Skip to main content
SpringerLink
Log in

Improved Merkle Hash Tree-Based One-Time Signature Scheme for Capability-Enhanced Security Enforcing Architecture for Named Data Networking

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The concept of network caching is determined to be the potential requirement of named data networks (NDN) for enhancing the capabilities of the traditional IP networking. It is responsible for location independent data accesses and optimal bandwidth utilization in multi-path data dissemination. However, the network caching process in NDN introduces security challenges such as content cache poisoning, malicious injection or flooding of the packets and violation in accessing content packets. In this paper, an Improved Merkle Hash Tree-based one-time signature scheme for capability-enhanced security enforcing architecture (IMHT-OTSS-CSEA) is proposed for provisioning data authenticity in a distributed manner for leveraging the capabilities to inform the access privileges of the packets during the process of data dissemination. It is proposed for permitting the routers to verify the forwarded packets’ authenticity in NDN. It is capable in handling the issues that emerge from unsolicited packets during a flooding-based denial of service attacks by supporting the indispensable verification process in routers that confirms the timeliness of packets. The simulation experiments conducted using the open source CCNs platform and Planetlab confirmed a significant mean reduction in delay of 14.61%, superior to the benchmarked schemes. It is identified to minimize the delay incurred in generating bit vectors by a average margin of 13.06%, excellent to the baseline approaches. It also confirmed a mean increase in the true positive rate of 5.42%, a mean increase in the precision rate of 6.04%, decrease in false positive rate of 6.82% and increase in F-measure of 5.62% compared to the baseline approaches in the context of detecting content cache pollution attack respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Zhang, Z., Yu, Y., Zhang, H., Newberry, E., Mastorakis, S., Li, Y., et al. (2018). An overview of security support in named data networking. IEEE Communications Magazine, 56(11), 62–68.

    Article  Google Scholar 

  2. Tourani, R., Misra, S., Mick, T., & Panwar, G. (2018). Security, privacy, and access control in information-centric networking: A survey. IEEE Communications Surveys & Tutorials, 20(1), 566–600.

    Article  Google Scholar 

  3. Lhogeshvaree, M. (2016). LIVE: Lightweight integrity verification for named data networking. International Journal of Engineering and Computer Science, 1(1), 23–34.

    Google Scholar 

  4. Mori, K., Kamimoto, T., & Shigeno, H. (2015). Push-based traffic-aware cache management in named data networking. In 2015 18th International conference on network-based information systems (Vol. 1(1), pp. 32–45).

  5. Kumar, N., Singh, A. K., & Srivastava, S. (2019). Feature selection for interest flooding attack in named data networking. International Journal of Computers and Applications, 1(1), 1–10.

    Google Scholar 

  6. Ehsanpour, M., Bayat, S., & Hemmatyar, A. M. (2019). An efficient and social-aware distributed in-network caching scheme in named data networks using matching theory. Computer Networks, 158(1), 175–183.

    Article  Google Scholar 

  7. So, W., Narayanan, A., & Oran, D. (2013). Named data networking on a router: Fast and DoS-resistant forwarding with hash tables. Architectures for Networking and Communications Systems, 1(1), 21–32.

    Google Scholar 

  8. Zhang, Z., Yu, Y., Ramani, S. K., Afanasyev, A., & Zhang, L. (2018). NAC: Automating access control via named data. In MILCOM 20182018 IEEE Military Communications Conference (MILCOM) (Vol. 1(1), pp. 78–87).

  9. Kim, Y., & Yeom, I. (2013). Performance analysis of in-network caching for content-centric networking. Computer Networks, 57(13), 2465–2482.

    Article  Google Scholar 

  10. Saha, S., Lukyanenko, A., & Ylä-Jääski, A. (2015). Efficient cache availability management in information-centric networks. Computer Networks, 84(1), 32–45.

    Article  Google Scholar 

  11. Yu, Y., Afanasyev, A., Clark, D., Claffy, K., Jacobson, V., & Zhang, L. (2015). Schematizing trust in named data networking. In: Proceedings of the 2nd international conference on information-centric networkingICN ‘15 (Vol. 1(1), pp. 45–56).

  12. Aamir, M., & Zaidi, S. M. (2014). Denial-of-service in content centric (named data) networking: A tutorial and state-of-the-art survey. Security and Communication Networks, 8(11), 2037–2059.

    Article  Google Scholar 

  13. Ma, R., Cao, Z., & Wang, X. (2017). Efficient asymmetric index encapsulation scheme for anonymous content centric networking. Security and Communication Networks, 2017(1), 1–9.

    Article  Google Scholar 

  14. Ghali, C., Tsudik, G., & Uzun, E. (2014). Needle in a Haystack: Mitigating content poisoning in named-data networking. In Proceedings 2014 workshop on security of emerging networking technologies (Vol. 1(1), pp. 22–32).

  15. Compagno, A., Conti, M., Gasti, P., & Tsudik, G. (2013). Poseidon: Mitigating interest flooding DDoS attacks in named data networking. In 38th annual IEEE conference on local computer networks (Vol. 2(1), pp. 24–35).

  16. Adithya, S., Gowtham Karthik, G., Hariharan, H., & Vetriselvi, V. (2016). Assuaging cache based attacks in named data network. In 2016 International conference on wireless communications, signal processing and networking (WiSPNET) (Vol. 1(1), pp. 21–29).

  17. Compagno, A., Conti, M., Gasti, P., & Tsudik, G. (2013). Poseidon: Mitigating interest flooding DDoS attacks in named data networking. In 38th Annual IEEE conference on local computer networks (Vol. 1(1), pp. 78–85).

  18. Conti, M., Gasti, P., & Teoli, M. (2013). A lightweight mechanism for detection of cache pollution attacks in named data networking. Computer Networks, 57(16), 3178–3191.

    Article  Google Scholar 

  19. Nguyen, T. N., Cogranne, R., Doyen, G., & Retraint, F. (2015). Detection of interest flooding attacks in named data networking using hypothesis testing. In 2015 IEEE international workshop on information forensics and security (WIFS) (Vol. 1(1), pp. 45–54).

  20. Kondo, D., Silverston, T., Vassiliades, V., Tode, H., & Asami, T. (2018). Name filter: A countermeasure against information leakage attacks in named data networking. IEEE Access, 6(1), 65151–65170.

    Article  Google Scholar 

  21. Karami, A., & Guerrero-Zapata, M. (2015). An ANFIS-based cache replacement method for mitigating cache pollution attacks in named data networking. Computer Networks, 80(1), 51–65.

    Article  Google Scholar 

  22. Vassilakis, V. G., Wang, L., Moscholios, I. D., & Logothetis, M. D. (2016). Calculating distributed denial of service attack probability in bloom-filter based information-centric networks. Image Processing & Communications, 21(1), 7–23.

    Article  Google Scholar 

  23. Feng, T., & Kou, W. (2017). RSNC-based mechanism against content pollution attack method in NDN. In DEStech transactions on computer science and engineering (Vol. 1(smce), pp. 56–65).

  24. Hou, R., Han, M., Chen, J., Hu, W., Tan, X., Luo, J., et al. (2019). Theil-based countermeasure against interest flooding attacks for named data networks. IEEE Network, 33(3), 116–121.

    Article  Google Scholar 

  25. Li, Q., Lee, P. P., Zhang, P., Su, P., He, L., & Ren, K. (2017). Capability-based security enforcement in named data networking. IEEE/ACM Transactions on Networking, 25(5), 2719–2730.

    Article  Google Scholar 

  26. Buchmann, J., García, L. C., Dahmen, E., Döring, M., & Klintsevich, E. (2006). CMSS—An improved Merkle signature scheme. In Progress in cryptologyINDOCRYPT 2006 (Vol. 1(1), pp. 349–363).

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Royal College of Engineering, Akkikkavu, Thrissur, Kerala, 680519, India

    Varghese Jensy Babu

  2. Computer Science and Engineering, Department of Computer Applications, Noorul Islam Centre For Higher Education, Kumaracoil, Thuckalay, Kanyakumari District, Tamil Nadu, 629 180, India

    M. Victor Jose

Authors
  1. Varghese Jensy Babu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Victor Jose
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Varghese Jensy Babu.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Babu, V.J., Jose, M.V. Improved Merkle Hash Tree-Based One-Time Signature Scheme for Capability-Enhanced Security Enforcing Architecture for Named Data Networking. Wireless Pers Commun 115, 557–574 (2020). https://doi.org/10.1007/s11277-020-07585-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-020-07585-8

Keywords

Search

Navigation