SlideShare a Scribd company logo

Security issues in content centric networks-review2

A
anushreerocks

This document discusses security issues in content-centric networks. It begins with an overview of the basics of named-data networking (NDN), including its key features and data structures. It then covers security aspects of NDN, including authentication, integrity, confidentiality, and comparisons to TCP/IP security. Several NDN network simulations are described, including simple, congestion, and load balancing scenarios. The document concludes with topics for future work on green NDN networks.

Engineering
1 of 36
Download to read offline
SECURITY ISSUES IN CONTENT-CENTRIC NETWORKS Guided by: Prof. Gaurang Raval Made by: Anushree Juthani, Information and Network Security(CSE) Nirma University
Outline • Basics of Named-Data Networking • Security Aspects • Sample simulation • References
Basics of Named-Data Networking • An evolution of the conventional TCP/IP architecture • Features:  Fetching data by name, not IP addresses  Optimal content distribution  painless mobility, wireless, virtualization, ...  same scalability & efficiency as TCP/IP  simple, secure, robust configuration  much better security
• IP Protocol Basics of Named-Data Networking Underlying Communication is destination-driven Challenges:  Distribute data to a large group of Users  Increases load on the producer  Difficult to handle mobile users whose addresses change.  Difficult to secure data as it moves from device to device.
• CCN(NDN or ICN)- ask for what you want • Retrieving Named Data through Interest packets and Data packets. • Address space ruled out, namespace ruled in Basics of Named-Data Networking
• 3 data structures in an NDN router: • Pending Interest Table(PIT) • Forwarding Information Base(FIB) • Content Store(CS) Basics of Named-Data Networking
Security Aspects • NDN security is based on the public key cryptography, to provide solutions for the 3 aspects of security: • Confidentiality • Integrity • Authentication • Building Blocks of security in NDN: • Trust Policy:- Trust policies are defined by applications to determine whether a packet or an identity is trustworthy or not. • NDN Certificate:- In NDN, every entity that produces data needs to obtain an NDN certificate to prove the ownership of its namespace and cryptographic materials. • NDN certificate is a Data packet that carries public key information and can be fetched by normal Interest packets. .
Security Aspects Design Considerations of NDN Security: • NDN security should be able to support different trust models for different systems. • Name and naming convention explicitly conveys desired information and can facilitate trust and key management in NDN. • Security properties (data authentication, integrity, and confidentiality) should stay with the data regardless of its location.
Security Aspects Authentication and Integrity: • NDN requires producers to sign every individual Data packet, enabling consumers to verify each incoming Data’s signature, hence ensuring data authentication and integrity. • NDN’s name semantics enables consumers to use name-based trust policies to reason about trust by checking which piece of data is signed by which key. • In this way, trust policies limits the power of each signing key and ensures each trustworthy packet is signed by a legitimate key, providing data authentication.
Security Aspects Authentication:  To authenticate data, a trust model is needed in which:  Trust rules are defined.  One or more trusted keys  Requires cryptographic properties for protection  Trust model should be easily expressible:  help consumer to authenticate data  help producers to sign data
Security Aspects Authentication:  Desired Properties for Trust Policy Definition  Clear definition of relationship rules  Least privilege assignment  Re-use of trust models between applications  Define, debug, and refine common trust models  Make security easy to use
Security Aspects Authentication and Integrity: • The authentication and integrity of incoming Data Packets including certificates are determined by: • validation by name-based trust policies • signature verification  Validation by name-based trust policies:- Structured naming convention of Data packets and keys enabling NDN applications to define rules that only accept packets with desired format of names and name relationships between packet and its signing key.  Signature Verification :- Consumers verify the signatures by the retrieval of certificates of the producers which are identified by key names. The certificate points to its CA and then an anchor. The data packet is considered to be valid if all the fetched certificates have valid signatures and can satisfy the trust policies.
Security Aspects Data Confidentiality:  For active point-to-point sessions, key exchange protocol such as Diffie-Hellman can derive encryption keys for the session and both sides are well aware of the key information.  When sharing data with multiple parties, Diffie-Hellman may not be feasible or efficient. The owner of the data needs to deliver decryption keys to authorized entities.  An optional feature  Not inherent in NDN architecture.
Comparision of security in NDN vs TCP/IP • Security Stays with Network Data: ​In NDN, security properties are inherent with Data Packets which is not the case in conventional TCP/IP architecture. NDN provides a standard packet format for security purpose which is absent in the TCP/IP. • Reduced Cost and Dependencies of Security: Security in conventional TCP/IP turns to be expensive as it has to be applied explicitly. E.g.additional round trips-> compared to pure TCP connection setup, adding TLS 1.2 session setup involves three more round trips,thus increasing time complexity as well as cost. Within NDN, it requires no extra steps for applications to cryptographically secure channel.
Comparision of security in NDN vs TCP/IP • Improved Privacy of Consumer:- In NDN, since normal Interest packets fetch Data packets by name, they do not disclose any information about consumers, while fetched Data packets also contain nothing related to the consumers. While in TCP/IP, IP header carries the source address, which can reveal sensitive info about the consumers along with sensitive meta-data • Mitigated Denial-of-Service:-NDN’s communication pattern naturally mitigates Denial-of-Service(DoS) attacks. While in conventional TCP/IP architecture, it is easy to carry out Distributed DOS attacks.
Sample simulation Using NDNSIM
Simulation of scenario –<ndn-simple> • Commands used:  ./waf --run=<scenario-name>  NS_LOG=ndn.Producer:ndn.Consumer ./waf -- run=<scenario name>  ./waf --run=<scenario-name> --vis
Simulation of scenario –<ndn-grid> • PointToPointLayout NS-3 module. • Consumer is simulated using ConsumerCbr reference application and generates Interests towards the producer with frequency of 100 interests per second • Producer is simulated using Producer class, which is used to satisfy all incoming Interests with virtual payload data (1024 bytes).
Simulation of scenario –<ndn-grid> Simple file compilation
Simulation of scenario –<ndn-grid>  Logging of packets sent from NDN producer to NDN consumer
Simulation of scenario –<ndn-grid>  Graphical visualisation of simulation
Simulation of scenario –<ndn- congestion>  Congestion scenario(1 bottleneck)
Simulation of scenario –<ndn- congestion> Simple file compilation
Simulation of scenario –<ndn- congestion>  Logging of packets sent from NDN producer to NDN consumer
Simulation of scenario –<ndn- congestion>  Graphical visualisation of simulation
Simulation of scenario –<ndn-congestion- alt-topo>  Congestion scenario(2 bottleneck,11 nodes)
Simulation of scenario –<ndn-congestion- alt-topo> Simple file compilation
Simulation of scenario –<ndn-congestion- alt-topo>  Logging of packets sent from NDN producer to NDN consumer
Simulation of scenario –<ndn-congestion- alt-topo>  Graphical visualisation of simulation
Simulation of scenario –<ndn-load- balancer>  Load balancing
Simulation of scenario –<ndn-load- balancer> Simple file compilation
Simulation of scenario –<ndn-load- balancer>  Logging of packets sent from NDN producer to NDN consumer
Simulation of scenario –<ndn-load- balancer>  Graphical visualisation of simulation
FUTURE SCOPE • Green NDN:- An environment-friendly simulation and evolution of NDN ● Objective​:- To operate networking in a highly scalable and energy-efficient way ● Scope and goals:- ○ Reduction of power consumption: ◆ 20% for normal days ◆ 40% for Disasters ○ Seamless services before and after a disaster ○ A framework for collaboration and sharing in order to achieve energy-efficient video delivery.
References • Zhiyi Zhang, Haitao Zhang, Eric Newberry, Spyridon Mastorakis, Yanbiao Li, Alexander Afanasyev, Lixia Zhang. - Security Support in Named Data Networking • Lixia Zhang- Named Data Networking • Schematized Trust -Design and Application by Alex Afanasyev, NDNcomm 2015 • NDN Routing Security- Lan Wang, Beichuan Zhang • Content-Centric Networking- Van Jacobson,Palo Alto Research Center (PARC) • Routing in NDN, Lan Wang (University of Memphis) & the NDN Team FIA PI Meeting
THANK YOU

Recommended

7 ijcse-01229
7 ijcse-012297 ijcse-01229
7 ijcse-01229
Shivlal Mewada
 
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
IJECEIAES
 
5 ijaems jan-2016-16-survey on encryption techniques in delay and disruption ...
5 ijaems jan-2016-16-survey on encryption techniques in delay and disruption ...5 ijaems jan-2016-16-survey on encryption techniques in delay and disruption ...
5 ijaems jan-2016-16-survey on encryption techniques in delay and disruption ...
INFOGAIN PUBLICATION
 
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
cscpconf
 
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET Journal
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
International Journal of Engineering Inventions www.ijeijournal.com
 
1766 1770
1766 17701766 1770
1766 1770
Editor IJARCET
 
Virtualization
VirtualizationVirtualization
Virtualization
Shivam Singh
 

Recommended

7 ijcse-01229
7 ijcse-012297 ijcse-01229
7 ijcse-01229
Shivlal Mewada
 
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
A Survey on Comparisons of Cryptographic Algorithms Using Certain Parameters ...
IJECEIAES
 
5 ijaems jan-2016-16-survey on encryption techniques in delay and disruption ...
5 ijaems jan-2016-16-survey on encryption techniques in delay and disruption ...5 ijaems jan-2016-16-survey on encryption techniques in delay and disruption ...
5 ijaems jan-2016-16-survey on encryption techniques in delay and disruption ...
INFOGAIN PUBLICATION
 
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
cscpconf
 
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET- A Secure Erasure Code-Based Cloud Storage Framework with Secure Inform...
IRJET Journal
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
International Journal of Engineering Inventions www.ijeijournal.com
 
1766 1770
1766 17701766 1770
1766 1770
Editor IJARCET
 
Virtualization
VirtualizationVirtualization
Virtualization
Shivam Singh
 
Accelerated broadcast authentication with signature amortization for wsns
Accelerated broadcast authentication with signature amortization for wsnsAccelerated broadcast authentication with signature amortization for wsns
Accelerated broadcast authentication with signature amortization for wsns
eSAT Publishing House
 
Wireless networks security
Wireless networks securityWireless networks security
Wireless networks security
Mohammed Abdalhakam Taha
 
Secure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile EnvironmentSecure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile Environment
idescitation
 
Lecture12
Lecture12Lecture12
Lecture12
Hardik Padhy
 
Icimt 2010 procediing rp118 vol.2 d10122
Icimt 2010 procediing rp118 vol.2 d10122Icimt 2010 procediing rp118 vol.2 d10122
Icimt 2010 procediing rp118 vol.2 d10122
Gulshan Shrivastava
 
Securing cloud computing environment against d do s attacks
Securing cloud computing environment against d do s attacksSecuring cloud computing environment against d do s attacks
Securing cloud computing environment against d do s attacks
Sampatkumar Satyamurti
 
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
IOSR Journals
 
Prevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming AttackPrevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming Attack
IJCERT
 
Paper id 312201534
Paper id 312201534Paper id 312201534
Paper id 312201534
IJRAT
 
Iaetsd a framework for secure data
Iaetsd a framework for secure dataIaetsd a framework for secure data
Iaetsd a framework for secure data
Iaetsd Iaetsd
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
IJNSA Journal
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
 
Hiding message from hacker using novel network techniques
Hiding message from hacker using novel network techniquesHiding message from hacker using novel network techniques
Hiding message from hacker using novel network techniques
PriyangaRajaram
 
Stream oriented communication
Stream oriented communicationStream oriented communication
Stream oriented communication
Shyama Bhuvanendran
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
aniruddh Tyagi
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection System
Seungjoo Kim
 
Attack countermeasure tree (act) meets with
Attack countermeasure tree (act) meets withAttack countermeasure tree (act) meets with
Attack countermeasure tree (act) meets with
IJCNCJournal
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storage
Papitha Velumani
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kami
kamran_share
 
Named data networking
Named data networkingNamed data networking
Named data networking
haroonrashidlone
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storage
Papitha Velumani
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
@zenafaris91
 

More Related Content

What's hot

Accelerated broadcast authentication with signature amortization for wsns
Accelerated broadcast authentication with signature amortization for wsnsAccelerated broadcast authentication with signature amortization for wsns
Accelerated broadcast authentication with signature amortization for wsns
eSAT Publishing House
 
Wireless networks security
Wireless networks securityWireless networks security
Wireless networks security
Mohammed Abdalhakam Taha
 
Secure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile EnvironmentSecure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile Environment
idescitation
 
Lecture12
Lecture12Lecture12
Lecture12
Hardik Padhy
 
Icimt 2010 procediing rp118 vol.2 d10122
Icimt 2010 procediing rp118 vol.2 d10122Icimt 2010 procediing rp118 vol.2 d10122
Icimt 2010 procediing rp118 vol.2 d10122
Gulshan Shrivastava
 
Securing cloud computing environment against d do s attacks
Securing cloud computing environment against d do s attacksSecuring cloud computing environment against d do s attacks
Securing cloud computing environment against d do s attacks
Sampatkumar Satyamurti
 
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
IOSR Journals
 
Prevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming AttackPrevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming Attack
IJCERT
 
Paper id 312201534
Paper id 312201534Paper id 312201534
Paper id 312201534
IJRAT
 
Iaetsd a framework for secure data
Iaetsd a framework for secure dataIaetsd a framework for secure data
Iaetsd a framework for secure data
Iaetsd Iaetsd
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
IJNSA Journal
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
 
Hiding message from hacker using novel network techniques
Hiding message from hacker using novel network techniquesHiding message from hacker using novel network techniques
Hiding message from hacker using novel network techniques
PriyangaRajaram
 
Stream oriented communication
Stream oriented communicationStream oriented communication
Stream oriented communication
Shyama Bhuvanendran
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
aniruddh Tyagi
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection System
Seungjoo Kim
 
Attack countermeasure tree (act) meets with
Attack countermeasure tree (act) meets withAttack countermeasure tree (act) meets with
Attack countermeasure tree (act) meets with
IJCNCJournal
 

What's hot (17)

Accelerated broadcast authentication with signature amortization for wsns
Accelerated broadcast authentication with signature amortization for wsnsAccelerated broadcast authentication with signature amortization for wsns
Accelerated broadcast authentication with signature amortization for wsns
 
Wireless networks security
Wireless networks securityWireless networks security
Wireless networks security
 
Secure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile EnvironmentSecure Checkpointing Approach for Mobile Environment
Secure Checkpointing Approach for Mobile Environment
 
Lecture12
Lecture12Lecture12
Lecture12
 
Icimt 2010 procediing rp118 vol.2 d10122
Icimt 2010 procediing rp118 vol.2 d10122Icimt 2010 procediing rp118 vol.2 d10122
Icimt 2010 procediing rp118 vol.2 d10122
 
Securing cloud computing environment against d do s attacks
Securing cloud computing environment against d do s attacksSecuring cloud computing environment against d do s attacks
Securing cloud computing environment against d do s attacks
 
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
 
Prevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming AttackPrevention of Packet Hiding Methods In Selective Jamming Attack
Prevention of Packet Hiding Methods In Selective Jamming Attack
 
Paper id 312201534
Paper id 312201534Paper id 312201534
Paper id 312201534
 
Iaetsd a framework for secure data
Iaetsd a framework for secure dataIaetsd a framework for secure data
Iaetsd a framework for secure data
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
Hiding message from hacker using novel network techniques
Hiding message from hacker using novel network techniquesHiding message from hacker using novel network techniques
Hiding message from hacker using novel network techniques
 
Stream oriented communication
Stream oriented communicationStream oriented communication
Stream oriented communication
 
encrption.PDF
encrption.PDFencrption.PDF
encrption.PDF
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection System
 
Attack countermeasure tree (act) meets with
Attack countermeasure tree (act) meets withAttack countermeasure tree (act) meets with
Attack countermeasure tree (act) meets with
 

Similar to Security issues in content centric networks-review2

Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storage
Papitha Velumani
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kami
kamran_share
 
Named data networking
Named data networkingNamed data networking
Named data networking
haroonrashidlone
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storage
Papitha Velumani
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
@zenafaris91
 
VPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresVPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasures
AliAlwesabi
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
Harshika Rana
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
Swarup Kumar Mall
 
1-160730050929.pptx dynamic hash table info
1-160730050929.pptx dynamic hash table info1-160730050929.pptx dynamic hash table info
1-160730050929.pptx dynamic hash table info
MdjunaidAli3
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computing
Gopinath Muthusamy
 
Lessson 3
Lessson 3Lessson 3
Lessson 3
MLG College of Learning, Inc
 
Presentation VPN
Presentation VPNPresentation VPN
Presentation VPN
Naim Latifi
 
VPN_basics_and_necssitated_Technologies.ppt
VPN_basics_and_necssitated_Technologies.pptVPN_basics_and_necssitated_Technologies.ppt
VPN_basics_and_necssitated_Technologies.ppt
shabdrang
 
virtual private network vpn pros and cons
virtual private network vpn pros and consvirtual private network vpn pros and cons
virtual private network vpn pros and cons
tgmrcr
 
Fundamentals of Virtual Private Networks (VPNs)
Fundamentals of Virtual Private Networks (VPNs)Fundamentals of Virtual Private Networks (VPNs)
Fundamentals of Virtual Private Networks (VPNs)
ssusera07323
 
Vvirtualnet-basic.ppt
Vvirtualnet-basic.pptVvirtualnet-basic.ppt
Vvirtualnet-basic.ppt
ssusera1b6c7
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentation
Rajesh Thakur
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
Shreyank Gupta
 
VPN
VPN VPN
VPN
Bhairave Maulekhi
 
Block-Level Message-Locked Encryption for Secure Large File De-duplication
Block-Level Message-Locked Encryption for Secure Large File De-duplicationBlock-Level Message-Locked Encryption for Secure Large File De-duplication
Block-Level Message-Locked Encryption for Secure Large File De-duplication
IRJET Journal
 

Similar to Security issues in content centric networks-review2 (20)

Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storage
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kami
 
Named data networking
Named data networkingNamed data networking
Named data networking
 
Identity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storageIdentity based distributed provable data possession in multi-cloud storage
Identity based distributed provable data possession in multi-cloud storage
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
VPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresVPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasures
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
 
1-160730050929.pptx dynamic hash table info
1-160730050929.pptx dynamic hash table info1-160730050929.pptx dynamic hash table info
1-160730050929.pptx dynamic hash table info
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computing
 
Lessson 3
Lessson 3Lessson 3
Lessson 3
 
Presentation VPN
Presentation VPNPresentation VPN
Presentation VPN
 
VPN_basics_and_necssitated_Technologies.ppt
VPN_basics_and_necssitated_Technologies.pptVPN_basics_and_necssitated_Technologies.ppt
VPN_basics_and_necssitated_Technologies.ppt
 
virtual private network vpn pros and cons
virtual private network vpn pros and consvirtual private network vpn pros and cons
virtual private network vpn pros and cons
 
Fundamentals of Virtual Private Networks (VPNs)
Fundamentals of Virtual Private Networks (VPNs)Fundamentals of Virtual Private Networks (VPNs)
Fundamentals of Virtual Private Networks (VPNs)
 
Vvirtualnet-basic.ppt
Vvirtualnet-basic.pptVvirtualnet-basic.ppt
Vvirtualnet-basic.ppt
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentation
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
 
VPN
VPN VPN
VPN
 
Block-Level Message-Locked Encryption for Secure Large File De-duplication
Block-Level Message-Locked Encryption for Secure Large File De-duplicationBlock-Level Message-Locked Encryption for Secure Large File De-duplication
Block-Level Message-Locked Encryption for Secure Large File De-duplication
 

Recently uploaded

SCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m .pptxSCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m .pptx
harshapolam10
 
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Transcat
 
Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...
Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...
Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...
PriyankaKilaniya
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
Paris Salesforce Developer Group
 
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
ijseajournal
 
Unit -II Spectroscopy - EC I B.Tech.pdf
Unit -II Spectroscopy - EC I B.Tech.pdfUnit -II Spectroscopy - EC I B.Tech.pdf
Unit -II Spectroscopy - EC I B.Tech.pdf
TeluguBadi
 
ITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptxITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
VANDANAMOHANGOUDA
 
Bituminous road construction project based learning report
Bituminous road construction project based learning reportBituminous road construction project based learning report
Bituminous road construction project based learning report
CE19KaushlendraKumar
 
An Introduction to the Compiler Designss
An Introduction to the Compiler DesignssAn Introduction to the Compiler Designss
An Introduction to the Compiler Designss
ElakkiaU
 
This study Examines the Effectiveness of Talent Procurement through the Imple...
This study Examines the Effectiveness of Talent Procurement through the Imple...This study Examines the Effectiveness of Talent Procurement through the Imple...
This study Examines the Effectiveness of Talent Procurement through the Imple...
DharmaBanothu
 
openshift technical overview - Flow of openshift containerisatoin
openshift technical overview - Flow of openshift containerisatoinopenshift technical overview - Flow of openshift containerisatoin
openshift technical overview - Flow of openshift containerisatoin
snaprevwdev
 
Zener Diode and its V-I Characteristics and Applications
Zener Diode and its V-I Characteristics and ApplicationsZener Diode and its V-I Characteristics and Applications
Zener Diode and its V-I Characteristics and Applications
Shiny Christobel
 
OOPS_Lab_Manual - programs using C++ programming language
OOPS_Lab_Manual - programs using C++ programming languageOOPS_Lab_Manual - programs using C++ programming language
OOPS_Lab_Manual - programs using C++ programming language
PreethaV16
 
Supermarket Management System Project Report.pdf
Supermarket Management System Project Report.pdfSupermarket Management System Project Report.pdf
Supermarket Management System Project Report.pdf
Kamal Acharya
 
Digital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptxDigital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptx
aryanpankaj78
 
P5 Working Drawings.pdf floor plan, civil
P5 Working Drawings.pdf floor plan, civilP5 Working Drawings.pdf floor plan, civil
P5 Working Drawings.pdf floor plan, civil
AnasAhmadNoor
 
FULL STACK PROGRAMMING - Both Front End and Back End
FULL STACK PROGRAMMING - Both Front End and Back EndFULL STACK PROGRAMMING - Both Front End and Back End
FULL STACK PROGRAMMING - Both Front End and Back End
PreethaV16
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
Gino153088
 
5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf
AlvianRamadhani5
 
Introduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.pptIntroduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.ppt
Dwarkadas J Sanghvi College of Engineering
 

Recently uploaded (20)

SCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m .pptxSCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m .pptx
 
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
 
Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...
Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...
Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
 
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
 
Unit -II Spectroscopy - EC I B.Tech.pdf
Unit -II Spectroscopy - EC I B.Tech.pdfUnit -II Spectroscopy - EC I B.Tech.pdf
Unit -II Spectroscopy - EC I B.Tech.pdf
 
ITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptxITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
 
Bituminous road construction project based learning report
Bituminous road construction project based learning reportBituminous road construction project based learning report
Bituminous road construction project based learning report
 
An Introduction to the Compiler Designss
An Introduction to the Compiler DesignssAn Introduction to the Compiler Designss
An Introduction to the Compiler Designss
 
This study Examines the Effectiveness of Talent Procurement through the Imple...
This study Examines the Effectiveness of Talent Procurement through the Imple...This study Examines the Effectiveness of Talent Procurement through the Imple...
This study Examines the Effectiveness of Talent Procurement through the Imple...
 
openshift technical overview - Flow of openshift containerisatoin
openshift technical overview - Flow of openshift containerisatoinopenshift technical overview - Flow of openshift containerisatoin
openshift technical overview - Flow of openshift containerisatoin
 
Zener Diode and its V-I Characteristics and Applications
Zener Diode and its V-I Characteristics and ApplicationsZener Diode and its V-I Characteristics and Applications
Zener Diode and its V-I Characteristics and Applications
 
OOPS_Lab_Manual - programs using C++ programming language
OOPS_Lab_Manual - programs using C++ programming languageOOPS_Lab_Manual - programs using C++ programming language
OOPS_Lab_Manual - programs using C++ programming language
 
Supermarket Management System Project Report.pdf
Supermarket Management System Project Report.pdfSupermarket Management System Project Report.pdf
Supermarket Management System Project Report.pdf
 
Digital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptxDigital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptx
 
P5 Working Drawings.pdf floor plan, civil
P5 Working Drawings.pdf floor plan, civilP5 Working Drawings.pdf floor plan, civil
P5 Working Drawings.pdf floor plan, civil
 
FULL STACK PROGRAMMING - Both Front End and Back End
FULL STACK PROGRAMMING - Both Front End and Back EndFULL STACK PROGRAMMING - Both Front End and Back End
FULL STACK PROGRAMMING - Both Front End and Back End
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
 
5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf
 
Introduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.pptIntroduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.ppt
 

Security issues in content centric networks-review2

  • 1. SECURITY ISSUES IN CONTENT-CENTRIC NETWORKS Guided by: Prof. Gaurang Raval Made by: Anushree Juthani, Information and Network Security(CSE) Nirma University
  • 2. Outline • Basics of Named-Data Networking • Security Aspects • Sample simulation • References
  • 3. Basics of Named-Data Networking • An evolution of the conventional TCP/IP architecture • Features:  Fetching data by name, not IP addresses  Optimal content distribution  painless mobility, wireless, virtualization, ...  same scalability & efficiency as TCP/IP  simple, secure, robust configuration  much better security
  • 4. • IP Protocol Basics of Named-Data Networking Underlying Communication is destination-driven Challenges:  Distribute data to a large group of Users  Increases load on the producer  Difficult to handle mobile users whose addresses change.  Difficult to secure data as it moves from device to device.
  • 5. • CCN(NDN or ICN)- ask for what you want • Retrieving Named Data through Interest packets and Data packets. • Address space ruled out, namespace ruled in Basics of Named-Data Networking
  • 6. • 3 data structures in an NDN router: • Pending Interest Table(PIT) • Forwarding Information Base(FIB) • Content Store(CS) Basics of Named-Data Networking
  • 7. Security Aspects • NDN security is based on the public key cryptography, to provide solutions for the 3 aspects of security: • Confidentiality • Integrity • Authentication • Building Blocks of security in NDN: • Trust Policy:- Trust policies are defined by applications to determine whether a packet or an identity is trustworthy or not. • NDN Certificate:- In NDN, every entity that produces data needs to obtain an NDN certificate to prove the ownership of its namespace and cryptographic materials. • NDN certificate is a Data packet that carries public key information and can be fetched by normal Interest packets. .
  • 8. Security Aspects Design Considerations of NDN Security: • NDN security should be able to support different trust models for different systems. • Name and naming convention explicitly conveys desired information and can facilitate trust and key management in NDN. • Security properties (data authentication, integrity, and confidentiality) should stay with the data regardless of its location.
  • 9. Security Aspects Authentication and Integrity: • NDN requires producers to sign every individual Data packet, enabling consumers to verify each incoming Data’s signature, hence ensuring data authentication and integrity. • NDN’s name semantics enables consumers to use name-based trust policies to reason about trust by checking which piece of data is signed by which key. • In this way, trust policies limits the power of each signing key and ensures each trustworthy packet is signed by a legitimate key, providing data authentication.
  • 10. Security Aspects Authentication:  To authenticate data, a trust model is needed in which:  Trust rules are defined.  One or more trusted keys  Requires cryptographic properties for protection  Trust model should be easily expressible:  help consumer to authenticate data  help producers to sign data
  • 11. Security Aspects Authentication:  Desired Properties for Trust Policy Definition  Clear definition of relationship rules  Least privilege assignment  Re-use of trust models between applications  Define, debug, and refine common trust models  Make security easy to use
  • 12. Security Aspects Authentication and Integrity: • The authentication and integrity of incoming Data Packets including certificates are determined by: • validation by name-based trust policies • signature verification  Validation by name-based trust policies:- Structured naming convention of Data packets and keys enabling NDN applications to define rules that only accept packets with desired format of names and name relationships between packet and its signing key.  Signature Verification :- Consumers verify the signatures by the retrieval of certificates of the producers which are identified by key names. The certificate points to its CA and then an anchor. The data packet is considered to be valid if all the fetched certificates have valid signatures and can satisfy the trust policies.
  • 13. Security Aspects Data Confidentiality:  For active point-to-point sessions, key exchange protocol such as Diffie-Hellman can derive encryption keys for the session and both sides are well aware of the key information.  When sharing data with multiple parties, Diffie-Hellman may not be feasible or efficient. The owner of the data needs to deliver decryption keys to authorized entities.  An optional feature  Not inherent in NDN architecture.
  • 14. Comparision of security in NDN vs TCP/IP • Security Stays with Network Data: ​In NDN, security properties are inherent with Data Packets which is not the case in conventional TCP/IP architecture. NDN provides a standard packet format for security purpose which is absent in the TCP/IP. • Reduced Cost and Dependencies of Security: Security in conventional TCP/IP turns to be expensive as it has to be applied explicitly. E.g.additional round trips-> compared to pure TCP connection setup, adding TLS 1.2 session setup involves three more round trips,thus increasing time complexity as well as cost. Within NDN, it requires no extra steps for applications to cryptographically secure channel.
  • 15. Comparision of security in NDN vs TCP/IP • Improved Privacy of Consumer:- In NDN, since normal Interest packets fetch Data packets by name, they do not disclose any information about consumers, while fetched Data packets also contain nothing related to the consumers. While in TCP/IP, IP header carries the source address, which can reveal sensitive info about the consumers along with sensitive meta-data • Mitigated Denial-of-Service:-NDN’s communication pattern naturally mitigates Denial-of-Service(DoS) attacks. While in conventional TCP/IP architecture, it is easy to carry out Distributed DOS attacks.
  • 17. Simulation of scenario –<ndn-simple> • Commands used:  ./waf --run=<scenario-name>  NS_LOG=ndn.Producer:ndn.Consumer ./waf -- run=<scenario name>  ./waf --run=<scenario-name> --vis
  • 18. Simulation of scenario –<ndn-grid> • PointToPointLayout NS-3 module. • Consumer is simulated using ConsumerCbr reference application and generates Interests towards the producer with frequency of 100 interests per second • Producer is simulated using Producer class, which is used to satisfy all incoming Interests with virtual payload data (1024 bytes).
  • 19. Simulation of scenario –<ndn-grid> Simple file compilation
  • 20. Simulation of scenario –<ndn-grid>  Logging of packets sent from NDN producer to NDN consumer
  • 21. Simulation of scenario –<ndn-grid>  Graphical visualisation of simulation
  • 22. Simulation of scenario –<ndn- congestion>  Congestion scenario(1 bottleneck)
  • 23. Simulation of scenario –<ndn- congestion> Simple file compilation
  • 24. Simulation of scenario –<ndn- congestion>  Logging of packets sent from NDN producer to NDN consumer
  • 25. Simulation of scenario –<ndn- congestion>  Graphical visualisation of simulation
  • 26. Simulation of scenario –<ndn-congestion- alt-topo>  Congestion scenario(2 bottleneck,11 nodes)
  • 27. Simulation of scenario –<ndn-congestion- alt-topo> Simple file compilation
  • 28. Simulation of scenario –<ndn-congestion- alt-topo>  Logging of packets sent from NDN producer to NDN consumer
  • 29. Simulation of scenario –<ndn-congestion- alt-topo>  Graphical visualisation of simulation
  • 30. Simulation of scenario –<ndn-load- balancer>  Load balancing
  • 31. Simulation of scenario –<ndn-load- balancer> Simple file compilation
  • 32. Simulation of scenario –<ndn-load- balancer>  Logging of packets sent from NDN producer to NDN consumer
  • 33. Simulation of scenario –<ndn-load- balancer>  Graphical visualisation of simulation
  • 34. FUTURE SCOPE • Green NDN:- An environment-friendly simulation and evolution of NDN ● Objective​:- To operate networking in a highly scalable and energy-efficient way ● Scope and goals:- ○ Reduction of power consumption: ◆ 20% for normal days ◆ 40% for Disasters ○ Seamless services before and after a disaster ○ A framework for collaboration and sharing in order to achieve energy-efficient video delivery.
  • 35. References • Zhiyi Zhang, Haitao Zhang, Eric Newberry, Spyridon Mastorakis, Yanbiao Li, Alexander Afanasyev, Lixia Zhang. - Security Support in Named Data Networking • Lixia Zhang- Named Data Networking • Schematized Trust -Design and Application by Alex Afanasyev, NDNcomm 2015 • NDN Routing Security- Lan Wang, Beichuan Zhang • Content-Centric Networking- Van Jacobson,Palo Alto Research Center (PARC) • Routing in NDN, Lan Wang (University of Memphis) & the NDN Team FIA PI Meeting