This document describes the demo of our NDN-Opp framework which brings Named-Data Networking to Opportunistic Networks. Our implementation attempts to leverage all communication opportunities, supports intermittently connected device-to-device communication links and push models. We are also experimenting with acknowledgement mechanisms and connection-less transfer of packets.
{"title":"Demo: named-data networking in opportunistic network","authors":"Seweryn Dynerowicz, P. Mendes","doi":"10.1145/3125719.3132107","DOIUrl":"https://doi.org/10.1145/3125719.3132107","url":null,"abstract":"This document describes the demo of our NDN-Opp framework which brings Named-Data Networking to Opportunistic Networks. Our implementation attempts to leverage all communication opportunities, supports intermittently connected device-to-device communication links and push models. We are also experimenting with acknowledgement mechanisms and connection-less transfer of packets.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125217647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Content-Centric Networking (CCN) is a network architecture for transferring named content from producers to consumers upon request. The name-to-content binding is cryptographically enforced with a digital signature generated by the producer. Thus, content integrity and origin authenticity are core features of CCN. In contrast, content confidentiality and privacy are left to the applications. The typically advocated approach for protecting sensitive content is to use encryption, i.e., restrict access to those who have appropriate decryption key(s). Moreover, content is typically encrypted once for identical requests, meaning that many consumers obtain the same encrypted content. From a privacy perspective, this is a step backwards from the "secure channel" approach in today's IP-based Internet, e.g., TLS or IPSec. In this paper, we assess the privacy pitfalls of this approach, particularly, when the adversary learns some auxiliary information about popularity of certain plaintext content. Merely by observing (or learning) the frequency of requested content, the adversary can learn which encrypted corresponds to which plaintext data. We evaluate this attack using a custom CCN simulator and show that even moderately accurate popularity information suffices for accurate mapping. We also show how the adversary can exploit caches to learn content popularity information. The adversary needs to know the content namespace in order to succeed. Our results show that encryption-based access control is insufficient for privacy in CCN. More extensive counter-measures (such as namespace restrictions and content replication) are needed to mitigate the attack.
{"title":"When encryption is not enough: privacy attacks in content-centric networking","authors":"Cesar Ghali, G. Tsudik, Christopher A. Wood","doi":"10.1145/3125719.3125723","DOIUrl":"https://doi.org/10.1145/3125719.3125723","url":null,"abstract":"Content-Centric Networking (CCN) is a network architecture for transferring named content from producers to consumers upon request. The name-to-content binding is cryptographically enforced with a digital signature generated by the producer. Thus, content integrity and origin authenticity are core features of CCN. In contrast, content confidentiality and privacy are left to the applications. The typically advocated approach for protecting sensitive content is to use encryption, i.e., restrict access to those who have appropriate decryption key(s). Moreover, content is typically encrypted once for identical requests, meaning that many consumers obtain the same encrypted content. From a privacy perspective, this is a step backwards from the \"secure channel\" approach in today's IP-based Internet, e.g., TLS or IPSec. In this paper, we assess the privacy pitfalls of this approach, particularly, when the adversary learns some auxiliary information about popularity of certain plaintext content. Merely by observing (or learning) the frequency of requested content, the adversary can learn which encrypted corresponds to which plaintext data. We evaluate this attack using a custom CCN simulator and show that even moderately accurate popularity information suffices for accurate mapping. We also show how the adversary can exploit caches to learn content popularity information. The adversary needs to know the content namespace in order to succeed. Our results show that encryption-based access control is insufficient for privacy in CCN. More extensive counter-measures (such as namespace restrictions and content replication) are needed to mitigate the attack.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132873791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The demonstration presented in this document aims to show how to use the GÉANT Testbed Service (GTS) to create personalized global-scale ICN testbeds. The demonstration will illustrate to the audience how to easily define network topologies and deploy ICN experiments based on both NDN and CICN implementations. Additionally, it will show how using GTS in combination with vICN, the orchestration and management service from the CICN project, most of the tasks necessary for an ICN deployments can be automatized, speeding up the configuration of ICN experiments. As use-case scenarios, other than sample applications from NDN and CICN, we will deploy an implementation of the SAID protocol developed from CICN code.
{"title":"ICN personalized global-scale testbed using GTS","authors":"J. Benedetto, M. Arumaithurai, Xiaoming Fu","doi":"10.1145/3125719.3132095","DOIUrl":"https://doi.org/10.1145/3125719.3132095","url":null,"abstract":"The demonstration presented in this document aims to show how to use the GÉANT Testbed Service (GTS) to create personalized global-scale ICN testbeds. The demonstration will illustrate to the audience how to easily define network topologies and deploy ICN experiments based on both NDN and CICN implementations. Additionally, it will show how using GTS in combination with vICN, the orchestration and management service from the CICN project, most of the tasks necessary for an ICN deployments can be automatized, speeding up the configuration of ICN experiments. As use-case scenarios, other than sample applications from NDN and CICN, we will deploy an implementation of the SAID protocol developed from CICN code.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122640894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Gaurav Panwar, R. Tourani, S. Misra, Abderrahmen Mtibaa
Request aggregation is a fundamental feature of named data networking (NDN). This feature aims to improve consumers' quality of experience and reduce network traffic by reducing content retrieval latency and eliminating redundant communication, respectively. However, the negative aspects of request aggregation have not been studied. In this paper, we inspect different facets of request aggregation and introduce one of its harmful behavior, which can create an implicit Denial of Service (iDoS) vulnerability.
{"title":"Request aggregation: the good, the bad, and the ugly","authors":"Gaurav Panwar, R. Tourani, S. Misra, Abderrahmen Mtibaa","doi":"10.1145/3125719.3132110","DOIUrl":"https://doi.org/10.1145/3125719.3132110","url":null,"abstract":"Request aggregation is a fundamental feature of named data networking (NDN). This feature aims to improve consumers' quality of experience and reduce network traffic by reducing content retrieval latency and eliminating redundant communication, respectively. However, the negative aspects of request aggregation have not been studied. In this paper, we inspect different facets of request aggregation and introduce one of its harmful behavior, which can create an implicit Denial of Service (iDoS) vulnerability.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133365203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Christos-Alexandros Sarros, Adisorn Lertsinsrubtavee, Carlos Molina-Jiménez, Konstantinos Prasopoulos, Sotirios Diamantopoulos, D. Vardalis, A. Sathiaseelan
In this demo we present a NDN-based approach to deploy dockerised services closer to end-users when the network is impaired. We further increase resiliency, employing DTN to tunnel traffic between intermittently connected NDN nodes.
{"title":"ICN-based edge service deployment in challenged networks","authors":"Christos-Alexandros Sarros, Adisorn Lertsinsrubtavee, Carlos Molina-Jiménez, Konstantinos Prasopoulos, Sotirios Diamantopoulos, D. Vardalis, A. Sathiaseelan","doi":"10.1145/3125719.3132096","DOIUrl":"https://doi.org/10.1145/3125719.3132096","url":null,"abstract":"In this demo we present a NDN-based approach to deploy dockerised services closer to end-users when the network is impaired. We further increase resiliency, employing DTN to tunnel traffic between intermittently connected NDN nodes.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122104898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sharing content has become part of our lives; Twitter for instance, is one of the most popular application in this area with millions of users in the entire world. At the same time, in the recent years, Named-Data Networking has become a promising network infrastructure, with continuous growth and collaborating teams that are working on it. In this paper we describe Now@, aiming to increase the impact of NDN near the end user with an Android application that allows them to exchange data based on their interests. To achieve this goal, we have developed Now@ based on synchronization of data. Now@ can operate on top of NFD Android allowing data exchange via wireless Internet and on top of NDN-Opp allowing data to be exchanged even in the presence of intermittent connectivity.
{"title":"Now@: content sharing application over NDN","authors":"Omar Aponte, P. Mendes","doi":"10.1145/3125719.3132109","DOIUrl":"https://doi.org/10.1145/3125719.3132109","url":null,"abstract":"Sharing content has become part of our lives; Twitter for instance, is one of the most popular application in this area with millions of users in the entire world. At the same time, in the recent years, Named-Data Networking has become a promising network infrastructure, with continuous growth and collaborating teams that are working on it. In this paper we describe Now@, aiming to increase the impact of NDN near the end user with an Android application that allows them to exchange data based on their interests. To achieve this goal, we have developed Now@ based on synchronization of data. Now@ can operate on top of NFD Android allowing data exchange via wireless Internet and on top of NDN-Opp allowing data to be exchanged even in the presence of intermittent connectivity.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121228489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
NDN data plane relays name-based packets by maintaining three tables: Content Store, Pending Interest Table and Forwarding Information Base. The three tables require similar but different schemes to be matched and updated in a nearly per-packet fashion, thus individual data structure is required for each table. In this work, we propose a unified data structure of name lookup for all three tables, namely CTrie, aiming at reducing the computational cost from three pipelined lookup rounds down to one unified round. CTrie extends the original Patricia trie to a combinational trie structure built from both component-based and byte-based hierarchical names. We compared CTrie with other approaches in speed and memory. The results show that CTrie runs 3.2 times faster and consumes about 38% memory than the current ones in terms of the whole data plane. CTrie fits for all application scenarios of NDN and especially well for IoT like lightweight-deployed scenarios.
NDN数据平面通过维护三个表(Content Store、Pending Interest Table和Forwarding Information Base)来转发基于名称的报文。这三个表需要以几乎每个数据包的方式匹配和更新相似但不同的模式,因此每个表都需要单独的数据结构。在这项工作中,我们提出了一个统一的名称查找数据结构,即CTrie,旨在将计算成本从三个流水线查找轮询减少到一个统一的轮询。CTrie将原来的Patricia trie扩展为基于组件和基于字节的层次结构名称构建的组合trie结构。我们将CTrie与其他方法在速度和内存方面进行了比较。结果表明,就整个数据平面而言,CTrie的运行速度比当前快3.2倍,消耗的内存约为38%。CTrie适用于NDN的所有应用场景,尤其适用于物联网(如轻量部署场景)。
{"title":"A unified data structure of name lookup for NDN data plane","authors":"Miaomiao Liu, Tian Song, Yating Yang, Beichuan Zhang","doi":"10.1145/3125719.3132103","DOIUrl":"https://doi.org/10.1145/3125719.3132103","url":null,"abstract":"NDN data plane relays name-based packets by maintaining three tables: Content Store, Pending Interest Table and Forwarding Information Base. The three tables require similar but different schemes to be matched and updated in a nearly per-packet fashion, thus individual data structure is required for each table. In this work, we propose a unified data structure of name lookup for all three tables, namely CTrie, aiming at reducing the computational cost from three pipelined lookup rounds down to one unified round. CTrie extends the original Patricia trie to a combinational trie structure built from both component-based and byte-based hierarchical names. We compared CTrie with other approaches in speed and memory. The results show that CTrie runs 3.2 times faster and consumes about 38% memory than the current ones in terms of the whole data plane. CTrie fits for all application scenarios of NDN and especially well for IoT like lightweight-deployed scenarios.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126980775","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Sardara, L. Muscariello, J. Augé, Marcel Enguehard, Alberto Compagno, G. Carofiglio
To assess the feasibility and potential for deployment of new networking paradigms such as ICN, being able to carry out large scale experimentation and tests in real operational networks is crucial. Various platforms have been developed by the research community to support design and evaluation of specific aspects of ICN architecture. Most of them provide ICN-dedicated, small scale or application-specific environments and ad-hoc testing tools, non reusable in other contexts nor in real-world IP deployments. The goal of this paper is to contribute vICN (virtualized ICN), a unified open-source framework for network configuration and management that uses recent progresses in resource isolation and virtualization techniques. It offers a single, flexible and scalable platform to serve different purposes, ranging from reproducible large-scale research experimentation, to demonstrations with emulated and/or physical devices and network resources and to real deployments of ICN in existing IP networks. In the paper, we describe the rationale for vICN and its components, highlighting programmability, scalability and reliability as its core principles. Illustration of vICN properties is provided through concrete examples.
{"title":"Virtualized ICN (vICN): towards a unified network virtualization framework for ICN experimentation","authors":"M. Sardara, L. Muscariello, J. Augé, Marcel Enguehard, Alberto Compagno, G. Carofiglio","doi":"10.1145/3125719.3125726","DOIUrl":"https://doi.org/10.1145/3125719.3125726","url":null,"abstract":"To assess the feasibility and potential for deployment of new networking paradigms such as ICN, being able to carry out large scale experimentation and tests in real operational networks is crucial. Various platforms have been developed by the research community to support design and evaluation of specific aspects of ICN architecture. Most of them provide ICN-dedicated, small scale or application-specific environments and ad-hoc testing tools, non reusable in other contexts nor in real-world IP deployments. The goal of this paper is to contribute vICN (virtualized ICN), a unified open-source framework for network configuration and management that uses recent progresses in resource isolation and virtualization techniques. It offers a single, flexible and scalable platform to serve different purposes, ranging from reproducible large-scale research experimentation, to demonstrations with emulated and/or physical devices and network resources and to real deployments of ICN in existing IP networks. In the paper, we describe the rationale for vICN and its components, highlighting programmability, scalability and reliability as its core principles. Illustration of vICN properties is provided through concrete examples.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127399377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Khoussi, Davide Pesavento, L. Benmohamed, A. Battou
In this paper we propose NDN-Trace, a path tracing utility to determine the characteristics of the available paths to reach a given name prefix in NDN-based networks. While the traceroute tool in IP networks is based on an iterative process, with each iteration incrementally traversing more hops along the path to the target, we adopt a non-iterative approach, with the tracing process done at the application layer. Our design supports multi-path tracing that can be used to trace paths to NDN forwarding nodes, applications, or content store caches, while providing path information (node identifiers and round-trip times), as well as optional metrics such as those related to content stores. NDN-Trace leverages NDN's native Interest/Data exchange and does not require changes to NDN forwarding. We present a C++ implementation of our design, and show experimental results that demonstrate its capabilities. We also discuss open issues and future work, including an approach to implement path tracing within the NDN forwarder itself.
{"title":"NDN-trace: a path tracing utility for named data networking","authors":"S. Khoussi, Davide Pesavento, L. Benmohamed, A. Battou","doi":"10.1145/3125719.3125738","DOIUrl":"https://doi.org/10.1145/3125719.3125738","url":null,"abstract":"In this paper we propose NDN-Trace, a path tracing utility to determine the characteristics of the available paths to reach a given name prefix in NDN-based networks. While the traceroute tool in IP networks is based on an iterative process, with each iteration incrementally traversing more hops along the path to the target, we adopt a non-iterative approach, with the tracing process done at the application layer. Our design supports multi-path tracing that can be used to trace paths to NDN forwarding nodes, applications, or content store caches, while providing path information (node identifiers and round-trip times), as well as optional metrics such as those related to content stores. NDN-Trace leverages NDN's native Interest/Data exchange and does not require changes to NDN forwarding. We present a C++ implementation of our design, and show experimental results that demonstrate its capabilities. We also discuss open issues and future work, including an approach to implement path tracing within the NDN forwarder itself.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121999941","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In classic ICN where delivery of named data cannot be guarded, access control is usually implemented by first encrypting the data and secondly by providing the corresponding data encryption keys (DEKs) to authorized users only: Authorized users will obtain DEKs in encrypted form, wrapped with their public key. This approach has three shortcomings which we address in this paper. (a) Key management is tedious if it has to be done on a per-principle basis, (b) access granularity for single documents should be extended to document collections (e.g. namespace sub-trees) and data cubes (sub-elements within data records), (c) there needs to be support for access right propagation across data aggregation and derivation chains.
{"title":"Schematized access control for data cubes and trees","authors":"Claudio Marxer, C. Tschudin","doi":"10.1145/3125719.3125736","DOIUrl":"https://doi.org/10.1145/3125719.3125736","url":null,"abstract":"In classic ICN where delivery of named data cannot be guarded, access control is usually implemented by first encrypting the data and secondly by providing the corresponding data encryption keys (DEKs) to authorized users only: Authorized users will obtain DEKs in encrypted form, wrapped with their public key. This approach has three shortcomings which we address in this paper. (a) Key management is tedious if it has to be done on a per-principle basis, (b) access granularity for single documents should be extended to document collections (e.g. namespace sub-trees) and data cubes (sub-elements within data records), (c) there needs to be support for access right propagation across data aggregation and derivation chains.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125115192","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: