Abstract

Named data networking (NDN) enhances traditional IP networking by supporting in-network content caching for better bandwidth usage and location-independent data accesses for multi-path forwarding. However, NDN also brings new security challenges. For example, an adversary can arbitrarily inject packets to NDN to poison content cache, or access content packets without any restrictions. We propose capability-based security enforcement architecture (CSEA), a capability-based security enforcement architecture that enables data authenticity in NDN in a distributed manner. CSEA leverages capabilities to specify the access rights of forwarded packets. It allows NDN routers to verify the authenticity of forwarded packets, and throttles flooding-based DoS attacks from unsolicited packets. We further develop a lightweight one-time signature scheme for CSEA to ensure the timeliness of packets and support efficient verification. We prototype CSEA on the open-source CCNx platform, and evaluate CSEA via testbed and Planetlab experiments. Our experimental results show that CSEA only incurs around 4% of additional delays in retrieving data packets.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Improved Merkle Hash Tree-Based One-Time Signature Scheme for Capability-Enhanced Security Enforcing Architecture for Named Data Networking
Varghese Jensy Babu ... M Victor Jose
Wireless Personal Communications | VOL. 115
Varghese Jensy Babu, et. al.Varghese Jensy Babu ... M Victor Jose
24 Jun 2020
Integration Frameworks for THz Wireless Technologies in Data Centre Networks
Sean Ahearne
-
Sean AhearneSean Ahearne
28 Jun 2021
A Study on Reducing Interest Misleading by Publisher Migration on Mobile Networks
Taichi Iwamoto ... Tetsuya Shigeyasu
-
Taichi Iwamoto, et. al.Taichi Iwamoto ... Tetsuya Shigeyasu
08 Oct 2020
Cache management for large data transfers and multipath forwarding strategies in Named Data Networking
Mohammad Alhowaidi ... Brian Bockelman
Computer Networks and ISDN Systems | VOL. 199
Mohammad Alhowaidi, et. al.Mohammad Alhowaidi ... Brian Bockelman
10 Sep 2021
View more papers

More From: IEEE/ACM transactions on networking : a joint publication of the IEEE Communications Society, the IEEE Computer Society, and the ACM with its Special Interest Group on Data Communication

Paper Title
Journal
Date
Author
PACC: A Proactive CNP Generation Scheme for Datacenter Networks
Jiao Zhang ... Mingxuan Yu
IEEE/ACM transactions on networking : a joint publication of the IEEE Communications Society, the IEEE Computer Society, and the ACM with its Special Interest Group on Data Communication | VOL. 32
Jiao Zhang, et. al.Jiao Zhang ... Mingxuan Yu
01 Jun 2024
RL-Based Energy-Efficient Data Transmission Over Hybrid BLE/LTE/Wi-Fi/LoRa UAV-Assisted Wireless Network
Wilson Ayyanthole Nelson ... Ajit Jha
IEEE/ACM transactions on networking : a joint publication of the IEEE Communications Society, the IEEE Computer Society, and the ACM with its Special Interest Group on Data Communication | VOL. 32
Wilson Ayyanthole Nelson, et. al.Wilson Ayyanthole Nelson ... Ajit Jha
01 Jun 2024
Incentivizing Massive Unknown Workers for Budget-Limited Crowdsensing: From Off-Line and On-Line Perspectives
Feng Li ... Pengfei Hu
IEEE/ACM transactions on networking : a joint publication of the IEEE Communications Society, the IEEE Computer Society, and the ACM with its Special Interest Group on Data Communication | VOL. 32
Feng Li, et. al.Feng Li ... Pengfei Hu
01 Jun 2024
Enabling Cross-Technology Communication From WiFi to LoRa With IEEE 802.11ax
Xiaolong Zheng ... Liang Liu
IEEE/ACM transactions on networking : a joint publication of the IEEE Communications Society, the IEEE Computer Society, and the ACM with its Special Interest Group on Data Communication | VOL. 32
Xiaolong Zheng, et. al.Xiaolong Zheng ... Liang Liu
01 Jun 2024
View more papers