Abstract
Content-Centric Networking (CCN) is one of the emerging paradigms for the future Internet, which shifts the communication paradigm from host-centric to data-centric. In CCN, contents are delivered by their unique names, and a public-key-based signature is built into data packets to verify the authenticity and integrity of the contents. To date, research has tried to accelerate the validation of the given data packets, but existing techniques were designed to improve the performance of content verification from the requester’s viewpoint. However, we need to efficiently verify the validity of data packets in each forwarding engine, since the transmission of invalid packets influences not only security but also performance, which can lead to a DDoS (Distributed Denial of Service) attack on CCN. For example, an adversary can inject a number of meaningless packets into CCN to consume the forwarding engines’ cache and network bandwidth. In this paper, a novel authentication architecture is introduced, which can support faster forwarding by accelerating the performance of data validation in forwarding engines. Since all forwarding engines verify data packets, our authentication architecture can eliminate invalid packets before they are injected into other CCN nodes. The architecture utilizes public-key based authentication algorithms to support public verifiability and non-repudiation, but a novel technique is proposed in this paper to reduce the overhead from using PKI for verifying public keys used by forwarding engines and end-users in the architecture. The main merit of this work is in improving the performance of data-forwarding in CCN regardless of the underlying public-key validation mechanism, such as PKI, by reducing the number of accesses to the mechanism. Differently from existing approaches that forgive some useful features of the Naive CCN for higher performance, the proposed technique is the only architecture which can support all useful features given by the Naive CCN.
Highlights
Content-Centric Networking (CCN) has recently been proposed as a means of Information-Centric Networking (ICN) to solve the existing IP-based Internet’s problems such as heavy traffic increases and security weakness
Our work is the first authentication mechanism that can improve the performance of data packet verification in CCN while permitting all nodes to partipate in the verification of data packets
Recall that forwarding engines can trust each other with higher reliability than other entities in CCN, and we can improve the performance of data transmission by reducing the cost of packet verification based on this assumption
Summary
Content-Centric Networking (CCN) has recently been proposed as a means of Information-Centric Networking (ICN) to solve the existing IP-based Internet’s problems such as heavy traffic increases and security weakness. Since CCN allows contents to be stored in network nodes by units of segment, it employs a public key signature as the built-in data and source authentication mechanism. To handle the efficiency issue, HMAC-based techniques have been introduced [9,10] They are not setup-free and and the techniques need an additional method for the secure distribution of HMAC keys. A hash chain-based mechanism was proposed for efficient data segment authentication in CCN [12]. Though the technique is efficient to support sufficient performance, a content publisher should have a complete list of authorized CCN nodes and their public keys
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
