Advertisement

InterestFence: Countering Interest Flooding Attacks by Using Hash-Based Security Labels

  • Jiaqing Dong
  • Kai Wang
  • Yongqiang Lyu
  • Libo Jiao
  • Hao Yin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11337)

Abstract

Interest Flooding Attack (IFA) has been one of the biggest threats for the Named Data Networking (NDN) paradigm, while it is very easy to launch but very difficult to mitigate. In this paper, we propose the InterestFence, which is a simple, direct, lightweight yet efficient IFA countermeasure, and the first one to achieve fast detection meanwhile accurate and efficient attacking traffic filtering without harming any legitimate Interests. InterestFence detects IFA based on content servers rather than routers to guarantee accurate detection. All content items with the same prefix within a content server have a hash-based security label (HSL) to claim their existence, and a HSL verification method is securely transmitted to related routers to help filtering and cleaning IFA traffic in transit networks accurately and efficiently. Performance analysis demonstrates the effectiveness of InterestFence on mitigating IFA and its lightweight feature due to the limited overhead involved.

Keywords

Interest Flooding Attack Named Data Networking Security 

Notes

Acknowledgment

This work is supported by China Postdoctoral Science Foundation (No. 2017M620786), Shandong Provincial Natural Science Foundation, China (No. ZR2017BF018), National Natural Science Foundation of China (NSFC) (No. 61702439, 61502410, 61602399, 61672318, 61631013), Shandong Province Higher Educational Science and Technology Program (No. J16LN17) and National Key Research and Development Program (No. 2016YFB1000102).

References

  1. 1.
    Afanasyev, A., et al.: NDNS: a DNS-like name service for NDN. In: Proceedings of the 26th International Conference on Computer Communications and Networks (ICCCN), Vancouver, BC, Canada, pp. 1–9, July 2017Google Scholar
  2. 2.
    Al-Sheikh, S., Wählisch, M., Schmidt, T.C.: Revisiting countermeasures against NDN interest flooding, San Francisco, CA, USA, pp. 195–196, September 2015Google Scholar
  3. 3.
    Compagno, A., Conti, M., Gasti, P., Tsudik, G.: Poseidon: mitigating interest flooding DDoS attacks in named data networking, Sydney, NSW, Australia, pp. 630–638, October 2013Google Scholar
  4. 4.
    Compagno, A., Conti, M., Ghali, C., Tsudik, G.: To NACK or not to NACK? Negative acknowledgments in information-centric networking, Las Vegas, NV, USA, pp. 1–10, August 2015Google Scholar
  5. 5.
    Gasti, P., Tsudik, G., Uzun, E., Zhang, L.: DoS and DDoS in named data networking. In: Proceedings of 22nd International Conference on Computer Communication and Networks (ICCCN), Nassau, Bahamas, pp. 1–7, October 2013Google Scholar
  6. 6.
    Jacobson, V., Smetters, D.K., Thornton, J.D., Plass, M., Briggs, N., Braynard, R.: Networking named content. Commun. ACM 55(1), 117–124 (2012)CrossRefGoogle Scholar
  7. 7.
    Liu, X., Yang, X., Xia, Y.: NetFence: preventing internet denial of service from inside out. In: Proceedings of ACM SIGCOMM, New Delhi, India, pp. 255–266, August 2010CrossRefGoogle Scholar
  8. 8.
    Mangili, M., Martignon, F., Capone, A.: Performance analysis of content-centric and content-delivery networks with evolving object popularity. Comput. Netw. 94, 80–88 (2016)CrossRefGoogle Scholar
  9. 9.
    Ngai, E., Ohlman, B., Tsudik, G., Uzun, E., Wählisch, M., Wood, C.A.: Can we make a cake and eat it too? A discussion of ICN security and privacy. ACM SIGCOMM Comput. Commun. Rev. 47, 49–54 (2017)CrossRefGoogle Scholar
  10. 10.
    Nguyen, T., Cogranne, R., Doyen, G.: An optimal statistical test for robust detection against interest flooding attacks in CCN, Ottawa, ON, Canada, pp. 252–260, May 2015Google Scholar
  11. 11.
    Salah, H., Wulfheide, J., Strufe, T.: Lightweight coordinated defence against interest flooding attacks in NDN, Hong Kong, China, pp. 103–104, April 2015Google Scholar
  12. 12.
    Tourani, R., Misra, S., Mick, T., Panwar, G.: Security, privacy, and access control in information-centric networking: a survey. IEEE Commun. Surv. Tutor. 20(1), 566–600 (2018).  https://doi.org/10.1109/COMST.2017.2749508. ISSN 1553-877XCrossRefGoogle Scholar
  13. 13.
    Wang, K., Zhou, H., Qin, Y., Chen, J., Zhang, H.: Decoupling malicious interests from pending interest table to mitigate interest flooding attacks. In: Proceedings of IEEE Globecom Workshops (GC Wkshps). Atlanta, GA, USA, pp. 963–968, December 2013Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Jiaqing Dong
    • 1
  • Kai Wang
    • 1
    • 2
  • Yongqiang Lyu
    • 1
  • Libo Jiao
    • 1
  • Hao Yin
    • 1
  1. 1.Tsinghua UniversityBeijingChina
  2. 2.Yantai UniversityYantaiChina

Personalised recommendations