secure producer mobility in information centric network
play

Secure producer mobility in information-centric network Alberto - PowerPoint PPT Presentation

Oct 20, 2023 •152 likes •423 views

Secure producer mobility in information-centric network Alberto Compagno, Xuan Zeng, Luca Muscariello, Giovanna Carofiglio, Jordan Auge Cisco, SystemX,UPMC September 25, 2017 1 Mobility in 5G 5G requirements on mobility: Seamless (low

  1. Secure producer mobility in information-centric network Alberto Compagno, Xuan Zeng, Luca Muscariello, Giovanna Carofiglio, Jordan Auge Cisco, SystemX,UPMC September 25, 2017 1

  2. Mobility in 5G § 5G requirements on mobility: § Seamless (low latency, packet loss, etc) § Continuity over dense & heterogeneous access (LTE, wifi) § Calls for new and effective mobility solutions 2

  3. Support mobility in ICN § Consumer mobility ->naturally supported § Producer mobility -> challenging § Tracing-based approach(kite, Mapme), promising: § Meet 5G requirements: low latency, loss, network head Security consideration are inadequate § 3

  4. How does trace-based solution work? § Producer updates forwarding states(PIT or FIB) of a subset of routers Interest update(IU) R2 Interest flow R3 R4 producer FIB direction R1 4

  5. How does trace-based solution work? § Producer updates forwarding states(PIT or FIB) of a subset of routers producer R2 Interest flow R3 R4 FIB direction R1 5

  6. trace-based solution: prefix hijacking attack Q:what if IU is from attacker? Interest update producer Interest update R2 Interest flow R3 R4 FIB direction R1 6

  7. trace-based solution: prefix hijacking attack producer pollute cache! black-holed! R2 Interest privacy flow R3 R4 FIB direction R1 7

  8. Challenges to protect trace-based approach from prefix hijacking? 8

  9. Challenges to prevent prefix hijacking (1/2) 1. Distributed Interest update producer 2. Lightweight 9

  10. Challenges to prevent prefix hijacking (2/2) 3. Deal with an attacker that can compromise edge routers May allow to R2 generate valid IU R3 R4 FIB direction R1 10

  11. Existing approaches § Signature based approach: § Expensive for hardware at network access § See evaluation section later § Session key based approach: § CellularIP and telemIP: shared network key stolen compromises whole network 11

  12. Our prefix attestation protocol? 12

  13. Prefix attestation protocol: high level view § Only entitled producer can generate valid interest updates § Distribute minimal crypto info to network § We call this crypto info security context § Validate IU locally Sec.context Registration server Sec.context Sec.context Sec.context producer Registration 13

  14. Prefix attestation protocol: high level view § Only entitled producer can generate valid interest updates § Distribute minimal crypto info to network § We call this crypto info security context § Validate IU locally Sec.context Registration server Sec.context Sec.context Sec.context IU producer 14

  15. How to design security context? 15

  16. Security context requirements § Allow fast validation -> crypto hash § Allow to validate but not generate genuine IU, -> hash chain Prevent attacker R2 generating valid IU R3 R4 FIB direction R1 16

  17. Security context using hash chain § hash chain(originally by Lamport) 1 st authen. A authenticates to B: B: H n (s) H n-1 (s) A Hash matches, OK 17

  18. Security context using hash chain § hash chain(originally by Lamport) 2 nd authen. A authenticates to B: B: H n-1 (s) H n-2 (s) A Hash matches again, OK 18

  19. prefix attestation protocol: leveraging hash chain § Producer: ith IU, send with H n-i (s) H n-i (s) producer Sec.context Sec.context H n-2 (s) Sec.context prefix seq. No sec. context H n-1 (s)producer /p 0 H n (s p ) Sec.context 19

  20. Evaluation? 20

  21. Evaluation: computation overhead !"# Analytical model: goodput = !"# ∗% &'()*++ ,#∗% -*'./0 η = fraction of interest update(%) 21

  22. Evaluation: computation overhead § Optimal case: no verification on interest update § Goodput decreases anyway as IU take up resources 22

  23. Evaluation: computation overhead § Signature verification § Goodput drops to 0 with small percent of IU(3%) 23

  24. Evaluation: computation overhead § Hash chain: one hash per IU verification § Maintains 90% of optimal goodput (low overhead) 24

  25. Evaluation: computation overhead § Hash chain: many hashes per IU verification § By ~200 hashes , similar results w.r.t signature verification. 25

  26. Evaluation: storage overhead § Storage overhead vs No. of mobile producers § Hash chain: 50MB per router needed for Millions of Mobiles. More scalable. 26

  27. Conclusion & future work § We propose an attestation protocol to secure trace-based producer mobility in ICN: § Initial results confirm it’s light weight § Run unchanged over different hardware § Future work: Evaluation on real hardware and workload § § Exploit routing to refresh sec. context. Thanks! xuan.zeng@irt-system.fr 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SLICT: Secure Localized Information Centric Things Marcel Enguehard, Ralph Droms, Dario Rossi 26

SLICT: Secure Localized Information Centric Things Marcel Enguehard, Ralph Droms, Dario Rossi 26

SLICT: Secure Localized Information Centric Things Marcel Enguehard, Ralph Droms, Dario Rossi 26 September 2016 Workshop on Information Centric Networking for 5G, Kyoto, 2016 Can we securely deploy geographic forwarding on Information Centric

340 views • 21 slides
Information Centric Networking(ICN) for Delivering Big Data with Persistent Identifiers(PID)

Information Centric Networking(ICN) for Delivering Big Data with Persistent Identifiers(PID)

Information Centric Networking(ICN) for Delivering Big Data with Persistent Identifiers(PID) Andreas Karakannas Research Project 2 Supervised by: Zhiming Zhao Background PIDs in IP Network Information Centric Networking A new network

696 views • 34 slides
The Case for a Unified Extensible Data-centric Mobility Infrastructure Data-centric Mobility

The Case for a Unified Extensible Data-centric Mobility Infrastructure Data-centric Mobility

The Case for a Unified Extensible Data-centric Mobility Infrastructure Data-centric Mobility Infrastructure Yun Mao, Boon Thau Loo Zachary Ives Jonathan M Smith Zachary Ives, Jonathan M. Smith University of Pennsylvania Aug 27 2007 Aug 27,

736 views • 29 slides
A Conceptual Framework for Network Centric Warfare Workshop on Network Centric Warfare and

A Conceptual Framework for Network Centric Warfare Workshop on Network Centric Warfare and

OFT ASDC3I A Conceptual Framework for Network Centric Warfare Workshop on Network Centric Warfare and Network Enabled Capabilities December 17-19, 2002 Ongoing Research Sponsored by OFT and ASD(C3I) EBR RAND OFT ASDC3I Agenda

1.39k views • 107 slides
Application-Specific Secure Gathering of Consumer Preferences and Feedback in Information-Centric

Application-Specific Secure Gathering of Consumer Preferences and Feedback in Information-Centric

Application-Specific Secure Gathering of Consumer Preferences and Feedback in Information-Centric Networks Reza Tourani, Satyajayant (Jay) Misra, Travis Mick Computer Science Department New Mexico State University New Mexico State University,

601 views • 27 slides
KITE: Producer Mobility Support in Named Data Networking Yu Zhang 1 , Zhongda Xia 1 , Spyridon

KITE: Producer Mobility Support in Named Data Networking Yu Zhang 1 , Zhongda Xia 1 , Spyridon

KITE: Producer Mobility Support in Named Data Networking Yu Zhang 1 , Zhongda Xia 1 , Spyridon Mastorakis 2 , Lixia Zhang 2 1 Harbin Institute of Technology 2 UCLA NDN Mobility Support Consumer mobility is natively supported pull-based

396 views • 37 slides
SAIL Project: Value Network Configurations in Information-centric Networking Tapio Lev

SAIL Project: Value Network Configurations in Information-centric Networking Tapio Lev

SAIL Project: Value Network Configurations in Information-centric Networking Tapio Lev (tapio.leva@aalto.fi) Aalto University SCALABLE & ADAPTIVE INTERNET SOLUTIONS 31.1.2012 1 Put information about confidentiality here SAIL Project

428 views • 19 slides
Content-peering Dynamics of Autonomous Caches in a Content-centric Network Valentino Pacifici,

Content-peering Dynamics of Autonomous Caches in a Content-centric Network Valentino Pacifici,

Introduction Model Perfect Information Imperfect Information Conclusions Content-peering Dynamics of Autonomous Caches in a Content-centric Network Valentino Pacifici, Gy orgy D an Laboratory for Communication Networks School of

531 views • 35 slides
Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio

Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio

Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio Martinelli CNR Raul Riesco Granadino INCIBE (Chairs) NIS Platform WG3 Secure ICT Research & Innovation Outline WG3 Main deliverables

392 views • 17 slides
Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications Dominic Tarr (SSB, New Zealand) Erick Lavoie (McGill University, Montreal) Aljoscha Meyer (TU Berlin, Germany) Christian Tschudin (U of

501 views • 18 slides
Network Mobility Thierry Ernst Keio University ernst@sfc.wide.ad.jp 1 Thierry Ernst -

Network Mobility Thierry Ernst Keio University ernst@sfc.wide.ad.jp 1 Thierry Ernst -

Network Mobility Thierry Ernst Keio University ernst@sfc.wide.ad.jp 1 Thierry Ernst - Nautilus6.org - September 2004 IP-layer Mobility: Host Mobility and Network Mobility Address Requirements for IPv6 nodes: Must be topologically correct

678 views • 41 slides
Ubiquitous Inference of Mobility State of Human Custodian in People-Centric Context Sensing

Ubiquitous Inference of Mobility State of Human Custodian in People-Centric Context Sensing

Ubiquitous Inference of Mobility State of Human Custodian in People-Centric Context Sensing Mattia Gustarini, Katarzyna Wac Institute of Services Science Quality of Life Group FACULTY OF ECONOMIC AND SOCIAL SCIENCES Department of Management

639 views • 35 slides
in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network

in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network

Open Charging Cloud Security and Privacy in the current e-mobility charging infrastructure Where? When? How to pay? E-Mobility Network Architecture e-Mobility Energy Provider 1 Provider Charging (Mobile) Station Charging Internet

563 views • 39 slides
MobilityFirst : A Robust and Trustworthy Mobility-Centric Architecture for the Future Internet

MobilityFirst : A Robust and Trustworthy Mobility-Centric Architecture for the Future Internet

MobilityFirst : A Robust and Trustworthy Mobility-Centric Architecture for the Future Internet NSF FIA Meeting Nov 15-16, 2010 MobilityFirst Project Team Contact: D. Raychaudhuri ray@winlab.rutgers.edu MobilityFirst Project: Collaborating

493 views • 33 slides
Application Centric Infrastructure (ACI) The Cisco Application Centric Infrastructure (ACI) allows

Application Centric Infrastructure (ACI) The Cisco Application Centric Infrastructure (ACI) allows

Application Centric Infrastructure (ACI) The Cisco Application Centric Infrastructure (ACI) allows application requirements to dene the network. This architecture simplies, optimizes, and accelerates the entire application deployment life

1.48k views • 130 slides
A Secure, Publisher-Centric Web Caching Infrastructure Andy Myers, John Chuang, Urs Hengartner,

A Secure, Publisher-Centric Web Caching Infrastructure Andy Myers, John Chuang, Urs Hengartner,

A Secure, Publisher-Centric Web Caching Infrastructure Andy Myers, John Chuang, Urs Hengartner, Yinglian Xie, Weiqiang Zhuang, Hui Zhang Infocom 2001 Caching Cache Server Clients 30-40% reduction in bandwidth at ISP Reduced waiting

587 views • 26 slides
http://www.open-mpi.org/ Graham Fagg, University of Tennessee Technical Contributors

http://www.open-mpi.org/ Graham Fagg, University of Tennessee Technical Contributors

Open MPI Mini-Talks Introduction and Overview Jeff Squyres, Indiana University Open MPI Advanced Point-to-Point Architecture Join the Revolution Tim Woodall, Los Alamos National Lab Datatypes, Fault Tolerance and Other

309 views • 14 slides
The MESUR project. Johan Bollen (IU): Principal investigator Herbert Van de Sompel (LANL):

The MESUR project. Johan Bollen (IU): Principal investigator Herbert Van de Sompel (LANL):

The MESUR project. Johan Bollen (IU): Principal investigator Herbert Van de Sompel (LANL): Architectural consultant Marko Rodriguez (LANL): PhD student (Computer Science, UCSC) Ryan Chute (LANL): Software development and database management

171 views • 15 slides
Multiple Sequence Alignment Sequences > Yeast YOR020c > Crypthecodinium cohnii

Multiple Sequence Alignment Sequences > Yeast YOR020c > Crypthecodinium cohnii

Multiple Sequence Alignment Sequences > Yeast YOR020c > Crypthecodinium cohnii mstllksaksivplmdrvlvqrikaqaktasglylpe matgiakrftplldrvlvqrlkpeaktasglflpesa knveklnqaevvavgpgftdangnkvvpqvkvgdqvl akapnyatvlavgpggrtrdgdilpmnvkvgdkvvvp

342 views • 31 slides
Intrusion Detection Systems (IDS) John Kristoff jtk@depaul.edu +1 312 3625878 DePaul

Intrusion Detection Systems (IDS) John Kristoff jtk@depaul.edu +1 312 3625878 DePaul

Intrusion Detection Systems (IDS) John Kristoff jtk@depaul.edu +1 312 3625878 DePaul University Chicago, IL 60604 IDS Colloquium 2001 John Kristoff DePaul University 1 Why IDS? Interesting, but immature

155 views • 14 slides
An Algebraic Approach to XQuery View Maintenance J. Nathan Foster (Penn) Ravi Konuru (IBM) J

An Algebraic Approach to XQuery View Maintenance J. Nathan Foster (Penn) Ravi Konuru (IBM) J

An Algebraic Approach to XQuery View Maintenance J. Nathan Foster (Penn) Ravi Konuru (IBM) J er ome Sim eon (IBM) Lionel Villard (IBM) Query Source View PLAN-X 08 View Source Update Update Update Translation Quick! 1 + 2

734 views • 38 slides
Implicitization of tensor product surfaces in the presence of a generic set of basepoints Eliana

Implicitization of tensor product surfaces in the presence of a generic set of basepoints Eliana

Implicitization of tensor product surfaces in the presence of a generic set of basepoints Eliana Duarte University of Illinois Urbana-Champaign April 16, 2016 Eliana Duarte (UIUC) Implicitization April 16, 2016 1 / 16 1 Motivation 2

166 views • 16 slides
Chapter 2: Analysis of univariate data Objective: Show how graphics and numerical measures can be

Chapter 2: Analysis of univariate data Objective: Show how graphics and numerical measures can be

Introduction to Statistics Chapter 2: Analysis of univariate data Objective: Show how graphics and numerical measures can be used to summarise the main features of a data set. Outline: Frequency tables. Graphical methods for

618 views • 32 slides
Efficient valuation of exotic derivatives Valuation Examples of in L evy models payoff

Efficient valuation of exotic derivatives Valuation Examples of in L evy models payoff

The model Efficient valuation of exotic derivatives Valuation Examples of in L evy models payoff functions L evy processes Ernst Eberlein and Antonis Papapantoleon Non-path- dependent options Department of Mathematical Stochastics

546 views • 31 slides

More recommend