On NDN and (lack of ) Measurement Thomas Silverston National - - PowerPoint PPT Presentation

on ndn and lack of measurement
SMART_READER_LITE
LIVE PREVIEW

On NDN and (lack of ) Measurement Thomas Silverston National - - PowerPoint PPT Presentation

May 09, 2023 422 likes •632 views

On NDN and (lack of ) Measurement Thomas Silverston National Institute of Information and Communications Technology (NICT) ICT Testbed Research, Development and Operation Lab P2P-TV Measurement Experiments and Traffic Analysis

slide-1
SLIDE 1

On NDN and (“lack of” ) Measurement

Thomas Silverston

National Institute of Information and Communications Technology (NICT)

ICT Testbed Research, Development and Operation Lab

slide-2
SLIDE 2

Internet

France A France B France C Japan X Japan Y

1

100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Japan Y Japan X France C France B France A % of Upload Traffic Controlled Peers Countries Legend Other USA CAN AUS RUS SWE POL ITA ESP GBR DEU FRA VNM KOR THA SGP TWN HKG JPN CHN 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Japan Y Japan X France C France B France A % of Download Traffic Controlled Peers

  • Experiment Testbed
  • Traffic Analysis
  • Novel Mechanisms

[Measuring P2P IPTV Systems], ACM NOSSDAV 2007 [Traffic Analysis of P2P IPTV Communities], Elsevier Computer Networks 2009 with A. Dainotti (Caida)

P2P-TV Measurement Experiments and Traffic Analysis

Data set (Anonymized) http://content.lip6.fr

slide-3
SLIDE 3

Motivation

  • Internet is mostly used to access content

– Video: 90% of global consumer traffic by 2018

  • [Cisco VNI 2015]
  • Users are interested with content, not location

– TCP/IP (host-to-host communication)

  • Information Centric Networking

– Named-Data Networking [CoNext 2009] – Host-to-content communication

  • Packet address refers to content and not location

– In-Network Caching

  • New “network layer” for Future Internet

– Data at the core of the communication

2

slide-4
SLIDE 4

NDN Overview

3

Publisher User 2 User 1 Router B

Name Forward to /doctor Router B /doctor/obj Router C Name Coming from

  • Router A after receiving Data

FIB PIT Cached copies in CS /doctor/index.htm Name Forward to /doctor Router B /doctor/obj Router C Name Coming from /doctor/index.htm User 1 Router A after receiving Interest FIB PIT Cached copies in CS

  • Name

Forward to /doctor Router B /doctor/obj Router C Name Coming from

  • Router B after receiving Data

FIB PIT Cached copies in CS /doctor/index.htm Name Forward to /doctor Router B /doctor/obj Router C Name Coming from /doctor/index.htm Router A Router B after receiving Interest FIB PIT Cached copies in CS

  • FIB

PIT Content Store

Router A

FIB PIT Content Store 1 2 3 4 5 8 7 6

Open Issues

  • 1. Caching at each Nodes
  • 2. Routing/Forwarding toward Content
  • 3. Security issues (information-leakage)
slide-5
SLIDE 5

Caching Strategies in NDN

  • Popularity-based strategies

– MPC: Most-Popular Content Caching Strategy [IEEE ICC 2013]

  • Cache only popular Content

– SACS: Socially-Aware Caching Strategy [IFIP Networking 2014]

  • Cache Content from popular users (Planet Lab experiments)
  • Infer User Traffic from Social Network dump (IEEE ICC 2014)

4

0.2 0.4 0.6 0.8 1 1 5 10 15 20 Cache Hit Ratio Cache Size CCNx SACS/PageRank 0.6 0.8 1 Tree Abilene Tiger2 GeantDTelekomLevel3 Cache Hit Ratio Topologies CCN (LRU+Always) MPC

slide-6
SLIDE 6

NDN Performances Evaluation

  • Architecture evaluation

– How many Cache Nodes in NDN to be efficient?’ – Comparison with Client/Server, CDN architecture

  • Trade-off 50% of cache nodes for higher performances

– Deployment at reduced infrastructure cost for ISPs

5

slide-7
SLIDE 7

Routing in ICN/NDN

  • Routing scheme for NDN

– Flooding (i.e.: wasting resources) – NLSR: in-path caching

  • SRSC: SDN-based Routing Scheme for NDN

[IEEE Netsoft 2015] Controller-based (anycast routing)

6

slide-8
SLIDE 8

Routing in ICN/NDN

  • Implementation on NDNx (NFD)
  • Deployment on virtual Testbed with Docker
  • Request: Zipf, etc.

7

Abilene Geant

slide-9
SLIDE 9

Security in NDN Information-leakage

  • One of the main security threat in Internet

– IT Security Risks Survey 2014: A Business Approach to Managing

http://media.kaspersky.com/en/IT_Security_Risks_Survey_2014_Glob al_report.pdf

  • Cyber Espionage

– Targeted Attacks (phishing, malware, website, external memory device)

  • Examples: Sony, Target

– $100 M upgrading systems – 46% drop in benefits

[Understanding Targeted Attacks: The Impact of Targeted Attacks]

8

slide-10
SLIDE 10

Targeted Attacks

9

Source: IT Security Center IPA: IT Promotion Agency

http://www.ipa.go.jp/security/english/newattack_en.html

  • Infects PC via emails
  • Probes network
  • Steals Information

Countermeasures Train employees? Human errors

slide-11
SLIDE 11

Information-leakage through NDN packets

10

  • Interest/Data packets are “Request/Reply”
  • Content name, etc.
  • Data can be filtered out out by network admin.
  • White/Black lists of (un)authorized content names
  • CustomerList, BankingInfo, etc.
  • Interest packets are sent out the network to external

publishers as requests (“free” names)

  • Malwares can use Interest to leak Information through

Targeted Attacks

slide-12
SLIDE 12

Information-leakage Countermeasure with Data

11

Enterprise Network The Internet Gatekeeper (Network Administrator) Attacker Malware Normal Agent Employee A Comp1/Pub/Info1 Comp1/Priv/Info1 Firewall 1) Gatekeeper has white list of public contents 2) Every new content is checked by gatekeeper to register it into white list 3) Any content cannot be accessed unless it is listed in white list Rules to Publish Content

Gatekeeper can prevent information leakage through Data packet (reply messages)

slide-13
SLIDE 13

Targeted Attacks in NDN

Enterprise Network Outside Network Malware C&C Server Firewall Bot Interest Packet Data Packet Interest/Data Packet Preparation for Attack 1. C&C server (Control malware via bots) 2. Bot 3. Malware

Interest Name can be used to leak information through Targeted Attacks (request messages)

slide-14
SLIDE 14

URLs Dataset

  • Web Crawling of 7 main organizations

– Amazon, Ask, Stackoverflow, BBC, CNN, Google, Yahoo – Common Crawl Data Set repository

  • 1.73B URLs -> 7M for each organization

/(Organization)/(Directory 1)/…/(Directory n)/(File)?(Query)#(Fragment)

<path> <net_loc> <query> <fragment> Directory Part File Part

URLs Parameters (RFC 1808) Length of <PATH> Number of ‘/’ in <path> Length of <QUERY> Similarity of characters in <PATH> Length of <FRAGMENT> Similarity of characters in <QUERY> Length of Directory Similarity of characters in <FRAGMENT> Length of File

slide-15
SLIDE 15

Average Frequencies in Path, Query, and Fragment

14

§ Calculated average frequencies of characters in path, query and fragment of the URLs in all the organizations

slide-16
SLIDE 16

URLs Similarity

Legitimate names exceed average similarity

slide-17
SLIDE 17

Anomaly Detection in NDN

16

  • Prevent Information-leakage

– Internet security threat through Targeted Attacks

  • Web Organizations Crawling (Google, CNN, etc.)

– Statistics on URLs (names) and HTTP traffic

  • Malicious Names filtering in NDN (15% misdetection names)

– [IEEE Lanman 2016] with D. Kondo (UL), Prof. Asami (U. Tokyo) , Prof. Tode (U. Pref. Osaka) and Prof. O. Perrin (UL) – [NOM WS – Infocom 2017] D. Kondo (UL), Prof. Asami (U. Tokyo) , Prof. Tode (U. Pref. Osaka) and Prof. O. Perrin (UL) – One–Class SVM

slide-18
SLIDE 18

Project ANR Doctor (2014-2017) http://www.doctor-project.org/

  • Deployment of new network functions and protocols (e.g.: NDN) in a virtualized

networking environment (e.g.: NFV)

– Monitoring, managing and securing (using SDN for reconfiguration)

  • Partners: Orange, Thlaes, Montimage, UTT, LORIA/CNRS (900k€)
  • NDN/HTTP proxy designed in the project

17

slide-19
SLIDE 19

Conclusion

  • NDN Architecture

– Caching: popularity-based – Routing: Controller-based – Security: Name-Anomaly Detection in NDN

  • thomas@nict.go.jp

18