A multifold approach to address the security issues of stateful forwarding mechanisms in Information-Centric Networks.

Doctoral thesis (2018)

Today's Internet dominant usage trends motivate research on more content-oriented future network architectures. Among the emerging future Internet proposals, the promising Information-Centric Networking ... [more ▼]

Today's Internet dominant usage trends motivate research on more content-oriented future network architectures. Among the emerging future Internet proposals, the promising Information-Centric Networking (ICN) research paradigm aims to redesign the Internet's core protocols to promote a shift in focus from hosts to contents. Among the ICN architectures, the Named-Data Networking (NDN) envisions users' named content requests to be forwarded and recorded by their names in routers along the path from one consumer to 1-or-many sources. The Pending Interest Table (PIT) is the NDN's data-plane component which temporarily records forwarded content requests in routers. On one hand, the PIT stateful mechanism enables properties like requests aggregation, multicast responses delivery and native hop-by-hop control flow. On the other hand, the PIT stateful forwarding behavior can be easily abused by malicious users to mount disruptive distributed denial of service attacks (DDoS), named Interest Flooding Attacks (IFAs). In IFAs, loosely coordinated botnets flood the network with a large amount of hard to satisfy requests with the aim to overload both the network infrastructure and the content producers. Countermeasures against IFA have been proposed since the early attack discovery. However, a fair understanding of the defense mechanisms' real efficacy is missing since those have been tested under simplistic assumptions about the evaluation scenarios. Thus, overall, the IFA security threat still appears easy to launch but hard to mitigate. This dissertation work shapes a better understanding of both the implications of IFAs and the possibilities of improving the state-of-the-art defense mechanisms against these attacks. The contributions of this work include the definition of a more complete and realistic attacker model for IFAs, the design of novel stealthy IFAs built upon the proposed attacker model, a re-assessment of the most-efficient state-of-the-art IFA countermeasures against the novel proposed attacks, the theorization and one concrete design of a novel class of IFA countermeasures to efficiently address the novel stealthy IFAs. Finally, this work also seminally proposes to leverage the latest programmable data-plane technologies to design and test alternative forwarding mechanisms for the NDN which could be less vulnerable to the IFA threat. [less ▲]

Security Challenges in future NDN-Enabled VANETs

in In the Proceedings of the 3rd International Workshop on the Emerging Future Internet and Network Security (EFINS 2016) - IEEE TrustCom-16 (2016, August)

Understanding the Social impact of ICN: between myth and reality

in AI & Society: Journal of Knowledge, Culture and Communication (2016)

The Information Centric Networking (ICN) paradigm is attracting more and more interest from the research community due to its peculiarities that make it one of the best candidates for constructing the ... [more ▼]

The Information Centric Networking (ICN) paradigm is attracting more and more interest from the research community due to its peculiarities that make it one of the best candidates for constructing the Future Internet. For this reason, there are many papers in literature that study how to transform ICN principles in reality in order to magnify its relevance for the society. In order to provide a solid summary of the state of the art, the present contribution tries to summarize the main findings related to this research field. In particular, an overview on the most important ICN architectures, their main aspects, common networking approaches, and differences, is provided. Moreover, the work carried out in standardization bodies, with particular attention to the list of baseline scenarios defined in this context, is illustrated. Also the main international projects that are trying to integrate ICN networking primitives in pioneering use cases are presented, describing proposed architectures and related challenges for enabling information-centric primitives in current network infrastructures. Finally, the work highlights design principles and core components to build ICN-enabled network devices. [less ▲]