Abstract
The concept of network caching is determined to be the potential requirement of named data networks (NDN) for enhancing the capabilities of the traditional IP networking. It is responsible for location independent data accesses and optimal bandwidth utilization in multi-path data dissemination. However, the network caching process in NDN introduces security challenges such as content cache poisoning, malicious injection or flooding of the packets and violation in accessing content packets. In this paper, an Improved Merkle Hash Tree-based one-time signature scheme for capability-enhanced security enforcing architecture (IMHT-OTSS-CSEA) is proposed for provisioning data authenticity in a distributed manner for leveraging the capabilities to inform the access privileges of the packets during the process of data dissemination. It is proposed for permitting the routers to verify the forwarded packets’ authenticity in NDN. It is capable in handling the issues that emerge from unsolicited packets during a flooding-based denial of service attacks by supporting the indispensable verification process in routers that confirms the timeliness of packets. The simulation experiments conducted using the open source CCNs platform and Planetlab confirmed a significant mean reduction in delay of 14.61%, superior to the benchmarked schemes. It is identified to minimize the delay incurred in generating bit vectors by a average margin of 13.06%, excellent to the baseline approaches. It also confirmed a mean increase in the true positive rate of 5.42%, a mean increase in the precision rate of 6.04%, decrease in false positive rate of 6.82% and increase in F-measure of 5.62% compared to the baseline approaches in the context of detecting content cache pollution attack respectively.
Similar content being viewed by others
References
Zhang, Z., Yu, Y., Zhang, H., Newberry, E., Mastorakis, S., Li, Y., et al. (2018). An overview of security support in named data networking. IEEE Communications Magazine, 56(11), 62–68.
Tourani, R., Misra, S., Mick, T., & Panwar, G. (2018). Security, privacy, and access control in information-centric networking: A survey. IEEE Communications Surveys & Tutorials, 20(1), 566–600.
Lhogeshvaree, M. (2016). LIVE: Lightweight integrity verification for named data networking. International Journal of Engineering and Computer Science, 1(1), 23–34.
Mori, K., Kamimoto, T., & Shigeno, H. (2015). Push-based traffic-aware cache management in named data networking. In 2015 18th International conference on network-based information systems (Vol. 1(1), pp. 32–45).
Kumar, N., Singh, A. K., & Srivastava, S. (2019). Feature selection for interest flooding attack in named data networking. International Journal of Computers and Applications, 1(1), 1–10.
Ehsanpour, M., Bayat, S., & Hemmatyar, A. M. (2019). An efficient and social-aware distributed in-network caching scheme in named data networks using matching theory. Computer Networks, 158(1), 175–183.
So, W., Narayanan, A., & Oran, D. (2013). Named data networking on a router: Fast and DoS-resistant forwarding with hash tables. Architectures for Networking and Communications Systems, 1(1), 21–32.
Zhang, Z., Yu, Y., Ramani, S. K., Afanasyev, A., & Zhang, L. (2018). NAC: Automating access control via named data. In MILCOM 2018–2018 IEEE Military Communications Conference (MILCOM) (Vol. 1(1), pp. 78–87).
Kim, Y., & Yeom, I. (2013). Performance analysis of in-network caching for content-centric networking. Computer Networks, 57(13), 2465–2482.
Saha, S., Lukyanenko, A., & Ylä-Jääski, A. (2015). Efficient cache availability management in information-centric networks. Computer Networks, 84(1), 32–45.
Yu, Y., Afanasyev, A., Clark, D., Claffy, K., Jacobson, V., & Zhang, L. (2015). Schematizing trust in named data networking. In: Proceedings of the 2nd international conference on information-centric networking—ICN ‘15 (Vol. 1(1), pp. 45–56).
Aamir, M., & Zaidi, S. M. (2014). Denial-of-service in content centric (named data) networking: A tutorial and state-of-the-art survey. Security and Communication Networks, 8(11), 2037–2059.
Ma, R., Cao, Z., & Wang, X. (2017). Efficient asymmetric index encapsulation scheme for anonymous content centric networking. Security and Communication Networks, 2017(1), 1–9.
Ghali, C., Tsudik, G., & Uzun, E. (2014). Needle in a Haystack: Mitigating content poisoning in named-data networking. In Proceedings 2014 workshop on security of emerging networking technologies (Vol. 1(1), pp. 22–32).
Compagno, A., Conti, M., Gasti, P., & Tsudik, G. (2013). Poseidon: Mitigating interest flooding DDoS attacks in named data networking. In 38th annual IEEE conference on local computer networks (Vol. 2(1), pp. 24–35).
Adithya, S., Gowtham Karthik, G., Hariharan, H., & Vetriselvi, V. (2016). Assuaging cache based attacks in named data network. In 2016 International conference on wireless communications, signal processing and networking (WiSPNET) (Vol. 1(1), pp. 21–29).
Compagno, A., Conti, M., Gasti, P., & Tsudik, G. (2013). Poseidon: Mitigating interest flooding DDoS attacks in named data networking. In 38th Annual IEEE conference on local computer networks (Vol. 1(1), pp. 78–85).
Conti, M., Gasti, P., & Teoli, M. (2013). A lightweight mechanism for detection of cache pollution attacks in named data networking. Computer Networks, 57(16), 3178–3191.
Nguyen, T. N., Cogranne, R., Doyen, G., & Retraint, F. (2015). Detection of interest flooding attacks in named data networking using hypothesis testing. In 2015 IEEE international workshop on information forensics and security (WIFS) (Vol. 1(1), pp. 45–54).
Kondo, D., Silverston, T., Vassiliades, V., Tode, H., & Asami, T. (2018). Name filter: A countermeasure against information leakage attacks in named data networking. IEEE Access, 6(1), 65151–65170.
Karami, A., & Guerrero-Zapata, M. (2015). An ANFIS-based cache replacement method for mitigating cache pollution attacks in named data networking. Computer Networks, 80(1), 51–65.
Vassilakis, V. G., Wang, L., Moscholios, I. D., & Logothetis, M. D. (2016). Calculating distributed denial of service attack probability in bloom-filter based information-centric networks. Image Processing & Communications, 21(1), 7–23.
Feng, T., & Kou, W. (2017). RSNC-based mechanism against content pollution attack method in NDN. In DEStech transactions on computer science and engineering (Vol. 1(smce), pp. 56–65).
Hou, R., Han, M., Chen, J., Hu, W., Tan, X., Luo, J., et al. (2019). Theil-based countermeasure against interest flooding attacks for named data networks. IEEE Network, 33(3), 116–121.
Li, Q., Lee, P. P., Zhang, P., Su, P., He, L., & Ren, K. (2017). Capability-based security enforcement in named data networking. IEEE/ACM Transactions on Networking, 25(5), 2719–2730.
Buchmann, J., García, L. C., Dahmen, E., Döring, M., & Klintsevich, E. (2006). CMSS—An improved Merkle signature scheme. In Progress in cryptology—INDOCRYPT 2006 (Vol. 1(1), pp. 349–363).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Babu, V.J., Jose, M.V. Improved Merkle Hash Tree-Based One-Time Signature Scheme for Capability-Enhanced Security Enforcing Architecture for Named Data Networking. Wireless Pers Commun 115, 557–574 (2020). https://doi.org/10.1007/s11277-020-07585-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-020-07585-8