A Survey of Security Attacks in Information-Centric Networking

Published on Jan 1, 2015in IEEE Communications Surveys and Tutorials22.973
· DOI :10.1109/COMST.2015.2392629
Eslam G. AbdAllah4
Estimated H-index: 4
(Queen's University),
Hossam S. Hassanein36
Estimated H-index: 36
(Queen's University),
Mohammad Zulkernine25
Estimated H-index: 25
(Queen's University)
Information-centric networking (ICN) is a new communication paradigm that focuses on content retrieval from a network regardless of the storage location or physical representation of this content. In ICN, securing the content itself is much more important than securing the infrastructure or the endpoints. To achieve the security goals in this new paradigm, it is crucial to have a comprehensive understanding of ICN attacks, their classification, and proposed solutions. In this paper, we provide a survey of attacks unique to ICN architectures and other generic attacks that have an impact on ICN. It also provides a taxonomy of these attacks in ICN, which are classified into four main categories, i.e., naming, routing, caching, and other miscellaneous related attacks. Furthermore, this paper shows the relation between ICN attacks and unique ICN attributes, and that between ICN attacks and security requirements, i.e., confidentiality, integrity, availability, and privacy. Finally, this paper presents the severity levels of ICN attacks and discusses the existing ICN security solutions.
Figures & Tables
  • References (54)
  • Citations (73)
📖 Papers frequently viewed together
2009CoNEXT: Conference on Emerging Network Experiment and Technology
3,134 Citations
855 Citations
1,142 Citations
78% of Scinapse members use related papers. After signing in, all features are FREE.
#1George Xylomenos (OPA: Athens University of Economics and Business)H-Index: 20
#2Christopher N. Ververidis (OPA: Athens University of Economics and Business)H-Index: 10
Last. George C. Polyzos (OPA: Athens University of Economics and Business)H-Index: 38
view all 8 authors...
The current Internet architecture was founded upon a host-centric communication model, which was appropriate for coping with the needs of the early Internet users. Internet usage has evolved however, with most users mainly interested in accessing (vast amounts of) information, irrespective of its physical location. This paradigm shift in the usage model of the Internet, along with the pressing needs for, among others, better security and mobility support, has led researchers into considering a r...
855 CitationsSource
#1Cesar Ghali (UCI: University of California, Irvine)H-Index: 9
#2Gene Tsudik (UCI: University of California, Irvine)H-Index: 73
Last. Ersin UzunH-Index: 23
view all 3 authors...
Named-Data Networking (NDN) is a candidate next-generation Internet architecture designed to address some limitations of the current IP-based Internet. NDN uses the pull model for content distribution, whereby content is first explicitly requested before being delivered. Efficiency is obtained via router- based aggregation of closely spaced requests for popular content and content caching in routers. Although it reduces latency and increases bandwidth utilization, router caching makes the networ...
151 CitationsSource
#1Bárbara Vieira (Radboud University Nijmegen)H-Index: 6
#2Erik Poll (Radboud University Nijmegen)H-Index: 23
The C-DAX project aims at providing a secure overlay network, as an overlay over an IP network, that provides an information-centric network (ICN) tailored to the needs and the capabilities of smart grids. This paper addresses how end-to-end security can be enforced in information-centric networks by proposing a protocol based on the concept of identity-based encryption, a type of public-key cryptography.
11 CitationsSource
#1Matthias Wählisch (FU: Free University of Berlin)H-Index: 18
#2Thomas C. Schmidt (Hamburg University of Applied Sciences)H-Index: 22
Last. Markus Vahlenkamp (Hamburg University of Applied Sciences)H-Index: 3
view all 3 authors...
Information-centric networking (ICN) raises data objects to first class routable entities in the network and changes the Internet paradigm from host-centric connectivity to data-oriented delivery. However, current approaches to content routing heavily rely on data-driven protocol events and thereby introduce a strong coupling of the control to the data plane in the underlying routing infrastructure. In this paper, threats to the stability and security of the content distribution system are analy...
75 CitationsSource
Oct 1, 2013 in LCN (Local Computer Networks)
#1Alberto Compagno (UNIPD: University of Padua)H-Index: 7
#2Mauro Conti (UNIPD: University of Padua)H-Index: 36
Last. Gene Tsudik (UCI: University of California, Irvine)H-Index: 73
view all 4 authors...
Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. CCN focuses on content distribution, which is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architect...
221 CitationsSource
Aug 12, 2013 in SIGCOMM (ACM Special Interest Group on Data Communication)
#1Mihaela Ion (University of Trento)H-Index: 9
#2Jianqing Zhang (Intel)H-Index: 6
Last. Eve M. Schooler (Intel)H-Index: 17
view all 3 authors...
We design a content-centric privacy scheme for Information-Centric Networking (ICN). We enhance ICN's ability to support data confidentiality by introducing attribute-based encryption into ICN and making it specific to the data attributes. Our approach is unusual in that it preserves ICN's goal to decouple publishers and subscribers for greater data accessibility, scalable multiparty communication and efficient data distribution. Inspired by application-layer publish-subscribe, we enable fine-gr...
180 CitationsSource
Jul 1, 2013 in ICCCN (International Conference on Computer Communications and Networks)
#1Paolo Gasti (NYIT: New York Institute of Technology)H-Index: 18
#2Gene Tsudik (UCI: University of California, Irvine)H-Index: 73
Last. Lixia Zhang (UCLA: University of California, Los Angeles)H-Index: 80
view all 4 authors...
With the growing realization that current Internet protocols are reaching the limits of their senescence, several on-going research efforts aim to design potential next-generation Internet architectures. Although they vary in maturity and scope, in order to avoid past pitfalls, these efforts seek to treat security and privacy as fundamental requirements. Resilience to Denial-of-Service (DoS) attacks that plague today's Internet is a major issue for any new architecture and deserves full attentio...
150 CitationsSource
#1Alexander Afanasyev (UCLA: University of California, Los Angeles)H-Index: 17
#2Priya Mahadevan (PARC)H-Index: 18
Last. Lixia Zhang (UCLA: University of California, Los Angeles)H-Index: 80
view all 5 authors...
Distributed Denial of Service (DDoS) attacks are an ongoing problem in today's Internet, where packets from a large number of compromised hosts thwart the paths to the victim site and/or overload the victim machines. In a newly proposed future Internet architecture, Named Data Networking (NDN), end users request desired data by sending Interest packets, and the network delivers Data packets upon request only, effectively eliminating many existing DDoS attacks. However, an NDN network can be subj...
241 Citations
#1Cheng Yi (UA: University of Arizona)H-Index: 9
#2Alexander Afanasyev (UCLA: University of California, Los Angeles)H-Index: 17
Last. Lixia Zhang (UCLA: University of California, Los Angeles)H-Index: 80
view all 6 authors...
In Named Data Networking (NDN), packets carry data names instead of source and destination addresses. This paradigm shift leads to a new network forwarding plane: data consumers send Interest packets to request desired data, routers forward Interest packets and maintain the state of all pending Interests, which is then used to guide Data packets back to the consumers. Maintaining the pending Interest state, together with the two-way Interest and Data exchange, enables NDN routers'forwarding proc...
405 CitationsSource
#1Saman Taghavi Zargar (University of Pittsburgh)H-Index: 6
#2James B. D. Joshi (University of Pittsburgh)H-Index: 31
Last. David Tipper (University of Pittsburgh)H-Index: 29
view all 3 authors...
Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehen...
541 CitationsSource
Cited By73
#1Sharmistha Adhikari (National Institute of Technology Sikkim)H-Index: 1
#2Sangram Ray (National Institute of Technology Sikkim)H-Index: 5
Last. Gautam Biswas (IITs: Indian Institutes of Technology)H-Index: 38
view all 4 authors...
Abstract Initially, Internet was designed with the goal of sharing resources. With the recent technological advancement and huge information need, Internet has gradually shifted from resource sharing mode to information sharing mode. To meet the demands of current Internet usage pattern, content centric network (CCN) is envisaged as a clean-slate Internet architecture. This paper proposes secure content dissemination architecture for CCN using elliptic curve cryptography based public key infrast...
#1Ahmed Benmoussa (University of Laghouat)H-Index: 1
#2Abdou el Karim Tahari (University of Laghouat)H-Index: 1
Last. Farhan Ahmad (University of Derby)H-Index: 5
view all 7 authors...
Abstract Named Data Networking (NDN) is a promising candidate for Future Internet Architecture (FIA), where the focus of communication is the content itself rather than the source of the requested content. NDN is one of the implementations of Information-Centric Networking (ICN). Among other salient features, NDN provides intrinsic security where security is provided to the content directly, rather than securing the communication channel. However, despite promising features offered by NDN, it is...
#2K. V. PremaH-Index: 5
view all 3 authors...
#1Ruidong Li (National Institute of Information and Communications Technology)H-Index: 10
#2Hitoshi Asaeda (National Institute of Information and Communications Technology)H-Index: 9
Last. Jie Wu (TU: Temple University)H-Index: 91
view all 3 authors...
Big data raises a strong demand on a network infrastructure to support the secure and efficient data retrieval with in-network caching. Information-Centric Networking (ICN) is an emerging approach to satisfy this demand, where big data are ubiquitously cached at the intermediate physical entities (IPEs). For the ICN, the unpredictability of users, IPEs, copy holders, and publishers during in-network big data retrievals poses a challenge to design a data-centric authentication mechanism to inhibi...
#1Ren-Ting Lee (UMS: Universiti Malaysia Sabah)
#2Yu-Beng Leau (UMS: Universiti Malaysia Sabah)H-Index: 2
Last. Joe Henry ObitH-Index: 8
view all 4 authors...
Named-Data Networking (NDN) is the most promising architecture in the future Internet. NDN ensure high availability of contents and security of the data packet. However, it may disturb the stability and security in NDN routing such as Interest Flooding Attack (IFA). There are many existing detection and mitigation technique about IFA which labelled a non-collusive type of routing threats where it causes the PIT resources to exhausted and legitimate request could not perform in communication. Unf...
#1Zuoqi Jiang (Chongqing University)
#2Jiangtao Luo (Chongqing University)
Last. Yanyong Zhang (RU: Rutgers University)
view all 6 authors...
The current data-centric security architecture for the Information Centric Network (ICN) does not provide efficient user authentication mechanisms, thus causing undesirable issues such as interest flooding a ttacks (IFA). I no rder to address them, this paper proposes a pseudonym authentication scheme on network layer based on the system of identity-based cryptography (IBC). In the proposed approach, each consumer needs to be authenticated before sending Interest packets into the network. After ...
Named Data Networking (NDN) is a branch of future network architecture, which shifts host-based communication to name-based data retrieval. Sensor networks accompanying with ubiquitous interconnecting and sensing have become an important data source for physical world and human beings. However, the hierarchical human-readable naming scheme generally used in Sensory Data Centric Named Data Networking (SDC-NDN) always contains some human-readable semantic information, which may potentially leak us...
Dec 1, 2019 in GLOBECOM (Global Communications Conference)
#2Guowei Wu (DUT: Dalian University of Technology)H-Index: 11
Last. Kuei-Fang Hsiao (MCU: Ming Chuan University)H-Index: 4
view all 5 authors...
Named data networking(NDN) is a very promising architecture for future network, which can improve the network performance due to its in-network caching feature. However, the pervasive caching is vulnerable against False-Locality Attack (FLA), one kind of cache pollution attack, where attackers repeatedly request a specific set of non-popular contents to replace popular contents. Therefore, the cache hit of legal requests is reduced and the response delay is increased. To mitigate this attack and...
#1Giovanna Carofiglio (Cisco Systems, Inc.)H-Index: 18
#2Luca Muscariello (Cisco Systems, Inc.)H-Index: 23
Last. Alberto Compagno (Cisco Systems, Inc.)H-Index: 7
view all 6 authors...
Information-Centric Networking (ICN) embraces a family of network architectures rethinking Internet communication principles around named-data. After several years of research and the emergence of a few popular proposals, the idea to replace the Internet protocol with data-centric networking remains a subject of debate. ICN advantages have been advocated in the context of 5G networks for the support of highly mobile, multi-access/source and latency-minimal patterns of communications. However, la...
1 CitationsSource
ICN names data rather than hosts and then directly relays packets according to data names. This fundamental shift in naming from host-dependent to host-independent enables ICN to cache data for future service in its network. Therefore, ICN acts as not only a tunnel to transmit data but also a temporary cache of data, which inevitably confronts data attacks. In this article, for the first time, we investigate caching security from a system recovery perspective, and find that ICN attacked by typic...