A Secure Dynamic Content Delivery Scheme in Named Data Networking

Abstract

Named data networking (NDN) is a promising alternative data dissemination technology of TCP/IP communication networks, which can bring out much more cost-effective and resilient communication in a highly mobile environment. However, due to the feature of NDN, content poisoning comes out as a potential threat. Hence, state-of-the-art studies introduce network layer approaches based on name-key binding, in which the producer notifies routers of the bindings of names and key values. Key values include publisher public key digest or content digest. Routers check key values to determine whether incoming data packets have been poisoned. Unfortunately, the approaches lead to more vulnerabilities in dynamic content poisoning because attackers can impersonate the producer to alter or fabricate the bindings. Thus, we introduce a consumer-oriented two-phased lightweight security scheme, which consists of an end-to-end authentication and a packet-level name-key query mechanism. Specifically, the name-key bindings are authenticated via an additional verification by the consumer. Furthermore, we also introduce a novel trust model to help routers to determine and disconnect from the malicious nodes. Finally, our extensive experimental results demonstrate that the scheme can work effectively in improving the vulnerability of existing studies on dynamic content poisoning and lowering the system overhead simultaneously.