Preventing “bad” content dispersal in named data networking

Abstract

Named Data Networking (NDN) improves the data delivery efficiency by caching contents in routers. To prevent corrupted and faked contents be spread in the network, NDN routers should verify the digital signature of each published content. Since the verification scheme in NDN applies the asymmetric encryption algorithm to sign contents, the content verification overhead is too high to satisfy wire-speed packet forwarding. In this paper, we propose two schemes to improve the verification performance of NDN routers to prevent content poisoning. The first content verification scheme, called “user-assisted”, leads to the best performance, but can be bypassed if the clients and the content producer collude. A second scheme, named “Router-Cooperation”, prevents the aforementioned collusion attack by making edge routers verify the contents independently without the assistance of users and the core routers no longer verify the contents. The Router-Cooperation verification scheme reduces the computing complexity of cryptographic operation by replacing the asymmetric encryption algorithm with symmetric encryption algorithm. The simulation results demonstrate that this Router-Cooperation scheme can speed up 18.85 times of the original content verification scheme with merely extra 80 Bytes transmission overhead.