Content-Centric and Named-Data Networking Security: The Good, The Bad and The Rest

Abstract

Named Data Networking and Content-Centric Networking (NDN and CCN, respectively) are closely related networking architectures which, unlike host-centric IP, emphasize content by explicitly naming it, and by making content names addressable and routable in the network. They support innetwork (router-side) content caching, thus facilitating efficient and scalable content distribution, for which IP is comparatively poorly suited. These architectures also include new network-layer security features, such as signed content. While avoiding certain security problems of today’s Internet, NDN and CCN trigger some new security and privacy issues. This paper overviews the security landscape of NDN/CCN, and focuses on two main areas of concern: (1) Interest Flooding Attacks, and (2)Producer, Consumer, and Content Privacy. We argue that, despite many attempts to fix these problems, they have not been fully addressed, and discuss the challenges that inhibit comprehensive solutions.