secure producer mobility in information centric network
play

Secure producer mobility in information-centric network Alberto - PowerPoint PPT Presentation

Oct 20, 2023 •152 likes •423 views

Secure producer mobility in information-centric network Alberto Compagno, Xuan Zeng, Luca Muscariello, Giovanna Carofiglio, Jordan Auge Cisco, SystemX,UPMC September 25, 2017 1 Mobility in 5G 5G requirements on mobility: Seamless (low

  1. Secure producer mobility in information-centric network Alberto Compagno, Xuan Zeng, Luca Muscariello, Giovanna Carofiglio, Jordan Auge Cisco, SystemX,UPMC September 25, 2017 1

  2. Mobility in 5G § 5G requirements on mobility: § Seamless (low latency, packet loss, etc) § Continuity over dense & heterogeneous access (LTE, wifi) § Calls for new and effective mobility solutions 2

  3. Support mobility in ICN § Consumer mobility ->naturally supported § Producer mobility -> challenging § Tracing-based approach(kite, Mapme), promising: § Meet 5G requirements: low latency, loss, network head Security consideration are inadequate § 3

  4. How does trace-based solution work? § Producer updates forwarding states(PIT or FIB) of a subset of routers Interest update(IU) R2 Interest flow R3 R4 producer FIB direction R1 4

  5. How does trace-based solution work? § Producer updates forwarding states(PIT or FIB) of a subset of routers producer R2 Interest flow R3 R4 FIB direction R1 5

  6. trace-based solution: prefix hijacking attack Q:what if IU is from attacker? Interest update producer Interest update R2 Interest flow R3 R4 FIB direction R1 6

  7. trace-based solution: prefix hijacking attack producer pollute cache! black-holed! R2 Interest privacy flow R3 R4 FIB direction R1 7

  8. Challenges to protect trace-based approach from prefix hijacking? 8

  9. Challenges to prevent prefix hijacking (1/2) 1. Distributed Interest update producer 2. Lightweight 9

  10. Challenges to prevent prefix hijacking (2/2) 3. Deal with an attacker that can compromise edge routers May allow to R2 generate valid IU R3 R4 FIB direction R1 10

  11. Existing approaches § Signature based approach: § Expensive for hardware at network access § See evaluation section later § Session key based approach: § CellularIP and telemIP: shared network key stolen compromises whole network 11

  12. Our prefix attestation protocol? 12

  13. Prefix attestation protocol: high level view § Only entitled producer can generate valid interest updates § Distribute minimal crypto info to network § We call this crypto info security context § Validate IU locally Sec.context Registration server Sec.context Sec.context Sec.context producer Registration 13

  14. Prefix attestation protocol: high level view § Only entitled producer can generate valid interest updates § Distribute minimal crypto info to network § We call this crypto info security context § Validate IU locally Sec.context Registration server Sec.context Sec.context Sec.context IU producer 14

  15. How to design security context? 15

  16. Security context requirements § Allow fast validation -> crypto hash § Allow to validate but not generate genuine IU, -> hash chain Prevent attacker R2 generating valid IU R3 R4 FIB direction R1 16

  17. Security context using hash chain § hash chain(originally by Lamport) 1 st authen. A authenticates to B: B: H n (s) H n-1 (s) A Hash matches, OK 17

  18. Security context using hash chain § hash chain(originally by Lamport) 2 nd authen. A authenticates to B: B: H n-1 (s) H n-2 (s) A Hash matches again, OK 18

  19. prefix attestation protocol: leveraging hash chain § Producer: ith IU, send with H n-i (s) H n-i (s) producer Sec.context Sec.context H n-2 (s) Sec.context prefix seq. No sec. context H n-1 (s)producer /p 0 H n (s p ) Sec.context 19

  20. Evaluation? 20

  21. Evaluation: computation overhead !"# Analytical model: goodput = !"# ∗% &'()*++ ,#∗% -*'./0 η = fraction of interest update(%) 21

  22. Evaluation: computation overhead § Optimal case: no verification on interest update § Goodput decreases anyway as IU take up resources 22

  23. Evaluation: computation overhead § Signature verification § Goodput drops to 0 with small percent of IU(3%) 23

  24. Evaluation: computation overhead § Hash chain: one hash per IU verification § Maintains 90% of optimal goodput (low overhead) 24

  25. Evaluation: computation overhead § Hash chain: many hashes per IU verification § By ~200 hashes , similar results w.r.t signature verification. 25

  26. Evaluation: storage overhead § Storage overhead vs No. of mobile producers § Hash chain: 50MB per router needed for Millions of Mobiles. More scalable. 26

  27. Conclusion & future work § We propose an attestation protocol to secure trace-based producer mobility in ICN: § Initial results confirm it’s light weight § Run unchanged over different hardware § Future work: Evaluation on real hardware and workload § § Exploit routing to refresh sec. context. Thanks! xuan.zeng@irt-system.fr 27

Recommend

SLICT: Secure Localized Information Centric Things Marcel Enguehard, Ralph Droms, Dario Rossi 26

SLICT: Secure Localized Information Centric Things Marcel Enguehard, Ralph Droms, Dario Rossi 26

SLICT: Secure Localized Information Centric Things Marcel Enguehard, Ralph Droms, Dario Rossi 26 September 2016 Workshop on Information Centric Networking for 5G, Kyoto, 2016 Can we securely deploy geographic forwarding on Information Centric

340 views • 21 slides
Information Centric Networking(ICN) for Delivering Big Data with Persistent Identifiers(PID)

Information Centric Networking(ICN) for Delivering Big Data with Persistent Identifiers(PID)

Information Centric Networking(ICN) for Delivering Big Data with Persistent Identifiers(PID) Andreas Karakannas Research Project 2 Supervised by: Zhiming Zhao Background PIDs in IP Network Information Centric Networking A new network

696 views • 34 slides
The Case for a Unified Extensible Data-centric Mobility Infrastructure Data-centric Mobility

The Case for a Unified Extensible Data-centric Mobility Infrastructure Data-centric Mobility

The Case for a Unified Extensible Data-centric Mobility Infrastructure Data-centric Mobility Infrastructure Yun Mao, Boon Thau Loo Zachary Ives Jonathan M Smith Zachary Ives, Jonathan M. Smith University of Pennsylvania Aug 27 2007 Aug 27,

736 views • 29 slides
A Conceptual Framework for Network Centric Warfare Workshop on Network Centric Warfare and

A Conceptual Framework for Network Centric Warfare Workshop on Network Centric Warfare and

OFT ASDC3I A Conceptual Framework for Network Centric Warfare Workshop on Network Centric Warfare and Network Enabled Capabilities December 17-19, 2002 Ongoing Research Sponsored by OFT and ASD(C3I) EBR RAND OFT ASDC3I Agenda

1.39k views • 107 slides
Application-Specific Secure Gathering of Consumer Preferences and Feedback in Information-Centric

Application-Specific Secure Gathering of Consumer Preferences and Feedback in Information-Centric

Application-Specific Secure Gathering of Consumer Preferences and Feedback in Information-Centric Networks Reza Tourani, Satyajayant (Jay) Misra, Travis Mick Computer Science Department New Mexico State University New Mexico State University,

601 views • 27 slides
KITE: Producer Mobility Support in Named Data Networking Yu Zhang 1 , Zhongda Xia 1 , Spyridon

KITE: Producer Mobility Support in Named Data Networking Yu Zhang 1 , Zhongda Xia 1 , Spyridon

KITE: Producer Mobility Support in Named Data Networking Yu Zhang 1 , Zhongda Xia 1 , Spyridon Mastorakis 2 , Lixia Zhang 2 1 Harbin Institute of Technology 2 UCLA NDN Mobility Support Consumer mobility is natively supported pull-based

396 views • 37 slides
SAIL Project: Value Network Configurations in Information-centric Networking Tapio Lev

SAIL Project: Value Network Configurations in Information-centric Networking Tapio Lev

SAIL Project: Value Network Configurations in Information-centric Networking Tapio Lev (tapio.leva@aalto.fi) Aalto University SCALABLE & ADAPTIVE INTERNET SOLUTIONS 31.1.2012 1 Put information about confidentiality here SAIL Project

428 views • 19 slides
Content-peering Dynamics of Autonomous Caches in a Content-centric Network Valentino Pacifici,

Content-peering Dynamics of Autonomous Caches in a Content-centric Network Valentino Pacifici,

Introduction Model Perfect Information Imperfect Information Conclusions Content-peering Dynamics of Autonomous Caches in a Content-centric Network Valentino Pacifici, Gy orgy D an Laboratory for Communication Networks School of

531 views • 35 slides
Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio

Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio

Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio Martinelli CNR Raul Riesco Granadino INCIBE (Chairs) NIS Platform WG3 Secure ICT Research & Innovation Outline WG3 Main deliverables

392 views • 17 slides
Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications Dominic Tarr (SSB, New Zealand) Erick Lavoie (McGill University, Montreal) Aljoscha Meyer (TU Berlin, Germany) Christian Tschudin (U of

501 views • 18 slides
Network Mobility Thierry Ernst Keio University ernst@sfc.wide.ad.jp 1 Thierry Ernst -

Network Mobility Thierry Ernst Keio University ernst@sfc.wide.ad.jp 1 Thierry Ernst -

Network Mobility Thierry Ernst Keio University ernst@sfc.wide.ad.jp 1 Thierry Ernst - Nautilus6.org - September 2004 IP-layer Mobility: Host Mobility and Network Mobility Address Requirements for IPv6 nodes: Must be topologically correct

678 views • 41 slides
Ubiquitous Inference of Mobility State of Human Custodian in People-Centric Context Sensing

Ubiquitous Inference of Mobility State of Human Custodian in People-Centric Context Sensing

Ubiquitous Inference of Mobility State of Human Custodian in People-Centric Context Sensing Mattia Gustarini, Katarzyna Wac Institute of Services Science Quality of Life Group FACULTY OF ECONOMIC AND SOCIAL SCIENCES Department of Management

639 views • 35 slides
in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network

in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network

Open Charging Cloud Security and Privacy in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network Architecture e-Mobility Energy Provider 1 Provider Charging (Mobile) Station Charging Internet

563 views • 39 slides
MobilityFirst : A Robust and Trustworthy Mobility-Centric Architecture for the Future Internet

MobilityFirst : A Robust and Trustworthy Mobility-Centric Architecture for the Future Internet

MobilityFirst : A Robust and Trustworthy Mobility-Centric Architecture for the Future Internet NSF FIA Meeting Nov 15-16, 2010 MobilityFirst Project Team Contact: D. Raychaudhuri ray@winlab.rutgers.edu MobilityFirst Project: Collaborating

496 views • 33 slides
Application Centric Infrastructure (ACI) The Cisco Application Centric Infrastructure (ACI) allows

Application Centric Infrastructure (ACI) The Cisco Application Centric Infrastructure (ACI) allows

Application Centric Infrastructure (ACI) The Cisco Application Centric Infrastructure (ACI) allows application requirements to dene the network. This architecture simplies, optimizes, and accelerates the entire application deployment life

1.48k views • 130 slides
A Secure, Publisher-Centric Web Caching Infrastructure Andy Myers, John Chuang, Urs Hengartner,

A Secure, Publisher-Centric Web Caching Infrastructure Andy Myers, John Chuang, Urs Hengartner,

A Secure, Publisher-Centric Web Caching Infrastructure Andy Myers, John Chuang, Urs Hengartner, Yinglian Xie, Weiqiang Zhuang, Hui Zhang Infocom 2001 Caching Cache Server Clients 30-40% reduction in bandwidth at ISP Reduced waiting

587 views • 26 slides
OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec14) 19

OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec14) 19

OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec14) 19 October 2014 Sandra Scott-Hayward, Christopher Kane and Sakir Sezer s.scott-hayward@qub.ac.uk Centre for Secure Information Technologies (CSIT)

359 views • 20 slides
Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular

Lecture 12: Network layer mobility Lecture 12: Network layer mobility Mobile IP, cellular handsoffs. Mobile IP, cellular handsoffs. Mythili Vutukuru CS 653 Spring 2014 Feb 24, Monday Network layer: recap The network or IP layer

388 views • 11 slides
Improving Network Mobility with Multipath-TCP Richard Withnell Introduction Network

Improving Network Mobility with Multipath-TCP Richard Withnell Introduction Network

Improving Network Mobility with Multipath-TCP Richard Withnell Introduction Network Mobility Resource Pooling The Future Introduction Satellite WiFi LTE 3G Bluetooth Introduction Introduction Internet MIP / NEMO

694 views • 22 slides
CICN Community Information-Centric Networking FD.io: The Universal Dataplane Fd.io Scope :

CICN Community Information-Centric Networking FD.io: The Universal Dataplane Fd.io Scope :

CICN Community Information-Centric Networking FD.io: The Universal Dataplane Fd.io Scope : Project at Linux Foundation Network IO - NIC/vNIC <-> cores/threads Multi-party Packet Processing Multi-project

680 views • 26 slides
Connecting Europe facility Support to safe and secure parkings 6 November 2018 Mobility and

Connecting Europe facility Support to safe and secure parkings 6 November 2018 Mobility and

Connecting Europe facility Support to safe and secure parkings 6 November 2018 Mobility and Transport Safe and secure parking in CEF (2014-2017) 8 Actions (works and studies) co-funded under CEF since 2014. Total budget: 45,574,586

199 views • 9 slides
The Mobility Project Building network of web-servers for exchange of data on student mobility

The Mobility Project Building network of web-servers for exchange of data on student mobility

The Mobility Project Building network of web-servers for exchange of data on student mobility Janina Mincer-Daszkiewicz University of Warsaw jmd@mimuw.edu.pl EUNIS 2010, 2010-06-23 Agenda Real life scenarios (motivation) History and

396 views • 26 slides
Secure Information Exchange for Secure Information Exchange for Omniscience Omniscience Chung

Secure Information Exchange for Secure Information Exchange for Omniscience Omniscience Chung

Secure Information Exchange for Secure Information Exchange for Omniscience Omniscience Chung Chan (CityU) Joint work with Navin Kashyap (IISc), Praneeth Kumar Vippathalla, (IISc) and Qiaoqiao Zhou (CUHK) Audio slides:

443 views • 17 slides
Mobile Tactical Ops Center using ATCA MOSA, Swap and Net Centric Architecture DoD - Net Centric

Mobile Tactical Ops Center using ATCA MOSA, Swap and Net Centric Architecture DoD - Net Centric

Mobile Tactical Ops Center using ATCA MOSA, Swap and Net Centric Architecture DoD - Net Centric Architecture Data Producers Data Consumers Need Network access platforms to collect and analyze intelligence Ethernet Call H.323

310 views • 11 slides

More recommend