SmartDetour: Defending Blackhole and Content Poisoning Attacks in IoT NDN Networks

Abstract

Named data networking (NDN) recently arises as a promising networking paradigm to support the Internet of Things (IoT) due to its data-centric architecture. However, NDN integrates application-layer semantics into the packet forwarding plane, which presents new attack faces. In this article, we aim to handle two attacks that exploit such vulnerabilities, namely the blackhole attack and the content poisoning attack. The two attacks are not handled efficiently by existing approaches due to the challenge in minimizing routers that need to be detoured to isolate attackers. Therefore, in this article, we propose a novel method named SmartDetour to tackle the challenge in a distributed manner. SmartDetour contains two components: 1) a proactive reputation updating algorithm and 2) a reputation-based probabilistic forwarding strategy. The former updates the reputation of forwarding candidates based on whether they must be detoured upon packet failures. The latter selects the next-hop router for interest packets probabilistically based on the reputations of forwarding candidates. The two components work together to isolate attackers with minimal detouring needed. Extensive ndnSIM-based simulation shows that SmartDetour can effectively identify and isolate attackers.