Biblio

Named Data Networking (NDN) has been viewed as a promising future Internet architecture. It requires a new access control scheme to prevent the injection of unauthorized data request. In this paper, an access control supported by information service entity (ACISE) is proposed for NDN networks. A trust entity, named the information service entity (ISE), is deployed in each domain for the registration of the consumer and the edge router. The identity-based cryptography (IBC) is used to generate a private key for the authorized consumer at the ISE and to calculate a signature encapsulated in the Interest packet at the consumer. Therefore, the edge router could support the access control by the signature verification of the Interest packets so that no Interest packet from unauthorized consumer could be forwarded or replied. Moreover, shared keys are negotiated between authorized consumers and their edge routers. The subsequent Interest packets would be verified by the message authentication code (MAC) instead of the signature. The simulation results have shown that the ACISE scheme would achieve a similar response delay to the original NDN scheme when the NDN is under no attacks. However, the ACISE scheme is immune to the cache pollution attacks so that it could maintain a much smaller response delay compared to the other schemes when the NDN network is under the attacks.

NDN has been widely regarded as a promising representation and implementation of information- centric networking (ICN) and serves as a potential candidate for the future Internet architecture. However, the security of NDN is threatened by a significant safety hazard known as an IFA, which is an evolution of DoS and distributed DoS attacks on IP-based networks. The IFA attackers can create numerous malicious interest packets into a named data network to quickly exhaust the bandwidth of communication channels and cache capacity of NDN routers, thereby seriously affecting the routers' ability to receive and forward packets for normal users. Accurate detection of the IFAs is the most critical issue in the design of a countermeasure. To the best of our knowledge, the existing IFA countermeasures still have limitations in terms of detection accuracy, especially for rapidly volatile attacks. This article proposes a TC to detect the distributions of normal and malicious interest packets in the NDN routers to further identify the IFA. The trace back method is used to prevent further attempts. The simulation results show the efficiency of the TC for mitigating the IFAs and its advantages over other typical IFA countermeasures.

The future fifth-generation (5G) mobile communications system has already become a focus around the world. A large number of late-model services and applications including high definition visual communication, internet of vehicles, multimedia interaction, mobile industry automation, and etc, will be added to 5G network platform in the future. Different application services have different security requirements. However, the current user authentication for services and applications: Extensible Authentication Protocol (EAP) suggested by the 3GPP committee, is only a unitary authentication model, which is unable to meet the diversified security requirements of differentiated services. In this paper, we present a new diversified identity management as well as a flexible and composable three-factor authentication mechanism for different applications in 5G multi-service systems. The proposed scheme can provide four identity authentication methods for different security levels by easily splitting or assembling the proposed three-factor authentication mechanism. Without a design of several different authentication protocols, our proposed scheme can improve the efficiency, service of quality and reduce the complexity of the entire 5G multi-service system. Performance analysis results show that our proposed scheme can ensure the security with ideal efficiency.