secure fragmentation for content centric networking
play

Secure Fragmentation for Content Centric Networking Christopher A. - PowerPoint PPT Presentation

Dec 18, 2023 •439 likes •1.09k views

Secure Fragmentation for Content Centric Networking Christopher A. Wood Palo Alto Reseach Center cwood@parc.com Marc Mosko Palo Alto Reseach Center mmosko@parc.com IEEE CCN 2015 Dallas, TX, USA 10/19/2015 Confidential Agenda 1. CCNx

  1. Secure Fragmentation for Content Centric Networking Christopher A. Wood Palo Alto Reseach Center cwood@parc.com Marc Mosko Palo Alto Reseach Center mmosko@parc.com IEEE CCN 2015 Dallas, TX, USA 10/19/2015 Confidential

  2. Agenda 1. CCNx overview 2. Fragmentation and segmentation 3. CCNx fragmentation options 4. Named Network Fragments 5. Performance Results 6. Q&A 2

  3. 1. CCNx overview 3

  4. CCNx 101 • Content is named and transferred through the network from producers to consumers upon request • Consumers issue interest packets for content objects • Forwarders (routers) move interests from consumers to producers • Forwarder FIBs store forwarding information, Pending Interest Tables (PITs) store interest state, and Content Stores (caches) store previously requested content • Producers satisfy interests and return the resulting content object 4

  5. 5

  6. 6

  7. 7

  8. 8

  9. 9

  10. 10

  11. 11

  12. 12

  13. 13

  14. 14

  15. 15

  16. 2. Fragmentation and segmentation 16

  17. Network Links The Internet connects heterogeneous devices over heterogeneous links with different: • Physical layers (copper, fiber, radio) • Link layers (Ethernet, WiFi) • Maximum Transmission Unit (MTU) sizes (determined by link layer) 17

  18. Fragmentation Fragmentation: splitting a packet into fragments that fit into an outgoing link MTU • Fragment header encodes information (e.g., ordering) of related fragments • Re-fragmentation can occur if smaller MTU is encountered 18

  19. Segmentation Segmentation: cutting up large pieces of data at the transport (or higher) layer • Segmentation is not fragmentation • Both may occur for a given consumer-to-producer path 19

  20. How do fragmentation and segmentation apply to CCNx? 20

  21. CCNx Messages Interest ContentObject Header(s) Header(s) Body Body Validation Validation 21

  22. CCNx Messages Interest Header(s) Names are unbounded Body (name +payload) Payload contents are unbounded Validation ContentObject Header(s) Body (name +payload) Validation 22

  23. CCNx Messages Interest Header(s) Names are unbounded Body (name +payload) Payload contents are unbounded Validation ContentObject Header(s) Names are unbounded Body (name +payload) Payload contents are unbounded Validation 23

  24. CCNx Segmentation • CCNx packet fixed header imposes constraints on the message size • Names and payloads sizes are bounded • If the payload for a Content Object (or Interest) exceeds this bound, it must be segmented • akin to TCP segmentation 24

  25. CCNx Segmentation Problems • Is (Content Object) segmentation a substitute for fragmentation? • Maybe, if the minimum path MTU is known • No, otherwise (i.e., for Interests) 25

  26. CCNx Segmentation Problems • Is (Content Object) segmentation a substitute for fragmentation? • Maybe, if the minimum path MTU is known • No, otherwise (i.e., for Interests) • Does MTU discovery work? • Not all the time! 26

  27. CCNx Segmentation Problems • Is (Content Object) segmentation a substitute for fragmentation? • Maybe, if the minimum path MTU is known • No, otherwise (i.e., for Interests) • Does MTU discovery work? • Not all the time! 27

  28. CCNx Segmentation Problems • Is (Content Object) segmentation a substitute for fragmentation? • Maybe, if the minimum path MTU is known • No, otherwise (i.e., for Interests) • Does MTU discovery work? • Not all the time! 28

  29. CCNx Segmentation Problems • Is (Content Object) segmentation a substitute for fragmentation? • Maybe, if the minimum path MTU is known • No, otherwise (i.e., for Interests) • Does MTU discovery work? • Not all the time! 29

  30. CCNx Segmentation Problems • Is (Content Object) segmentation a substitute for fragmentation? • Maybe, if the minimum path MTU is known • No, otherwise (i.e., for Interests) • Does MTU discovery work? • Not all the time! 30

  31. CCNx Segmentation Problems • Is (Content Object) segmentation a substitute for fragmentation? • Maybe, if the minimum path MTU is known • No, otherwise (i.e., for Interests) • Does MTU discovery work? • Not all the time! 31

  32. CCNx Segmentation Problems • Is (Content Object) segmentation a substitute for fragmentation? • Maybe, if the minimum path MTU is known • No, otherwise (i.e., for Interests) • Does MTU discovery work? • Not all the time! 32

  33. CCNx Segmentation Problems • Problem #1: routers do not have access to signing keys 33

  34. CCNx Segmentation Problems • Problem #1: routers do not have access to signing keys • Problem #2: producer cannot segment for all MTUs 34

  35. CCNx Segmentation Problems • Problem #1: routers do not have access to signing keys • Problem #2: producer cannot segment for all MTUs • Problem #3: Interests cannot be segmented since the MTU is not known (among other reasons) fragmentation is unavoidable 35

  36. 3. CCNx fragmentation options 36

  37. CCNx Fragmentation Options There are two flavors of CCNx fragmentation proposals: • Hop-by-hop (Begin-End Fragmentation) [1] • Cut-through (FIGOA) [2] [1] - http://datatracker.ietf.org/doc/draft-mosko-icnrg-beginendfragment/ 
 [2] - C. Ghali, A. Narayanan, D. Oran, G. Tsudik, C. A. Wood, NCA 2015, the 14th IEEE International Symposium on Network Computing and Applications, September 28 - 30, 2015, Cambridge, MA, USA. 37

  38. Begin-End Fragmentation • Run between a sender and “peer” • B, E, and BE flags are used to signal the start, end, and entry of a fragment series • Fragments are tagged with monotonically increasing sequence numbers • Idle fragments can be used to advance the fragment number 38

  39. Begin-End Fragmentation Protocol • Senders: • Break up a message into fragments with increasing numbers • Mark fragments with B and E bits as needed • Receivers (peers): • Maintain one reassembly queue per sender • Gather while in-order fragments are received • Reassemble and pass up when end fragment is received • Discard the queue when an out-of-order fragment is received 39

  40. FIGOA Fragmentation • Based on the concept of delayed authentication • Fragment packets based on MTU size and tag with byte offsets (not indexes) • Fragment data size is a multiple of the hash function digest size • Append the IV or intermediate state of the Merkle-Damgard hash function computation to each fragment (next slide) • Allows fragments to be re-fragmented if needed 40

  41. Merkle-Damgard Hash Functions m 1# m 2# m 3# m 4# m k# pad # H 0 " f " f " f " f " f " H 2 H 1 H 3 H 4 " " " " H " Hash"Value " 41

  42. Merkle-Damgard Hash Functions m 1# m 2# m 3# m 4# m k# pad # H 0 " f " f " f " f " f " H 1 H 2 H 3 H 4 " " " " H " Hash"Value " 42

  43. FIGOA Fragments Signature-(on-H) - F 1# Fragment=Info- Name- IntState-=- H 0# …-Data-…- ContentObjectSize- F 2 - Fragment=Info- FragmentOffset- IntState-=- H 1# FragmentSize- …-Data-…- Data- SignatureInfo- Signature- F 3# Fragment=Info- IntState-=- H 2# …-Data-…- 43

  44. FIGOA Fragmentation Protocol (Sender) • Fragment message into blocks that are multiples of the hash function digest • Tag with the byte offset and include the hash function IV or intermediate state (IS) • Send the fragments… 44

  45. FIGOA Fragmentation Protocol (Receiver) • Maintain one reassembly queue per message • Upon receipt of a fragment without the previous fragment, compute hash and store in queue. If the successor is present, compare the output hash against the successor’s IS • Upon receipt of a fragment with the previous fragment, check against the computed IS, and do the step above. • Forward all fragments except the last right away. • Once the full message is received, verify the output digest (if given) and signature, and forward the fragment. 45

  46. 4. Named Network Fragments 46

  47. FIGOA Shortcomings • Not possible to match a fragment to a hash-based interest (format does not specify digest in the fragment response) • Signature verification is deferred to the end “hostage” fragment 47

  48. Named Network Fragments NNF improvements over FIGOA: • Unbounded content length 48

  49. Named Network Fragments NNF improvements over FIGOA: • Unbounded content length • Immediate signature verification 49

  50. Named Network Fragments NNF improvements over FIGOA: • Immediate signature verification • Unbounded content length • Selective retransmission for dropped fragments 50

  51. Named Network Fragments NNF improvements over FIGOA: • Immediate signature verification • Unbounded content length • Selective retransmission for dropped fragments • Hash-based named fragment “chains” 51

  52. Named Network Fragments NNF improvements over FIGOA: • Immediate signature verification • Unbounded content length • Selective retransmission for dropped fragments • Hash-based named fragment “chains” • Complete ContentObject replacement 52

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Content-Centric Content-Centric Networking Networking J.J. Garcia-Luna-Aceves UCSC and PARC

Content-Centric Content-Centric Networking Networking J.J. Garcia-Luna-Aceves UCSC and PARC

Content-Centric Content-Centric Networking Networking J.J. Garcia-Luna-Aceves UCSC and PARC jj@soe.ucsc.edu jjgla@parc.com Outline Outline Problem we address Limitations of routing schemes that assume connected networks Our

264 views • 25 slides
Introduction to Content Centric Networking Van Jacobson van@parc.com FISS 09 Bremen, Germany

Introduction to Content Centric Networking Van Jacobson van@parc.com FISS 09 Bremen, Germany

Introduction to Content Centric Networking Van Jacobson van@parc.com FISS 09 Bremen, Germany 22 June 2009 This talk describes ongoing PARC work on CCN (Content-centric Networking) by: Jim Thornton Simon Barber Diana Smetters

862 views • 32 slides
Content-Centric Networking at Internet Scale through The Integration of Name Resolution and

Content-Centric Networking at Internet Scale through The Integration of Name Resolution and

Content-Centric Networking at Internet Scale through The Integration of Name Resolution and Routing J. J. Garcia-Luna-Aceves UCSC/Xerox PARC Overview q Routing to names is not better than routing to addresses in a content-centric network q

559 views • 22 slides
Various Faces of Data Centric Networking and Systems Eiko Yoneki University of Cambridge

Various Faces of Data Centric Networking and Systems Eiko Yoneki University of Cambridge

Various Faces of Data Centric Networking and Systems Eiko Yoneki University of Cambridge Computer Laboratory 5 Faces in DCN 1. Content-Centric Networking (CCN) and Content Distribution Networks (CDN) Big Data 2. Programming in Data Centric

358 views • 25 slides
When Encryption is Not Enough Privacy Attacks in Content- Centric Networking ACM ICN 2017 1

When Encryption is Not Enough Privacy Attacks in Content- Centric Networking ACM ICN 2017 1

When Encryption is Not Enough Privacy Attacks in Content- Centric Networking ACM ICN 2017 1 Privacy with IP GET /a/b/c C S RESPONSE: <data> ACM ICN 2017 2 Privacy with IP secure channel GET /a/b/c C S RESPONSE: <data>

386 views • 37 slides
A seman(c firewall for Content Centric Networking IFIP/IEEE

A seman(c firewall for Content Centric Networking IFIP/IEEE

A seman(c firewall for Content Centric Networking IFIP/IEEE Integrated Network Management Symposium (IM 2013) - MC2: Security Management and Recovery May 27 - 31, 2013 David Goergen Thibault Cholez Jrme

665 views • 39 slides
CCTCP: A Scalable Receiver-driven Congestion Control Protocol for Content Centric Networking

CCTCP: A Scalable Receiver-driven Congestion Control Protocol for Content Centric Networking

CCTCP: A Scalable Receiver-driven Congestion Control Protocol for Content Centric Networking Lorenzo Saino, Cosmin Cocora and George Pavlou Communications and Information Systems Group Department of Electrical and Electronics Engineering

500 views • 13 slides
SLICT: Secure Localized Information Centric Things Marcel Enguehard, Ralph Droms, Dario Rossi 26

SLICT: Secure Localized Information Centric Things Marcel Enguehard, Ralph Droms, Dario Rossi 26

SLICT: Secure Localized Information Centric Things Marcel Enguehard, Ralph Droms, Dario Rossi 26 September 2016 Workshop on Information Centric Networking for 5G, Kyoto, 2016 Can we securely deploy geographic forwarding on Information Centric

340 views • 21 slides
Network Names in Content-Centric Networking ACM ICN 2016 1 CCN Names Expressed as URIs

Network Names in Content-Centric Networking ACM ICN 2016 1 CCN Names Expressed as URIs

9/27/16 Network Names in Content-Centric Networking ACM ICN 2016 1 CCN Names Expressed as URIs /a/b/foo /us/edu/uci/cs/tsudik/papers/acm-icn16.pdf Encoded as TLVs 1 2 3 0 1 2 3 4 5 6 7 8 9

304 views • 12 slides
PIT Overload Analysis in Content Centric Networks Matteo Virgilio, Guido Marchetto, Riccardo

PIT Overload Analysis in Content Centric Networks Matteo Virgilio, Guido Marchetto, Riccardo

ACM SIGCOMM Workshop on Information-Centric Networking 12/08/2013 PIT Overload Analysis in Content Centric Networks Matteo Virgilio, Guido Marchetto, Riccardo Sisto Department of Control and Computer Engineering Politecnico di Torino 1/16

393 views • 16 slides
Data Centric Networking Session 1: Introduction to R202 Data Centric Networking Eiko Yoneki

Data Centric Networking Session 1: Introduction to R202 Data Centric Networking Eiko Yoneki

Data Centric Networking Session 1: Introduction to R202 Data Centric Networking Eiko Yoneki Systems Research Group University of Cambridge Computer Laboratory Welcome and Introduction Welcome to R202 First introduce yourselves Tell

374 views • 18 slides
On the intersection of Information Centric Networking and Delay Tolerant Networking (Lessons

On the intersection of Information Centric Networking and Delay Tolerant Networking (Lessons

On the intersection of Information Centric Networking and Delay Tolerant Networking (Lessons learned from the GreenICN project) Jan Seedorf HFT Stuttgart Visit at HAW Hamburg December 2019 1 Outline (Very) Short Introduction to

682 views • 43 slides
Information Centric Networking(ICN) for Delivering Big Data with Persistent Identifiers(PID)

Information Centric Networking(ICN) for Delivering Big Data with Persistent Identifiers(PID)

Information Centric Networking(ICN) for Delivering Big Data with Persistent Identifiers(PID) Andreas Karakannas Research Project 2 Supervised by: Zhiming Zhao Background PIDs in IP Network Information Centric Networking A new network

696 views • 34 slides
Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Networking Secure apps Aims Crypto Basics Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014

389 views • 26 slides
Pro-Diluvian: Understanding Scoped-Flooding for Content Discovery in Information-Centric

Pro-Diluvian: Understanding Scoped-Flooding for Content Discovery in Information-Centric

Pro-Diluvian: Understanding Scoped-Flooding for Content Discovery in Information-Centric Networking Liang Wang , Suzan Bayhan, Jo rg Ott, Jussi Kangasharju, Arjuna Sathiaseelan, Jon Crowcroft University of Cambridge, UK Aalto University,

310 views • 27 slides
Multimedia Data Processing on CIEL Arman Idani 14 Feb 2012 R202 Data Centric Networking

Multimedia Data Processing on CIEL Arman Idani 14 Feb 2012 R202 Data Centric Networking

Multimedia Data Processing on CIEL Arman Idani 14 Feb 2012 R202 Data Centric Networking Machine Learning on DC Apache Mahout (library for Hadoop) Tons of independent codes Only on textual/graph content No multimedia input

282 views • 14 slides
Measurement of jet fragmentation at ATLAS Andy Buckley, University of Glasgow for the ATLAS

Measurement of jet fragmentation at ATLAS Andy Buckley, University of Glasgow for the ATLAS

Measurement of jet fragmentation at ATLAS Andy Buckley, University of Glasgow for the ATLAS Collaboration QCD@LHC, Buffalo, 16 July 2019 Jet fragmentation colour singlet In leading-order QCD, well-separated jets and partons are exactly

308 views • 18 slides
QCD Phenomenology at High Energy Bryan Webber CERN Academic Training Lectures 2008 Lecture 4:

QCD Phenomenology at High Energy Bryan Webber CERN Academic Training Lectures 2008 Lecture 4:

QCD Phenomenology at High Energy Bryan Webber CERN Academic Training Lectures 2008 Lecture 4: Jet Fragmentation and Hadron-Hadron Processes Jet Fragmentation Fragmentation functions Small-x fragmentation Average multiplicity

670 views • 34 slides
Claims- -Based Identity Layer Based Identity Layer Claims for the New Internet New

Claims- -Based Identity Layer Based Identity Layer Claims for the New Internet New

Claims- -Based Identity Layer Based Identity Layer Claims for the New Internet New Internet for the Slava Kavsan, Slava Kavsan, Partner Architect Partner Architect Microsoft Corp. Microsoft Corp. Topics Topics Need for

558 views • 19 slides
Mobile Network Layer J.-P. Hubaux, N. Vratonjic, M. Poturalski, I. Bilogrevic

Mobile Network Layer J.-P. Hubaux, N. Vratonjic, M. Poturalski, I. Bilogrevic

Mobile Networks Module E Mobile Network Layer J.-P. Hubaux, N. Vratonjic, M. Poturalski, I. Bilogrevic http://mobnet.epfl.ch Some slides addapted from Jochen H. Schiller (www.jochenschiller.de) 1 Enablers of IP mobility g Mobile end systems

1.23k views • 66 slides
Log Log-Struct ctured Non-Vo Volatile Ma Main n Me Memory Qingda Hu*, Jinglei Ren, Anirudh

Log Log-Struct ctured Non-Vo Volatile Ma Main n Me Memory Qingda Hu*, Jinglei Ren, Anirudh

Log Log-Struct ctured Non-Vo Volatile Ma Main n Me Memory Qingda Hu*, Jinglei Ren, Anirudh Badam, Jiwu Shu* and Thomas Moscibroda *Tsinghua University , Microsoft Research No Non-vo volat atile memory is coming Data storage 3D

629 views • 26 slides
Data protection by means of fragmentation Summer school on real-world crypto and privacy

Data protection by means of fragmentation Summer school on real-world crypto and privacy

Data protection by means of fragmentation Summer school on real-world crypto and privacy Katarzyna KAPUSTA Self introduction PhD Student at Telecom ParisTech Universite Paris-Saclay Supervisor: Gerard MEMMI Subject: data fragmentation

285 views • 10 slides
Systems Infrastructure for Data Science Web Science Group Uni Freiburg WS 2012/13 Lecture

Systems Infrastructure for Data Science Web Science Group Uni Freiburg WS 2012/13 Lecture

Systems Infrastructure for Data Science Web Science Group Uni Freiburg WS 2012/13 Lecture VIII: Fragmentation Fragmentation Fragments should be subsets of database relations due to two main reasons: Access locality: Application views

849 views • 42 slides
Fragmented Data Routing Based on Exponentially Distributed Contacts in Delay Tolerant Networks

Fragmented Data Routing Based on Exponentially Distributed Contacts in Delay Tolerant Networks

UCLA ENGINEERING Computer Science Fragmented Data Routing Based on Exponentially Distributed Contacts in Delay Tolerant Networks Tuan Le, Qi Zhao, Mario Gerla Computer Science, UCLA {tuanle, qi.zhao, gerla}@cs.ucla.edu UCLA ENGINEERING

734 views • 17 slides

More recommend