What If Routers Are Malicious? Mitigating Content Poisoning Attack in NDN

Abstract

Named data networking (NDN) shifts today's host-centric Internet architecture to a new data-centric network architecture. This well suits the increasingly mobile and information-intensive applications that dominate today's Internet. NDN allows routers to cache named content, leading to a significant improvement of content retrieval which, however, opens a door for many new attacks. In this work, we focus on content poisoning attack, the content poisoned by an attacker will be cached and propagated in the NDN network. Existing solutions unfortunately cannot work when the NDN routers are compromised by attackers. We propose ROM, the Router-Oriented Mitigation of content poisoning attack in NDN, offering security guarantees even when the routers are malicious. ROM defends against content poisoning attack by temporarily excluding the malicious routers from transmission path, eliminating (or significantly reducing) the possibility that the content will be poisoned during transmission. However, localizing malicious routers in NDN is very challenging due to NDN's distributed nature and the lack of global identifiers. We attack this issue from a new angle. We introduce reputation for each NDN router, and forward content based on the reputation. A router with a better reputation will be more likely honest and has a higher probability to be included into the transmission path. In addition, we design a novel mechanism to quantify the reputation value by utilizing our unique observations for NDN. Security analysis and simulations performed in ndnSIM demonstrate that ROM can mitigate the content poisoning attack with high efficiency and excellent accuracy.