Mitigation of Fake Data Content Poisoning Attacks in NDN via Blockchain

Abstract

Information-centric networks struggle with content poisoning attacks (CPAs), especially their stronger form called Fake Data CPA, in which an intruder publisher uploads content signed with stolen credentials. Following an existing graph-infection based approach leveraging the constrained time when stolen credentials are useful, we design a blockchain-based mitigation scheme for Named Data Networking architectures. We postulate Proof-of-Time verification to distinguish between intruder and legitimate publishers, and argue that blockchain solutions can implement it natively. The proposed scheme, using the Federated Byzantine Agreement protocol, is described in detail and found to be a valuable alternative to the graph-infection approach, superior with respect to outcome determinism, resiliency, and fault tolerance.