Bander A. Alzahrani

Scalability of information centric networking using mediated topology management

Information centric networking is a new concept that places emphasis on the information items themselves rather than on where the information items are stored. Consequently, routing decisions can be made based on the information items rather than on simply destination addresses. There are a number of models proposed for information centric networking and it is important that these models are investigated for their scalability if we are to move from early prototypes towards proposing that these models are used for networks operating at the scale of the current Internet. This paper investigates the scalability of an ICN system that uses mediation between information providers and information consumers using a publish/subscribe delivery mechanism. The scalability is investigated by extrapolating current IP traffic models for a typical national-scale network provider in the UK to estimate mediation workload. The investigation demonstrates that the mediation workload for route determination is on a scale that is comparable to, or less than, that of current IP routing while using a forwarding mechanism with considerably smaller tables than current IP routing tables. Additionally, the work shows that this can be achieved using a security mechanism that mitigates against maliciously injected packets thus stopping attacks such as denial of service that is common with the current IP infrastructure.

A software-defined architecture for next-generation cellular networks

In the recent years, mobile cellular networks are undergoing fundamental changes and many established concepts are being revisited. New emerging paradigms, such as Software-Defined Networking (SDN), Mobile Cloud Computing (MCC), Network Function Virtualization (NFV), Internet of Things (IoT), and Mobile Social Networking (MSN), bring challenges in the design of cellular networks architectures. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a scalable and efficient way. In this paper, first we discuss the limitations of the current LTE architecture. Second, driven by the new communication needs and by the advances in aforementioned areas, we propose a new architecture for next-generation cellular networks. Some of its characteristics include support for distributed content routing, Heterogeneous Networks (HetNets) and multiple Radio Access Technologies (RATs). Finally, we present simulation results which show that significant backhaul traffic savings can be achieved by implementing caching and routing functions at the network edge.

Mitigating brute-force attacks on Bloom-filter based forwarding

The in-packet Bloom filter forwarding mechanism is a source routing approach used in Information-centric networking (ICN). This mechanism is vulnerable to brute-force attacks that can be used for distributed denial-of-service (DDoS) attacks and unsolicited messages (spam). In this paper we analytically calculate the probability of brute-force attacks and determine the time required by the attacker to launch a successful attack. We find that using scenarios reported by other researchers this type of attacks is achievable in few seconds, which is unacceptable. The paper proposes a solution to mitigate the brute-force attacks by significantly increasing the time before a successful attack. Consequently, it is possible to change link identifiers before the attacker can adapt to the changes. We evaluate the proposed solution in terms of network security and scalability.

Selecting Bloom-filter header lengths for secure information centric networking

Information-centric networking (ICN) is a new communication paradigm that shifts the focus from end hosts to information objects. Recent studies have shown that ICN can provide more efficient mobility support and multicast/anycast content delivery compared to traditional host-centric solutions. Nevertheless, the ICN solutions proposed so far are not very mature from the security viewpoint. In this paper, we study one of the most important Bloom-filter based ICN forwarding mechanisms and discuss its security vulnerabilities. Next, we propose some enhancements to this mechanism, which aim at increasing its resistance to brute-force attacks. Our proposed solutions are supported by simulation studies.

A cache-aware routing scheme for information-centric networks

In recent years, the information-centric networking (ICN) concept has been attracting increasing attention of the research community. The aim is to overcome intrinsic inefficiencies of the existing host-to-host communication paradigm, as well as to provide new and enhanced services to mobile and fixed users. A key feature of ICN is the support for in-network content caching. In this paper, we present a new cache-aware routing scheme for ICN. Our scheme takes into account the information about the locations of caches in the network and constructs delivery paths for efficient content dissemination. The proposed approach does not impose additional signaling overhead in the network; while at the same time it is agnostic of the cached contents. The performance of the proposed scheme is verified by simulation studies, which show an up to 50% delay reduction compared to traditional routing approaches.

Securing the forwarding plane in information centric networks

Information Centric Network is a brand new architecture that focuses on the information objects rather than the location of end users. It aims to replace the current end-to-end model with the publish-subscribe model to solve many issues including security, routing scalability, mobility. One of the main features in this network is the use of a simple and light multicast forwarding fabric, which is suitable for large-scale publish/subscribe. This routing system is very fast packet forwarding with small forwarding tables. It is also more energy efficient than the currently used ones. In this paper we enhance the security level of this mechanism and prevent malicious users from injecting traffic using brute force attacks, replay attacks and computational attacks. We propose and analyse two initial designs that mitigate these attacks.

Enabling z-Filter updates for self-routing denial-of-service resistant capabilities

Secure in-packet Bloom filters is an approach used to securely forward source routing packets with small forwarding tables making the forwarding fabric resistant to unauthorized traffic. This resistance can be achieved by dynamically computing the link identifiers on the base of the packet content such as path in-out interfaces and keys of forwarding nodes using a cryptographic function. In this paper we extend a recent work to secure the data plane (i.e. forwarding layer) in Information-Centric Networks (ICN) for long lived flows and analyze the scalability of the Topology Manager function in terms of z-Filters creation and the number of required z-Filter updates.

Resistance Against Brute-Force Attacks on Stateless Forwarding in Information Centric Networking

Line Speed Publish/Subscribe Inter-networking (LIPSIN) is one of the proposed forwarding mechanisms in Information Centric Networking (ICN). It is a stateless source-routing approach based on Bloom filters. However, it has been shown that LIPSIN is vulnerable to brute-force attacks which may lead to distributed denial-of-service (DDoS) attacks and unsolicited messages. In this work, we propose a new forwarding approach that maintains the advantages of Bloom filter based forwarding while allowing forwarding nodes to statelessly verify if packets have been previously authorized, thus preventing attacks on the forwarding mechanism. Analysis of the probability of attack, derived analytically, demonstrates that the technique is highly-resistant to brute-force attacks.

An Improved and Secure Chaotic-Map Based Multi-server Authentication Protocol Based on Lu et al. and Tsai and Lo’s Scheme

The simple password based authentication techniques have been evolving into more secure and advanced protocols, capable of countering the advanced breed of threats. Following this development, the multi-server authentication (MSA), lets subscribers the provision of services from various service providers out of a single registration performed initially. The user seeks to register from registration centre first, and could avail a range of services onwards. The research efforts on MSA based framework, for making it lightweight and security resilient, has been going on a reasonable pace. However, yet we have not come up with a framework that can be relied upon for deployment in an access network bearing nodes that demand low computational cost. Recently, in this regard, Tsai and Lo presented a chaotic map-based multi-server authentication protocol. However, the Tsai and Lo scheme is found vulnerable to key-compromise impersonation attack, Bergamo et al. and password guessing attack by Lu et al. In return, Lu et al. presented a model countering the flaws of Tsai and Lo scheme. We review both schemes and found that Tsai et al. is still vulnerable to more threats, and at the same time, we demonstrate that Lu et al. is also vulnerable to RC-spoofing attack, replay attack, anonymity failure and bears some technical flaws. In this paper, we propose a secure and efficient scheme improved upon Tsai et al. protocol. Besides, this study work presents the formal security analysis using BAN logic and performance efficiency has also been evaluated against contemporary protocols.

Secure and scalable control plane for intra-domain publish-subscribe communication ☆

Abstract Information centric networking (ICN), using architectures such as the Publish-Subscribe Internet Routing Paradigm (PSIRP), is an emerging research area that proposes a transformation of the current host-centric Internet architecture into an architecture where information items are of primary importance. This change allows network functions such as routing and locating to be optimized based on the information items themselves. This new paradigm has recently gained interest, however, it has not yet been adopted or deployed at a large scale. Therefore, this work examines the scalability of this architecture in real network topologies, using the current and the predicted future Internet traffic as an initial model. In particular, this paper measures the scalability of performing a secure intra-domain routing using a network function termed topology management. The number of topology manager instances for a typical European Internet service provider is estimated from current traffic models of voice, video, peer-to-peer, social networking applications (i.e. Facebook, Twitter), and smart grid applications.