Reza Tourani

Secure content delivery in information-centric networks: design, implementation, and analyses

In this paper, we propose a novel secure content delivery framework, for an information-centric network, which will enable content providers (e.g., Netflix and Youtube) to securely disseminate their content to legitimate users via content distribution networks (CDNs) and Internet service providers (ISPs). Use of our framework will enable legitimate users to receive/consume encrypted content cached at a nearby router (CDN or ISP), even when the providers are offline. Our framework would slash system-downtime due to server outages, such as that recently experienced by Netflix, Pinterest, and Instagram users in the US (October 22, 2012). It will also help the providers utilize in-network caches for shaping content transmission and reducing delivery latency. We discuss the handling of security, access control, and system dynamics challenges and demonstrate the practicality of our framework by implementing it on a CCNx testbed.

Security, Privacy, and Access Control in Information-Centric Networking: A Survey

Information-centric networking (ICN) replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet and mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents’ origin. Content and client security, provenance, and identity privacy are intrinsic by design in the ICN paradigm as opposed to the current host centric paradigm where they have been instrumented as an after-thought. However, given its nascency, the ICN paradigm has several open security and privacy concerns. In this paper, we survey the existing literature in security and privacy in ICN and present open questions. More specifically, we explore three broad areas: 1) security threats; 2) privacy risks; and 3) access control enforcement mechanisms. We present the underlying principle of the existing works, discuss the drawbacks of the proposed approaches, and explore potential future research directions. In security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning. In privacy, we discuss user privacy and anonymity, name and signature privacy, and content privacy. ICN’s feature of ubiquitous caching introduces a major challenge for access control enforcement that requires special attention. We review existing access control mechanisms including encryption-based, attribute-based, session-based, and proxy re-encryption-based access control schemes. We conclude the survey with lessons learned and scope for future work.

Catch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks

Internet traffic is increasingly becoming multimedia-centric. Its growth is driven by the fast-growing mobile user base that is more interested in the content rather than its origin. These trends have motivated proposals for a new Internet networking paradigm information-centric networking (ICN). This paradigm requires unique names for packets to leverage pervasive in-network caching, name-based routing, and named-data provenance. However named-data routing makes user censorship easy. Hence an anti-censorship mechanism is imperative to help users mask their named queries to prevent censorship and identification. However, this masking mechanism should not adversely affect request rates. In this paper, we propose such an anti-censorship framework, which is lightweight and specifically targets low compute power mobile devices. We analyze our frameworks information-theoretic secrecy and present perfect secrecy thresholds under different scenarios. We also analyze its breakability and computational security. Experimental results prove the frameworks effectiveness: for requests it adds between 1.3-1.8 times in latency overhead over baseline ICN; significantly lesser than the overhead of the state of the art Tor (up to 38 times over TCP).

Split-Cache: A holistic caching framework for improved network performance in wireless ad hoc networks

Wireless ad hoc networks (WAHNs) consist of autonomous nodes cooperating with each other to transmit/receive data over multiple-hops in the network. Caching is a useful mechanism to leverage this cooperation. Nodes with cached content can satisfy requests from other nodes, thus helping reduce network traffic and energy consumption, and improve latency. With the proliferation of wireless devices on the Internet and the proposal of a future Internet with emphasis on in-network caching, improvements in caching can significantly improve network response while reducing network load. In this paper, we present a holistic caching framework, Split-Cache, which enables a network node to account for the frequency of requests of data items and their presence in the network, and to leverage a split-cache (one part caches popular items and the other caches less popular items) to make caching and cache-eviction decisions. We performed exhaustive simulations to compare Split-Cache with the state-of-the-art: Split-Cache improved the cache request resolution time on an average by 30% (and as high as 72%), and required 15% less average traffic for resolving requests-large savings when considering large number of requests.

IC-MCN: An architecture for an information-centric mobile converged network

Rapid increases in bandwidth-intensive communications on mobile devices is challenging the Internets scalability. Mobile converged networking, with its threefold convergence of technology, service, and network, is receiving significant attention as a potential solution to this problem. Unfortunately, proposed mobile convergence approaches are limited by the prevailing IP-based Internet infrastructure. The inherently host-centric IP lacks scalability to accommodate an explosion in multimedia content traffic, especially in the context of mobile convergence. Information-centric networking, a new networking paradigm, has been proposed to overcome IPs scalability problems. By routing requests and data using content names instead of host addresses, information-centric networking enables the exploitation of in-network caching, multi-homing, and multiple radio technologies, and avoids the restrictions of a host-centric foundation. We believe that information- centric networking can play a central role in a mobile converged network. We use named data networking, a popular information- centric networking architecture, as the foundation for a novel information-centric mobile converged network (IC-MCN). Our architecture allows different networks, multiple interfaces, and in-network caching to all be leveraged effectively by mobile devices. We discuss the details of the architecture, identify its advantages, and explore open challenges to the creation of a practical IC-MCN for the future.

MuNCC: Multi-hop Neighborhood Collaborative Caching in Information Centric Networks

Caching strategies in Information-Centric Networks (ICNs) can be classified into the categories of individual caching, on-path caching, and collaborative caching. Each has several drawbacks, such as high content redundancy in individual caching, unutilized caching capacity in on-path caching, and high coordination cost in collaborative caching. Despite the relatively higher cost of coordination, collaborative caching offers several advantages over the other categories, namely low latency and better cache utilization. A collaborative caching mechanism with low coordination costs that still possesses the inherent advantages has not been proposed in the literature. In this paper, we aim to address this missing link by presenting MuNCC, a scalable collaborative caching scheme, which utilizes a node’s neighborhood caching capacity and has negligible communication overhead. MuNCC uses attenuated Bloom filters, augmented by a two-level node cache structure and an efficient cache redundancy elimination technique. Exhaustive simulation-based comparison of MuNCC against the state-of-the-art shows that it reduces content retrieval latency by 30% to 40% while maintaining a high level of cache utilization and incurring low overheads.

LASeR: Lightweight Authentication and Secured Routing for NDN IoT in Smart Cities

Recent literature suggests that the Internet of Things (IoT) scales much better in an information-centric networking (ICN) model instead of the current host-centric Internet protocol (IP) model. In particular, the named data networking (NDN) project (one of the ICN architecture flavors) offers features exploitable by IoT applications, such as stateful forwarding, in-network caching, and built-in assurance of data provenance. Though NDN-based IoT frameworks have been proposed, none have adequately and holistically addressed concerns related to secure onboarding and routing. Additionally, emerging IoT applications such as smart cities require high scalability and thus pose new challenges to NDN routing. Therefore, in this paper, we propose and evaluate a novel, scalable framework for lightweight authentication and hierarchical routing in the NDN IoT. Our ns-3 based simulation analyses demonstrate that our framework is scalable and efficient. It supports deployment densities as high as 40 000 nodes/km2 with an average onboarding convergence time of around 250 s and overhead of less than 20 kibibytes per node. This demonstrates its efficacy for emerging large-scale IoT applications such as smart cities.

iCenS: An information-centric smart grid network architecture

Smart grid technologies will equip the electrical grid of the future with two-way information flow between grid entities and consumers. This bidirectional information flow facilitates improved grid monitoring, control automation, energy efficiency, and sustainability. Several smart grid networking architectures have been proposed recently. However, the majority of these are restricted to subdomains such as home area networks or substation networks, or are not scalable. There is a need for an overarching and inclusive communication architecture which accounts for all smart grid communication scenarios. In this paper, we propose iCenS, a holistic smart grid networking architecture. We identify various communication scenarios, elaborate on the suitability of iCenS, and discuss how it can be used to solve smart grid networking challenges. We also present simulation results demonstrating the scalability of our design and its effectiveness in serving various types of smart grid traffic.

Capacity of Large-Scale Wireless Networks Under Jamming: Modeling and Analyses

Distributed jamming has important applications not only in the military context but also in the civilian context, where spectrum sharing is increasingly used and inadvertent jamming becomes a reality. In this paper, we derive the capacity bounds of wireless networks in the presence of jamming. We show that when the density of jammers is higher than that of target nodes by a certain threshold, the capacity of wireless networks approaches zero as the numbers of target nodes and jammers go to infinity. This is true even when the total power of target nodes is much higher than that of the jammers. We provide the optimal communication schemes to achieve the capacity bounds. We also describe the power efficiency of wireless networks, showing that there is an optimal target node density for power-efficient network operation. Our results can provide guidance for designing optimal wireless networking protocols that have to deal with large-scale distributed jamming.

AccConF: An Access Control Framework for Leveraging In-network Cached Data in the ICN-Enabled Wireless Edge

The fast-growing Internet traffic is increasingly becoming content-based and driven by mobile users, with users more interested in data rather than its source. This has precipitated the need for an information-centric Internet architecture. Research in information-centric networks (ICNs) have resulted in novel architectures, e.g., CCN/NDN, DONA, and PSIRP/PURSUIT; all agree on named data based addressing and pervasive caching as integral design components. With network-wide content caching, enforcement of content access control policies become non-trivial. Each caching node in the network needs to enforce access control policies with the help of the content provider. This becomes inefficient and prone to unbounded latencies especially during provider outages. In this paper, we propose an efficient access control framework for ICN, which allows legitimate users to access and use the cached content directly, and does not require verification/authentication by an online provider authentication server or the content serving router. This framework would help reduce the impact of system down-time from server outages and reduce delivery latency by leveraging caching while guaranteeing access only to legitimate users. Experimental/simulation results demonstrate the suitability of this scheme for all users, but particularly for mobile users, especially in terms of the security and latency overheads.