Advertisement

Identifying Previously Requested Content by Side-Channel Timing Attack in NDN

  • Ertugrul Dogruluk
  • Antonio Costa
  • Joaquim Macedo
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 878)

Abstract

NDN is a new name-based network paradigm. It is designed to keep the contents in the cache to increase the network efficiency. However, previously requested content may put the user privacy at risk. The time difference between cached and non-cached contents of interest responses can be used by an adversary to determine previously requested contents in cache. This attack is classified as side-channel timing attack. In NDN, it is used a signature to authenticate interests and data packets. However, signed packets does not affect the performance of side-channel timing attack. Independently of being signed or not, the adversary may identify both the sensitive and non-sensitive contents, recently cached by router. In order to mitigate side-channel attacks in NDN, there are several countermeasure methods proposed by other researchers. In this work, firstly we developed an attack scenario using ndnSIM simulator. Then we evaluated the scenario under attack and without attacks. We also proposed an adversary detection algorithm that combines three different defense countermeasures in order to maximize the cache availability.

Keywords

NDN Content privacy Side-channel timing attack 

Notes

Acknowledgment

This work has been supported by COMPETE: POCI-01- 0145-FEDER-007043 and FCT-Fundacao ao para a Ciencia e Tecnologia within the Project Scope: UID/CEC/00319/2013.

References

  1. 1.
    Acs, G., Conti, M., Gasti, P., Ghali, C., Tsudik, G.: Cache privacy in named-data networking. In: IEEE 33rd International Conference on Distributed Computing Systems, pp. 41–51. IEEE (2013)Google Scholar
  2. 2.
    Afanasyev, A., Shi, J., Zhang, B., Zhang, L., Moiseenko, I., Yu, Y., Shang, W., Huang, Y., Abraham, J.P., Dibenedetto, S., Fan, C., Pesavento, D., Grassi, G., Pau, G., Zhang, H., Song, T., Abraham, H.B., Crowley, P., Amin, S.O., Lehman, V., Wang, L.: NFD developer’s guide. NDN. Technical report. NDN-0021 4, pp. 1–56 (2015)Google Scholar
  3. 3.
    April, M., Report, A., Jacobson, V., Burke, J., Zhang, L., Claffy, K., Papadopoulos, C., Wang, L., Halderman, J.A., Crowley, P.: Named Data Networking Next Phase (NDN-NP) Project May 2014–April 2015 Annual Report (2015)Google Scholar
  4. 4.
    Chaabane, A., Cristofaro, E.D.: Privacy in content-oriented networking: threats and countermeasures. ACM SIGCOMM Comput. Commun. Rev. 43(3), 26–33 (2013)CrossRefGoogle Scholar
  5. 5.
    DiBenedetto, S., Gasti, P.: ANDaNA: anonymous named data networking application. In: Proceedings of the Network and Distributed System Security Symposium, pp. 1–20 (2012)Google Scholar
  6. 6.
    Dogruluk, E., Costa, A., Macedo, J.: Evaluating privacy attacks in named data network. In: Proceedings of the IEEE Symposium on Computers and Communication, vol. 2016, August 2016Google Scholar
  7. 7.
    Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, CCS 2000, pp. 25–32 (2000)Google Scholar
  8. 8.
    Jacobson, V., Smetters, D.K., Thornton, J.D., Plass, M., Briggs, N., Braynard, R.: Networking named content. Commun. ACM 55(1), 117 (2012)CrossRefGoogle Scholar
  9. 9.
    Mastorakis, S., Afanasyev, A., Moiseenko, I., Zhang, L.: ndnSIM 2.0: a new version of the NDN simulator for NS-3, pp. 1–8 (2015)Google Scholar
  10. 10.
    Mohaisen, A., Mekky, H., Zhang, X., Xie, H., Kim, Y.: Timing attacks on access privacy in information centric networks and countermeasures. IEEE Trans. Dependable Secur. Comput. 12(6), 675–687 (2015)CrossRefGoogle Scholar
  11. 11.
    Schinzel, S.: An efficient mitigation method for timing side channels on the web. In: 2nd International Workshop on Constructive Side-Channel Analysis and Secure Design, pp. 1–6 (2011)Google Scholar
  12. 12.
    Spring, N., Wetherall, D.: Measuring ISP Topologies with Rocketfuel. In: Proceedings of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2002, pp. 133–145 (2002)Google Scholar
  13. 13.
    Wiangsripanawan, R., Susilo, W., Safavi-Naini, R.: Design principles for low latency anonymous network systems secure against timing attacks. In: Conferences in Research and Practice in Information Technology Series, vol. 68, pp. 183–191 (2007)Google Scholar
  14. 14.
    Yi, C., Afanasyev, A., Wang, L., Zhang, B., Zhang, L.: Adaptive forwarding in named data networking. ACM SIGCOMM Comput. Commun. Rev. 42(3), 62 (2012)CrossRefGoogle Scholar
  15. 15.
    Zhang, G., Fischer-Huebner, S., Martucci, L.a., Ehlert, S.: Revealing the calling history of SIP VoIP systems by timing attacks. In: 2009 International Conference on Availability, Reliability and Security, pp. 135–142 (2009)Google Scholar
  16. 16.
    Zhang, L., Estrin, D., Burke, J., Jacobson, V., Thornton, J.D., Smetters, D.K., Zhang, B., Tsudik, G., Massey, D., Papadopoulos, C., Wang, L., Crowley, P., Yeh, E.: Named data networking (NDN) project. NDN, Technical report NDN-0001, pp. 1–26, October 2010Google Scholar
  17. 17.
    Zhang, L., Jacobson, V., Diego, S., Crowley, P., Louis, S., Wang, L.: Named data networking. ACM SIGCOMM Comput. Commun. Rev. 44(3), 66–73 (2014)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Centro AlgoritmiUniversidade do MinhoBragaPortugal

Personalised recommendations