Securing Named Data Networking routing using Decentralized Identifiers

2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR) Pub Date : 2021-06-07 DOI:10.1109/HPSR52026.2021.9481850

N. Fotiou, Y. Thomas, V. Siris, G. Xylomenos, G.C. Polyzos

{"title":"Securing Named Data Networking routing using Decentralized Identifiers","authors":"N. Fotiou, Y. Thomas, V. Siris, G. Xylomenos, G.C. Polyzos","doi":"10.1109/HPSR52026.2021.9481850","DOIUrl":null,"url":null,"abstract":"Named Data Networking (NDN) is a realization of the Information-Centric Networking (ICN) paradigm, where routing is based on content identifiers rather than on network location identifiers. The routing state in NDN can grow exponentially, not only due to the huge number of content identifiers (as opposed to network addresses) but also because it is difficult to detect \"fake\" routing advertisements. For example, in contrast to IP-based routing, a potentially valid routing entry in NDN can be advertised from multiple network locations, making NDN susceptible to Denial-of-Service attacks at the routing layer. In this paper, we leverage Decentralized Identifiers (DIDs) to build self-verifiable \"content advertisements.\" With our solution, any router can verify that a content advertisement originates from an \"authorized\" entity, without requiring any trusted third party. We implement our solution and we evaluate it in a scenario where filtering is implemented by the edge routers. We show that our solution reduces fake routing advertisements with minimal computational overhead.","PeriodicalId":158580,"journal":{"name":"2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HPSR52026.2021.9481850","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Named Data Networking (NDN) is a realization of the Information-Centric Networking (ICN) paradigm, where routing is based on content identifiers rather than on network location identifiers. The routing state in NDN can grow exponentially, not only due to the huge number of content identifiers (as opposed to network addresses) but also because it is difficult to detect "fake" routing advertisements. For example, in contrast to IP-based routing, a potentially valid routing entry in NDN can be advertised from multiple network locations, making NDN susceptible to Denial-of-Service attacks at the routing layer. In this paper, we leverage Decentralized Identifiers (DIDs) to build self-verifiable "content advertisements." With our solution, any router can verify that a content advertisement originates from an "authorized" entity, without requiring any trusted third party. We implement our solution and we evaluate it in a scenario where filtering is implemented by the edge routers. We show that our solution reduces fake routing advertisements with minimal computational overhead.

查看原文本刊更多论文

使用分散标识符保护命名数据网络路由

命名数据网络(NDN)是信息中心网络(ICN)范例的实现，其中路由基于内容标识符而不是网络位置标识符。NDN中的路由状态可以呈指数级增长，这不仅是因为大量的内容标识符(与网络地址相反)，还因为很难检测到“虚假”路由广告。例如，与基于ip的路由相比，NDN中潜在有效的路由条目可以从多个网络位置发布，这使得NDN容易受到路由层的拒绝服务攻击。在本文中，我们利用去中心化标识符(did)来构建可自我验证的“内容广告”。通过我们的解决方案，任何路由器都可以验证内容广告来自“授权”实体，而不需要任何可信的第三方。我们实现了我们的解决方案，并在由边缘路由器实现过滤的场景中对其进行了评估。我们证明了我们的解决方案以最小的计算开销减少了虚假路由广告。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR)

自引率

0.00%

发文量