Recent realizations of the ICN principle organize content in a hierarchical namespace. We argue that this addressing mode has shortcomings because a single document could be part of several data collections. For instance, Joe's record of his New York Marathon run might be published as a content object with the name /repo/events/NYmarathon/record1234 but would also fit into /repo/users/Joe/record1234. Even further, the content of documents can be very multifaceted such that not all details -e.g. spacial coordinates, timestamps, rankings- can be made available on the name surface. In this paper we show that CCN-style networks enriched with active elements, i.e. content processing/producing entities, can overcome these problems. Exemplarily, we adopt relational data modeling concepts to organize named data and deploy Named Function Networking to implement content addressability which goes beyond the scope of pure, i.e. passive, CCN.
{"title":"Improved content addressability through relational data modeling and in-network processing elements","authors":"Claudio Marxer, C. Tschudin","doi":"10.1145/3125719.3125735","DOIUrl":"https://doi.org/10.1145/3125719.3125735","url":null,"abstract":"Recent realizations of the ICN principle organize content in a hierarchical namespace. We argue that this addressing mode has shortcomings because a single document could be part of several data collections. For instance, Joe's record of his New York Marathon run might be published as a content object with the name /repo/events/NYmarathon/record1234 but would also fit into /repo/users/Joe/record1234. Even further, the content of documents can be very multifaceted such that not all details -e.g. spacial coordinates, timestamps, rankings- can be made available on the name surface. In this paper we show that CCN-style networks enriched with active elements, i.e. content processing/producing entities, can overcome these problems. Exemplarily, we adopt relational data modeling concepts to organize named data and deploy Named Function Networking to implement content addressability which goes beyond the scope of pure, i.e. passive, CCN.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126337511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Peter Kietzmann, Cenk Gündoğan, T. Schmidt, O. Hahm, Matthias Wählisch
In this paper, we start from two observations. First, many application scenarios that benefit from ICN involve battery driven nodes connected via shared media. Second, current link layer technologies are completely ICN agnostic, which prevents filtering of ICN packets at the device driver level. Consequently, any ICN packet, Interest as well as Data, is processed by the CPU. This sacrifices local system resources and disregards link layer support functions such as wireless retransmission. We argue for a mapping of names to MAC addresses to efficiently handle ICN packets, and explore dynamic face-based mapping schemes. We analyze the impact of this link-layer adaptation in real-world experiments and quantitatively compare different configurations. Our findings on resource consumption, and reliability on constrained devices indicate significant gains in larger networks.
{"title":"The need for a name to MAC address mapping in NDN: towards quantifying the resource gain","authors":"Peter Kietzmann, Cenk Gündoğan, T. Schmidt, O. Hahm, Matthias Wählisch","doi":"10.1145/3125719.3125737","DOIUrl":"https://doi.org/10.1145/3125719.3125737","url":null,"abstract":"In this paper, we start from two observations. First, many application scenarios that benefit from ICN involve battery driven nodes connected via shared media. Second, current link layer technologies are completely ICN agnostic, which prevents filtering of ICN packets at the device driver level. Consequently, any ICN packet, Interest as well as Data, is processed by the CPU. This sacrifices local system resources and disregards link layer support functions such as wireless retransmission. We argue for a mapping of names to MAC addresses to efficiently handle ICN packets, and explore dynamic face-based mapping schemes. We analyze the impact of this link-layer adaptation in real-world experiments and quantitatively compare different configurations. Our findings on resource consumption, and reliability on constrained devices indicate significant gains in larger networks.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"109 1-2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120910866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
K. Schneider, Beichuan Zhang, Lan Wang, Lixia Zhang
When splitting traffic for one destination among multiple paths, the employed paths should be loop-free, lest they waste network resources, and the involved routers should be given a high path choice, that is, a high number of potential nexthops. In IP networks this requires the use of a loop-free routing protocol, which limits the achievable path choice. Here we show that, in NDN, we can increase the path choice by combining a Near Loop-free Routing protocol (NLR) with on-demand loop removal at the forwarding layer. NLR routers 1) exclude the incoming face from forwarding, 2) use certain heuristics to minimize routing loops, and 3) remove any remaining loops at the forwarding plane. NLR achieves a higher path choice and path quality than current alternatives, while keeping computation complexity low.
{"title":"Near loop-free routing: increasing path choices with stateful forwarding","authors":"K. Schneider, Beichuan Zhang, Lan Wang, Lixia Zhang","doi":"10.1145/3125719.3132098","DOIUrl":"https://doi.org/10.1145/3125719.3132098","url":null,"abstract":"When splitting traffic for one destination among multiple paths, the employed paths should be loop-free, lest they waste network resources, and the involved routers should be given a high path choice, that is, a high number of potential nexthops. In IP networks this requires the use of a loop-free routing protocol, which limits the achievable path choice. Here we show that, in NDN, we can increase the path choice by combining a Near Loop-free Routing protocol (NLR) with on-demand loop removal at the forwarding layer. NLR routers 1) exclude the incoming face from forwarding, 2) use certain heuristics to minimize routing loops, and 3) remove any remaining loops at the forwarding plane. NLR achieves a higher path choice and path quality than current alternatives, while keeping computation complexity low.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124502947","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Zhiyi Zhang, Yingdi Yu, A. Afanasyev, J. Burke, Lixia Zhang
As a proposed Internet architecture, Named Data Networking must provide effective security support: data authenticity, confidentiality, and availability. This poster focuses on supporting data confidentiality via encryption. The main challenge is to provide an easy-to-use key management mechanism that ensures only authorized parties are given the access to protected data. We describe the design of name-based access control (NAC) which provides automated key management by developing systematic naming conventions for both data and cryptographic keys. We also discuss an enhanced version of NAC that leverages attribute-based encryption mechanisms (NAC-ABE) to improve the flexibility of data access control and reduce communication, storage, and processing overheads.
{"title":"NAC: name-based access control in named data networking","authors":"Zhiyi Zhang, Yingdi Yu, A. Afanasyev, J. Burke, Lixia Zhang","doi":"10.1145/3125719.3132102","DOIUrl":"https://doi.org/10.1145/3125719.3132102","url":null,"abstract":"As a proposed Internet architecture, Named Data Networking must provide effective security support: data authenticity, confidentiality, and availability. This poster focuses on supporting data confidentiality via encryption. The main challenge is to provide an easy-to-use key management mechanism that ensures only authorized parties are given the access to protected data. We describe the design of name-based access control (NAC) which provides automated key management by developing systematic naming conventions for both data and cryptographic keys. We also discuss an enhanced version of NAC that leverages attribute-based encryption mechanisms (NAC-ABE) to improve the flexibility of data access control and reduce communication, storage, and processing overheads.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121375806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An approach to creating secure virtual private networks for the Named Data Networking (NDN) protocol suite is described. It encrypts and encapsulates NDN packets from higher security domains and places them as the payload in unencrypted NDN packets, much as IPsec encapsulates encrypted IP datagrams in unencrypted IP datagrams. We then leverage the well-known properties of the IP-in-IP approach, taken by IPsec in tunnel mode, to understand the strengths and weaknesses of the proposed NDN-in-NDN approach.
{"title":"Realizing a virtual private network using named data networking","authors":"C. Partridge, S. Nelson, D. Kong","doi":"10.1145/3125719.3125720","DOIUrl":"https://doi.org/10.1145/3125719.3125720","url":null,"abstract":"An approach to creating secure virtual private networks for the Named Data Networking (NDN) protocol suite is described. It encrypts and encapsulates NDN packets from higher security domains and places them as the payload in unencrypted NDN packets, much as IPsec encapsulates encrypted IP datagrams in unencrypted IP datagrams. We then leverage the well-known properties of the IP-in-IP approach, taken by IPsec in tunnel mode, to understand the strengths and weaknesses of the proposed NDN-in-NDN approach.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122469998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Secure deployment of a vehicular network depends on the network's trust establishment and privacy-preserving capability. In this paper, we propose a scheme for anonymous pseudonym-renewal and pseudonymous authentication for vehicular ad-hoc networks over a data-centric Internet architecture called Named Data networking (NDN). We incorporated our design in a traffic information sharing demo application and deployed it on Raspberry Pi-based miniature cars for evaluation.
{"title":"Anonymous authentication and pseudonym-renewal for VANET in NDN","authors":"Muktadir Chowdhury, Ashlesh Gawande, Lan Wang","doi":"10.1145/3125719.3132111","DOIUrl":"https://doi.org/10.1145/3125719.3132111","url":null,"abstract":"Secure deployment of a vehicular network depends on the network's trust establishment and privacy-preserving capability. In this paper, we propose a scheme for anonymous pseudonym-renewal and pseudonymous authentication for vehicular ad-hoc networks over a data-centric Internet architecture called Named Data networking (NDN). We incorporated our design in a traffic information sharing demo application and deployed it on Raspberry Pi-based miniature cars for evaluation.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"231 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122773164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Loïc Dauphin, E. Baccelli, C. Adjih, Hauke Petersen
In this paper, we demonstrate how NDN can be used as network primitive on low-cost robots with the Robot Operating System (ROS).
在本文中,我们演示了如何将NDN用作具有机器人操作系统(ROS)的低成本机器人的网络原语。
{"title":"Demo: NDN-based IoT robotics","authors":"Loïc Dauphin, E. Baccelli, C. Adjih, Hauke Petersen","doi":"10.1145/3125719.3132097","DOIUrl":"https://doi.org/10.1145/3125719.3132097","url":null,"abstract":"In this paper, we demonstrate how NDN can be used as network primitive on low-cost robots with the Robot Operating System (ROS).","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"306 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122980849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
P. Zuraniewski, Niels L. M. van Adrichem, D. Ravesteijn, W. IJntema, C. Papadopoulos, Chengyu Fan
Named-Data Networking (NDN) is proposed as an approach to evolve the Internet infrastructure from a host- to an information-centric (ICN) approach, which is better suited to the current usage of the Internet. However, the deployment of a global NDN-based Internet is still a long way out of reach. The most likely scenario for a global NDN network will be the one based on NDN 'islands' or domains, where interior forwarding and routing of packets is based on NDN principles. The interconnection of NDN domains involves human configuration to set up IP tunnels, implying an unscalable, tedious and error-prone process resulting in static configuration incapable of reacting to ad-hoc requirements or network changes. Leveraging the flexibility of Software-Defined Networking (SDN) can solve aforementioned problems. Due to its dynamic nature, SDN can automatically recognize an NDN service and instruct switches to set up the configuration for actual service deployment. Such a solution significantly eases the deployment of NDN networks. In this paper, we propose a hybrid solution where we combine Software-Defined Networking, more specifically OpenFlow, and eBPF to perform control plane configuration and data plane programmability respectively, to realize connectivity within and across NDN domains. To do so, we have designed eBPF filters that match on NDN traffic, extended the OpenFlow protocol to configure switch data planes with these match filters and enhanced an OpenFlow switch to act accordingly. Our OpenFlow controller written for Ryu performs routing on NDN names and configures switches correspondingly. Additionally, our controller detects NDN domains and sets up IP tunnels between them. Our evaluation shows that our proof-of-concept on, among others, the SciNet testbed autoconfigures an NDN network, successfully providing end-to-end NDN network functionality across multiple domains.
{"title":"Facilitating ICN deployment with an extended openflow protocol","authors":"P. Zuraniewski, Niels L. M. van Adrichem, D. Ravesteijn, W. IJntema, C. Papadopoulos, Chengyu Fan","doi":"10.1145/3125719.3125729","DOIUrl":"https://doi.org/10.1145/3125719.3125729","url":null,"abstract":"Named-Data Networking (NDN) is proposed as an approach to evolve the Internet infrastructure from a host- to an information-centric (ICN) approach, which is better suited to the current usage of the Internet. However, the deployment of a global NDN-based Internet is still a long way out of reach. The most likely scenario for a global NDN network will be the one based on NDN 'islands' or domains, where interior forwarding and routing of packets is based on NDN principles. The interconnection of NDN domains involves human configuration to set up IP tunnels, implying an unscalable, tedious and error-prone process resulting in static configuration incapable of reacting to ad-hoc requirements or network changes. Leveraging the flexibility of Software-Defined Networking (SDN) can solve aforementioned problems. Due to its dynamic nature, SDN can automatically recognize an NDN service and instruct switches to set up the configuration for actual service deployment. Such a solution significantly eases the deployment of NDN networks. In this paper, we propose a hybrid solution where we combine Software-Defined Networking, more specifically OpenFlow, and eBPF to perform control plane configuration and data plane programmability respectively, to realize connectivity within and across NDN domains. To do so, we have designed eBPF filters that match on NDN traffic, extended the OpenFlow protocol to configure switch data planes with these match filters and enhanced an OpenFlow switch to act accordingly. Our OpenFlow controller written for Ryu performs routing on NDN names and configures switches correspondingly. Additionally, our controller detects NDN domains and sets up IP tunnels between them. Our evaluation shows that our proof-of-concept on, among others, the SciNet testbed autoconfigures an NDN network, successfully providing end-to-end NDN network functionality across multiple domains.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"390 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131465513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A key paradigm of Information Centric Networking (ICN) is that the content-based security, privacy and access control are deployed directly in the network layer. However, there is a gap between security in the network and application layers. This creates a vulnerable space for cyber attacks from inside a device. To address this problem, we discuss and present a guideline on ICN access control. Since a semi-trusted proxy has been seen as an advantageous solution for access control and efficiency in content sharing services, we introduce the proxy in a consumer's device and propose an in-device proxy re-encryption service (IPRES) architecture for efficiency in both access control management and resource usage.
{"title":"IPRES: in-device proxy re-encryption service for secure ICN","authors":"K. Suksomboon, A. Tagami, A. Basu, Jun Kurihara","doi":"10.1145/3125719.3132089","DOIUrl":"https://doi.org/10.1145/3125719.3132089","url":null,"abstract":"A key paradigm of Information Centric Networking (ICN) is that the content-based security, privacy and access control are deployed directly in the network layer. However, there is a gap between security in the network and application layers. This creates a vulnerable space for cyber attacks from inside a device. To address this problem, we discuss and present a guideline on ICN access control. Since a semi-trusted proxy has been seen as an advantageous solution for access control and efficiency in content sharing services, we introduce the proxy in a consumer's device and propose an in-device proxy re-encryption service (IPRES) architecture for efficiency in both access control management and resource usage.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124633527","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Augé, G. Carofiglio, Marcel Enguehard, L. Muscariello, M. Sardara
Information-Centric Networking (ICN) has been proposed as an alternative to IP for future networks such as 5G. To speed up its development and adoption, researchers and engineers require testing tools that are both simple and scalable. In particular, it is crucial to be able to quickly deploy ICN-enabled network topologies in a flexible and efficient manner. In this demonstration, we showcase vICN (virtualized ICN), a platform that enables easy deployment, orchestration and management of ICN networks. vICN uses standard virtualization technologies such as Linux Containers (LXC) and is fully integrated with the CICN suite to enable flexible testing of ICN technologies on general-purpose hardware. Furthermore, it can perform live monitoring and modification of the network. In particular, we use vICN to deploy a simple topology that consists of 9 nodes. We show that vICN bootstraps the topology in about 60s on commodity hardware. We then demonstrate how vICN interacts with the virtualized network and how it can be used for easy experimentation.
{"title":"Simple and efficient ICN network virtualization with vICN","authors":"J. Augé, G. Carofiglio, Marcel Enguehard, L. Muscariello, M. Sardara","doi":"10.1145/3125719.3132100","DOIUrl":"https://doi.org/10.1145/3125719.3132100","url":null,"abstract":"Information-Centric Networking (ICN) has been proposed as an alternative to IP for future networks such as 5G. To speed up its development and adoption, researchers and engineers require testing tools that are both simple and scalable. In particular, it is crucial to be able to quickly deploy ICN-enabled network topologies in a flexible and efficient manner. In this demonstration, we showcase vICN (virtualized ICN), a platform that enables easy deployment, orchestration and management of ICN networks. vICN uses standard virtualization technologies such as Linux Containers (LXC) and is fully integrated with the CICN suite to enable flexible testing of ICN technologies on general-purpose hardware. Furthermore, it can perform live monitoring and modification of the network. In particular, we use vICN to deploy a simple topology that consists of 9 nodes. We show that vICN bootstraps the topology in about 60s on commodity hardware. We then demonstrate how vICN interacts with the virtualized network and how it can be used for easy experimentation.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"250 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125778884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: