
Output: Cache Hit or Cache miss

Cache Pollution Attack Module (Pseudo-Code)

Establishing Standard for normal retrieval frequency of content from Content Store (How many Cache Hits for Standard Cache Requests) Input: Standard Cache Hits for standard Cache requests, Standard Cache Requests Output: Empty Cache or not

Cache Poisoning Attack Module (Pseudo-Code)

Input: Neighbour Feedback, Trust value (if present), Consumer Feedback
Output: Verification required or not

Flooding Attack Module (Pseudo-Code)

Input: Standard PIT quota for a single consumer, Standard number of timeouts for some standard number of requests, interest requests, timeout
Output: Discarding the request or not, Clearing the PIT or not

Feedback
Consumer feedback To report on sensitivity of data To claim the content received to be false one

Neighbor feedback To receive warning from the neighboring router To make correction in priority of data in CS based on received warning

Demonstration
At the end of this project, many security concerns and privacy concerns related to NDN router will be addressed and analysed in detail. NDN router will be made more secure. Also, the prevention and detection techniques will be provided. We point out all the possible strategies to mitigate the attacks router is dealing with. Its simulation will be demonstrated and explained clearly. NDNsim will be used for its demonstration. The security providing components might be a trade-off for performance but we promise to strive for a perfect balance between security and performance.

Tools
NDN-Sim is a tool used to model the router and its functionalities. The existing functionalities (content store, pending information table) are extended to accommodate our security features.

Performance Evaluation
The performance will be measured and we will try to make sure that the performance will not be lessened because of the extra security modules in our modified prototype. Security will be measured against real time attacks to prove its worth. Comparisons will be made to the standard TCP/IP protocol in terms of its performance, security and feasibility. Performance will be compared for NDN with our security modules against NDN router without security.

Performance Evaluation
In case of privacy check, the performance measured as the degree of random access to cache (content store) with privacy bit set in interest packet request. Larger the degree of randomness in algorithm for a cache hit, greater the privacy achieved. In pollution check, more the frequency of access in the content store for a content object, greater is the life span of object in cache.

Performance Evaluation
In poisoning attack, Performance measured as the number of content objects in content store, correctly marked as a legitimate one. The above measurement is based on the correct feedback from consumer and neighbouring routers. In flooding attack, performance determined by number of non existent request correctly discarded. This is measured by setting optimal timeout upon making interest packet request.

References
[1] G. Acs, M. Conti, P. Gasti, C. Ghali, G. Tsudik, Cache privacy in named data networking, in ICDCS 2013, 2013. [2] A. Chaabane, E. De Cristofaro, M. Kafaar, E. Uzun, Privacy in Content-Oriented Networking: Threats and Countermeasures, in SIGCOMM Computer Communication Review (CCR), July 2013. [3] Mauro Conti, Paolo Gasti and Marco Teoli , A Lightweight Mechanism for Detection of Cache Pollution Attacks in Named Data Networking, in Elsevier Journal on Computer Networks (COMNET), Special Issue on Mobile Computing for Content/Service Oriented Networking Architecture (2013), 2013. [4] Paolo Gasti, Gene Tsudik, Ersin Uzun, and Lixia Zhang, DoS & DDoS in Named Data Networking, in Proceedings of ICCCN 2013, 2013. [5] A. Afanasyev, P. Mahadevan, I. Moiseenko, E. Uzun, and L. Zhang, Interest Flooding Attack and Countermeasures, in Named Data Networking in Proceedings of IFIP Networking 2013, 2013. [6] H. Yuan and P. Crowley, Experimental Evaluation of Content Distribution with NDN and HTTP, in Proceedings of IEEE INFOCOM 2013 Mini-Conference, April 2013. [7] Alberto Compagno, Mauro Conti, Paolo Gasti and Gene Tsudik , Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking, in 38th Annual IEEE Conference on Local Computer Networks (LCN 2013), 2013. [8] V. Jacobson, D. K. Smetters, J. D. Thornton, M. F. Plass, N. H. Briggs, R. L. Braynard, Networking Named Content, in CoNEXT 2009, Rome, December 2009. [9] CCNx Node Model. http://www.ccnx.org/releases/latest/doc/technical/CCNxProtocol.html. [10] Content centric networking (CCNx) project. http://www.ccnx.org.