Identifying Previously Requested Content by Side-Channel Timing Attack in NDN
NDN is a new name-based network paradigm. It is designed to keep the contents in the cache to increase the network efficiency. However, previously requested content may put the user privacy at risk. The time difference between cached and non-cached contents of interest responses can be used by an adversary to determine previously requested contents in cache. This attack is classified as side-channel timing attack. In NDN, it is used a signature to authenticate interests and data packets. However, signed packets does not affect the performance of side-channel timing attack. Independently of being signed or not, the adversary may identify both the sensitive and non-sensitive contents, recently cached by router. In order to mitigate side-channel attacks in NDN, there are several countermeasure methods proposed by other researchers. In this work, firstly we developed an attack scenario using ndnSIM simulator. Then we evaluated the scenario under attack and without attacks. We also proposed an adversary detection algorithm that combines three different defense countermeasures in order to maximize the cache availability.
KeywordsNDN Content privacy Side-channel timing attack
This work has been supported by COMPETE: POCI-01- 0145-FEDER-007043 and FCT-Fundacao ao para a Ciencia e Tecnologia within the Project Scope: UID/CEC/00319/2013.
- 1.Acs, G., Conti, M., Gasti, P., Ghali, C., Tsudik, G.: Cache privacy in named-data networking. In: IEEE 33rd International Conference on Distributed Computing Systems, pp. 41–51. IEEE (2013)Google Scholar
- 2.Afanasyev, A., Shi, J., Zhang, B., Zhang, L., Moiseenko, I., Yu, Y., Shang, W., Huang, Y., Abraham, J.P., Dibenedetto, S., Fan, C., Pesavento, D., Grassi, G., Pau, G., Zhang, H., Song, T., Abraham, H.B., Crowley, P., Amin, S.O., Lehman, V., Wang, L.: NFD developer’s guide. NDN. Technical report. NDN-0021 4, pp. 1–56 (2015)Google Scholar
- 3.April, M., Report, A., Jacobson, V., Burke, J., Zhang, L., Claffy, K., Papadopoulos, C., Wang, L., Halderman, J.A., Crowley, P.: Named Data Networking Next Phase (NDN-NP) Project May 2014–April 2015 Annual Report (2015)Google Scholar
- 5.DiBenedetto, S., Gasti, P.: ANDaNA: anonymous named data networking application. In: Proceedings of the Network and Distributed System Security Symposium, pp. 1–20 (2012)Google Scholar
- 6.Dogruluk, E., Costa, A., Macedo, J.: Evaluating privacy attacks in named data network. In: Proceedings of the IEEE Symposium on Computers and Communication, vol. 2016, August 2016Google Scholar
- 7.Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, CCS 2000, pp. 25–32 (2000)Google Scholar
- 9.Mastorakis, S., Afanasyev, A., Moiseenko, I., Zhang, L.: ndnSIM 2.0: a new version of the NDN simulator for NS-3, pp. 1–8 (2015)Google Scholar
- 11.Schinzel, S.: An efficient mitigation method for timing side channels on the web. In: 2nd International Workshop on Constructive Side-Channel Analysis and Secure Design, pp. 1–6 (2011)Google Scholar
- 12.Spring, N., Wetherall, D.: Measuring ISP Topologies with Rocketfuel. In: Proceedings of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2002, pp. 133–145 (2002)Google Scholar
- 13.Wiangsripanawan, R., Susilo, W., Safavi-Naini, R.: Design principles for low latency anonymous network systems secure against timing attacks. In: Conferences in Research and Practice in Information Technology Series, vol. 68, pp. 183–191 (2007)Google Scholar
- 15.Zhang, G., Fischer-Huebner, S., Martucci, L.a., Ehlert, S.: Revealing the calling history of SIP VoIP systems by timing attacks. In: 2009 International Conference on Availability, Reliability and Security, pp. 135–142 (2009)Google Scholar
- 16.Zhang, L., Estrin, D., Burke, J., Jacobson, V., Thornton, J.D., Smetters, D.K., Zhang, B., Tsudik, G., Massey, D., Papadopoulos, C., Wang, L., Crowley, P., Yeh, E.: Named data networking (NDN) project. NDN, Technical report NDN-0001, pp. 1–26, October 2010Google Scholar