Improved Merkle Hash Tree-Based One-Time Signature Scheme for Capability-Enhanced Security Enforcing Architecture for Named Data Networking

Abstract

The concept of network caching is determined to be the potential requirement of named data networks (NDN) for enhancing the capabilities of the traditional IP networking. It is responsible for location independent data accesses and optimal bandwidth utilization in multi-path data dissemination. However, the network caching process in NDN introduces security challenges such as content cache poisoning, malicious injection or flooding of the packets and violation in accessing content packets. In this paper, an Improved Merkle Hash Tree-based one-time signature scheme for capability-enhanced security enforcing architecture (IMHT-OTSS-CSEA) is proposed for provisioning data authenticity in a distributed manner for leveraging the capabilities to inform the access privileges of the packets during the process of data dissemination. It is proposed for permitting the routers to verify the forwarded packets’ authenticity in NDN. It is capable in handling the issues that emerge from unsolicited packets during a flooding-based denial of service attacks by supporting the indispensable verification process in routers that confirms the timeliness of packets. The simulation experiments conducted using the open source CCNs platform and Planetlab confirmed a significant mean reduction in delay of 14.61%, superior to the benchmarked schemes. It is identified to minimize the delay incurred in generating bit vectors by a average margin of 13.06%, excellent to the baseline approaches. It also confirmed a mean increase in the true positive rate of 5.42%, a mean increase in the precision rate of 6.04%, decrease in false positive rate of 6.82% and increase in F-measure of 5.62% compared to the baseline approaches in the context of detecting content cache pollution attack respectively.