Biblio

Named in-network computing is an emerging technology of Named Data Networking (NDN). Through deploying the named computing services/functions on NDN router, the router can utilize its free resources to provide nearby computation for users while relieving the pressure of cloud and network edge. Benefitted from the characteristic of named addressing, named computing services/functions can be easily discovered and migrated in the network. To implement named in-network computing, integrating the computing services as Virtual Machines (VMs) into the software router is a feasible way, but how to effectively deploy the service VMs to optimize the local processing capability is still a challenge. Focusing on this problem, we first give the design of NDN-enabled software router in this paper, then propose a service earning based named service deployment scheme (SE-NSD). For available service VMs, SE-NSD not only considers their popularities but further evaluates their service earnings (processed data amount per CPU cycle). Through modelling the deployment problem as the knapsack problem, SE-NSD determines the optimal service VMs deployment scheme. The simulation results show that, comparing with the popularity-based deployment scheme, SE-NSD can promote about 30% in-network computing capability while slightly reducing the service invoking RTT of user.

Name Data Networking (NDN) is a clean-slate network redesign that uses content names for routing and addressing. Facing the fact that TCP/IP is deeply entrenched in the current Internet architecture, NDN has made slow progress in industrial promotion. Meanwhile, new architectures represented by SDN, P4, etc., provide a flexible and programmable approach to network research. As a result, a centralized NDN routing mechanism is needed in the scenario for network integration between NDN and TCP/IP. Combining the NLSR protocol and the P4 environment, we introduce an efficient NDN routing mechanism that offers extensible NDN routing services (e.g., resources-location management and routing calculation) which can be programmed in the control plane. More precisely, the proposed mechanism allows the programmable switches to transmit NLSR packets to the control plane with the extended data plane. The NDN routing services are provided by control plane application which framework bases on resource-location mapping to achieve part of the NLSR mechanism. Experimental results show that the proposed mechanism can reduce the number of routing packets significantly, and introduce a slight overhead in the controller compared with NLSR simulation.

Vehicular networks have been considered as a hopeful technology to enhance road safety, which is a crossing area of Internet of Things (IoT) and Intelligent Transportation Systems (ITS). Current Internet architecture using the TCP/IP model and based on host-to-host is limited when it comes to vehicular communications which are characterized by high speed and dynamic topology. Thus, using Named Data Networking (NDN) in connected vehicles may tackle the issues faced with the TCP/IP model. In this paper, we investigate the security concerns of applying NDN in vehicular environments and discuss the remaining challenges in order to guide researchers in this field to choose their future research direction.

Modern vehicles equipped with a large number of electronic components, sensors, actuators, and extensive connectivity, are the classical example of cyber-physical systems (CPS). Communication as an integral part of the CPS has enabled and offered many value-added services for vehicular networks. The communication mechanism helps to share contents with all vehicular network nodes and the surrounding environment, e.g., vehicles, traffic lights, and smart road signs, to efficiently take informed and smart decisions. Thus, it opens the doors to many security threats and vulnerabilities. Traditional TCP/IP-based communication paradigm focuses on securing the communication channel instead of the contents that travel through the network. Nevertheless, for content-centered application, content security is more important than communication channel security. To this end, named data networking (NDN) is one of the future Internet architectures that puts the contents at the center of communication and offers embedded content security. In this paper, we first identify the cyberattacks and security challenges faced by the vehicular CPS (VCPS). Next, we propose the NDN-based cyber-resilient, the layered and modular architecture for VCPS. The architecture includes the NDN's forwarding daemon, threat aversion, detection, and resilience components. A detailed discussion about the functionality of each component is also presented. Furthermore, we discuss the future challenges faced by the integration of NDN with VCPS to realize NDN-based VCPS.

Named Data Networking, a future internet network architecture design that can change the network's perspective from previously host-centric to data-centric. It can reduce the network load, especially on the server part, and can provide advantages in multicast cases or re-sending of content data to users due to transmission errors. In NDN, interest messages are sent to the router, and if they are not immediately found, they will continue to be forwarded, resulting in a large load. NDNS or a DNS-Like Name Service for NDN is needed to know exactly where the content is to improve system performance. NDNS is a database that provides information about the zone location of the data contained in the network. In this study, a simulation was conducted to test the NDNS mechanism on the NDN network to support caching on the NDN network by testing various topologies with changes in the size of the content store and the number of nodes used. NDNS is outperform compared to NDN without NDNS for cache hit ratio and load parameters.

The Internet Transport Protocol (ITP) is introduced to support reliable end-to-end transport services in the IP Internet without the need for end-to-end connections, changes to the Internet routing infrastructure, or modifications to name-resolution services. Results from simulation experiments show that ITP outperforms the Transmission Control Protocol (TCP) and the Named Data Networking (NDN) architecture, which requires replacing the Internet Protocol (IP). In addition, ITP allows transparent content caching while enforcing privacy.

Named Data Networking (NDN) is a new kind of architecture for future Internet, which is exactly satisfied with the rapidly increasing mobile requirement and information-depended applications that dominate today's Internet. However, the current verification-data accessed system is not safe enough to prevent data leakage because no strongly method to resist any device or user to access it. We bring up a lightweight verification based on hash functions and a fine-grained access control based on Schnorr Signature to address the issue seamlessly. The proposed scheme is scalable and protect data confidentiality in a NDN network.

With the increasing diversity of application needs (datacenters, IoT, content retrieval, industrial automation, etc.), new network architectures are continually being proposed to address specific and particular requirements. From a network management perspective, it is both important and challenging to enable evolution towards such new architectures. Given the ubiquity of the Internet, a clean-slate change of the entire infrastructure to a new architecture is impractical. It is believed that we will see new network architectures coming into existence with support for interoperability between separate architectural islands. We may have servers, and more importantly, content, residing in domains having different architectures. This paper presents COIN, a content-oriented interoperability framework for current and future Internet architectures. We seek to provide seamless connectivity and content accessibility across multiple of these network architectures, including the current Internet. COIN preserves each domain's key architectural features and mechanisms, while allowing flexibility for evolvability and extensibility. We focus on Information-Centric Networks (ICN), the prominent class of Future Internet architectures. COIN avoids expanding domain-specific protocols or namespaces. Instead, it uses an application-layer Object Resolution Service to deliver the right "foreign" names to consumers. COIN uses translation gateways that retain essential interoperability state, leverages encryption for confidentiality, and relies on domain-specific signatures to guarantee provenance and data integrity. Using NDN and MobilityFirst as important candidate solutions of ICN, and IP, we evaluate COIN. Measurements from an implementation of the gateways show that the overhead is manageable and scales well.

Named Data Networking (NDN) uses the content name to enable content sharing in a network using Interest and Data messages. In essence, NDN supports communication through multiple interfaces, therefore, it is imperative to think of the interface that better meets the communication requirements of the application. The current interface ranking is based on single static metric such as minimum number of hops, maximum satisfaction rate, or minimum network delay. However, this ranking may adversely affect the network performance. To fill the gap, in this paper, we propose a new multi-metric robust interface ranking scheme that combines multiple metrics with different objective functions. Furthermore, we also introduce different forwarding modes to handle the forwarding decision according to the available ranked interfaces. Extensive simulation experiments demonstrate that the proposed scheme selects the best and suitable forwarding interface to deliver content.

Named Data Network's (NDN) data-centric approach makes it a suitable solution in a networking scenario where there are connectivity issues as a result of the dynamism of the network. Coupling of this ability with the blockchain's well-documented immutable trustworthy-distributed ledger feature, the union of blockchain and NDN in an Internet-of-Battlefield-Things (IoBT) setting could prove to be the ideal alliance that would guarantee data exchanged in an IoBT environment is trusted and less susceptible to cyber-attacks and packet losses. Various blockchain technologies, however, require that each node has a ledger that stores information or transactions in a chain of blocks. This poses an issue as nodes in an IoBT setting have varying computing and storage resources. Moreover, most of the nodes in the IoT/IoBT network are plagued with limited resources. As such, there needs to be an approach that ensures that the limited resources of these nodes are efficiently utilized. In this paper, we investigate an approach that merges blockchain and NDN to efficiently utilize the resources of these resource-constrained nodes by only storing relevant information on each node's ledger. Furthermore, we propose a sharding technique called an Interest Group and introduce a novel consensus mechanism called Proof of Common Interest. Performance of the proposed approach is evaluated using numerical results.

Named Data Networking (NDN) is a promising Internet architecture which is expected to solve some problems (e.g., security, mobility) of the current TCP/IP architecture. The basic concept of NDN is to use named data for routing instead of using location addresses like IP address. NDN natively supports consumer mobility, but producer mobility is still a challenge and there have been quite a few researches. Considering the Internet connection such as public transport vehicles, network mobility support in NDN is important, but it is still a challenge. That is the reason that this paper proposes an efficient network mobility support scheme in NDN in terms of signaling protocols and data retrieval.

For future Internet, information-centric networking (ICN) is considered a potential solution to many of its current problems, such as content distribution, mobility, and security. Named Data Networking (NDN) is a more popular ICN project. However, concern regarding the protection of user data persists. Information caching in NDN decouples content and content publishers, which leads to content security threats due to lack of secure controls. Therefore, this paper presents a CP-ABE (ciphertext policy attribute based encryption) access control scheme based on hash table and data segmentation (CHTDS). Based on data segmentation, CHTDS uses a method of linearly splitting fixed data blocks, which effectively improves data management. CHTDS also introduces CP-ABE mechanism and hash table data structure to ensure secure access control and privilege revocation does not need to re-encrypt the published content. The analysis results show that CHTDS can effectively realize the security and fine-grained access control in the NDN environment, and reduce communication overhead for content access.

Named Data Networking (NDN) is a new network architecture that has been projected as the future of internet architecture. Unlike the traditional internet approach which currently relies on client-server communication models to communicate each other, NDN relies on data as an entity. Hence the users only need the content and applications based on data naming, as there is no IP addresses needed. NDN is different than TCP/IP technology as NDN signs the data with Digital Signature to secure each data authenticity. Regarding huge number of uses on IP-based network, and the minimum number of NDN-based network implementation, the NDN-IP gateway are needed to map and forward the data from IP-based network to NDN-based network, and vice versa. These gateways are called Custom-Router Gateway in this study. The Custom-Router Gateway requires a new mechanism in conducting Digital Signature so that authenticity the data can be verified when it passes through the NDN-IP Custom-Router Gateway. This study propose a method to process the Digital Signature for the packet flows from IP-based network through NDN-based network. Future studies are needed to determine the impact of Digital Signature processing on the performance in forwarding the data from IP-based to NDN-based network and vice versa.

Nowadays network applications have more focus on content distribution which is hard to tackle in IP based Internet. Information Centric Network (ICN) have the ability to overcome this problem for various scenarios, specifically for Vehicular Ad Hoc Networks (VANETs). Conventional IP based system have issues like mobility management hence ICN solve this issue because data fetching is not dependent on a particular node or physical location. Many initial investigations have performed on an instance of ICN commonly known as Named Data Networking (NDN). However, NDN exposes the new type of security susceptibilities, poisoning cache attack, flooding Interest attack, and violation of privacy because the content in the network is called by the name. This paper focused on mitigation of Interest flooding attack by proposing new scheme, named Interest Flooding Attack Mitigation Scheme (IFAMS) in Vehicular Named Data Network (VNDN). Simulation results depict that proposed IFAMS scheme mitigates the Interest flooding attack in the network.

Statistics suggests, proceeding towards IoT generation, is increasing IoT devices at a drastic rate. This will be very challenging for our present-day network infrastructure to manage, this much of data. This may risk, both security and traffic collapsing. We have proposed an infrastructure with Fog Computing. The Fog layer consists two layers, using the concepts of Service oriented Architecture (SOA) and the Agent based composition model which ensures the traffic usage reduction. In order to have a robust and secured system, we have modified the Fog based agent model by replacing the SOA with secured Named Data Network (NDN) protocol. Knowing the fact that NDN has the caching layer, we are combining NDN and with Fog, as it can overcome the forwarding strategy limitation and memory constraints of NDN by the Agent Society, in the Middle layer along with Trust management.

Now-a-days Internet has become mostly content centric. Named Data Network (NDN) has emerged as a promising candidate to cope with the use of today's Internet. Several NDN features such as in-network caching, easier data forwarding, etc. in the routing method bring potential advantages over conventional networks. Despite the advantages, there are many challenges in NDN which are yet to be addressed. In this paper, we address two of such challenges in NDN routing: (1) Huge storage overhead in NDN router (2) High communication over-heads in the network during propagation of routing information updates. We propose changes in existing NDN routing with the aim to provide a low-overhead solution to these problems. Here instead of storing the Link State Data Base (LSDB) in all the routers, it is kept in selected special nodes only. The use of special nodes lowers down the overall storage and update overheads. We also provide supporting algorithms for data forwarding and update for grid network. The performance of the proposed method is evaluated in terms of storage and communication overheads. The results show the overheads are reduced by almost one third as compared to the existing routing method in NDN.

Now-a-days vehicular information network technology is receiving a lot of attention due to its practical as well as safety related applications. By using this technology, participating vehicles can communicate among themselves on the road in order to obtain any interested data or emergency information. In Vehicular Ad-Hoc Network (VANET), due to the fast speed of the vehicles, the traditional host centric approach (i.e. TCP/IP) fails to provide efficient and robust communication between large number of vehicles. Therefore, Named Data Network (NDN) newly proposed Internet architecture is applied in VANET, named as VNDN. In which, the vehicles can communicate with the help of content name rather than vehicle address. In this paper, we explored the concepts and identify the main packet forwarding issues in VNDN. Furthermore, we proposed a protocol, named Control of Useless Interests Flooding (CUIF) in Vehicular Named Data Network. In which, it provides the best and efficient communication environment to users while driving on the highway. CUIF scheme reduces the Interest forwarding storm over the network and control the flooding of useless packets against the direction of a Producer vehicle. Our simulation results show that CUIF scheme decreases the number of outgoing Interest packets as well as data download time in the network.

Today's IP and content distribution networks are unable to fulfill all data distribution and security requirements. The named data network (NDN) has emerged as a promising candidate to cope with the Internet usage of the 21st century. Although the NDN has many built-in security features, this survey reviews several pressing security issues and open research areas.

The Named Data Network (NDN) is a promising network paradigm for content distribution based on caching. However, it may put consumer privacy at risk, as the adversary may identify the content, the name and the signature (namely a certificate) through side-channel timing responses from the cache of the routers. The adversary may identify the content name and the consumer node by distinguishing between cached and un- cached contents. In order to mitigate the timing attack, effective countermeasure methods have been proposed by other authors, such as random caching, random freshness, and probabilistic caching. In this work, we have implemented a timing attack scenario to evaluate the efficiency of these countermeasures and to demonstrate how the adversary can be detected. For this goal, a brute force timing attack scenario based on a real topology was developed, which is the first brute force attack model applied in NDN. Results show that the adversary nodes can be effectively distinguished from other legitimate consumers during the attack period. It is also proposed a multi-level mechanism to detect an adversary node. Through this approach, the content distribution performance can be mitigated against the attack.

Network Function Virtualization (NFV) is a novel paradigm which enables the deployment of network functions on commodity hardware. As such, it also stands for a deployment en-abler for any novel networking function or networking paradigm such as Named Data Networking (NDN), the most promising solution relying on the Information-Centric Networking (ICN) paradigm. However, dedicated solutions for the security and performance orchestration of such an emerging paradigm are still lacking thus preventing its adoption by network operators. In this paper, we propose a first step toward a content-oriented orchestration whose purpose is to deploy, manage and secure an NDN virtual network. We present the way we leverage the TOSCA standard, using a crafted NDN oriented extension to enable the specification of both deployment and operational behavior requirements of NDN services. We also highlight NDN-related security and performance policies to produce counter-measures against anomalies that can either come from attacks or performance incidents.

Mobile military networks are uniquely challenging to build and maintain, because of their wireless nature and the unfriendliness of the environment, resulting in unreliable and capacity limited performance. Currently, most tactical networks implement TCP/IP, which was designed for fairly stable, infrastructure-based environments, and requires sophisticated and often application-specific extensions to address the challenges of the communication scenario. Information Centric Networking (ICN) is a clean slate networking approach that does not depend on stable connections to retrieve information and naturally provides support for node mobility and delay/disruption tolerant communications - as a result it is particularly interesting for tactical applications. However, despite ICN seems to offer some structural benefits for tactical environments over TCP/IP, a number of challenges including naming, security, performance tuning, etc., still need to be addressed for practical adoption. This document, prepared within NATO IST-161 RTG, evaluates the effectiveness of Named Data Networking (NDN), the de facto standard implementation of ICN, in the context of tactical edge networks and its potential for adoption.

In-network caching is a feature shared by all proposed Information Centric Networking (ICN) architectures as it is critical to achieving a more efficient retrieval of content. However, the default "cache everything everywhere" universal caching scheme has caused the emergence of several privacy threats. Timing attacks are one such privacy breach where attackers can probe caches and use timing analysis of data retrievals to identify if content was retrieved from the data source or from the cache, the latter case inferring that this content was requested recently. We have previously proposed a betweenness centrality based caching strategy to mitigate such attacks by increasing user anonymity. We demonstrated its efficacy in a transit-stub topology. In this paper, we further investigate the effect of betweenness centrality based caching on cache privacy and user anonymity in more general synthetic and real world Internet topologies. It was also shown that an attacker with access to multiple compromised routers can locate and track a mobile user by carrying out multiple timing analysis attacks from various parts of the network. We extend our privacy evaluation to a scenario with mobile users and show that a betweenness centrality based caching policy provides a mobile user with path privacy by increasing an attacker's difficulty in locating a moving user or identifying his/her route.

The Named Data Networking (NDN) architecture provides simple solutions to the communication needs of Internet of Things (IoT) in terms of ease-of-use, security, and content delivery. To utilize the desirable properties of NDN architecture in IoT scenarios, we are working to provide an integrated framework, dubbed NDNoT, to support IoT over NDN. NDNoT provides solutions to auto configuration, service discovery, data-centric security, content delivery, and other needs of IoT application developers. Utilizing NDN naming conventions, NDNoT aims to create an open environment where IoT applications and different services can easily cooperate and work together. This poster introduces the basic components of our framework and explains how these components function together.

Secure deployment of a vehicular network depends on the network's trust establishment and privacy-preserving capability. In this paper, we propose a scheme for anonymous pseudonym-renewal and pseudonymous authentication for vehicular ad-hoc networks over a data-centric Internet architecture called Named Data networking (NDN). We incorporated our design in a traffic information sharing demo application and deployed it on Raspberry Pi-based miniature cars for evaluation.

Named Data Networking (NDN) is a new network architecture design that led to the evolution of a network architecture based on data-centric. Questions have been raised about how to compare its performance with the old architecture such as IP network which is generally based on Internet Protocol version 4 (IPv4). Differs with the old one, source and destination addresses in the delivery of data are not required on the NDN network because the addresses function is replaced by a data name (Name) which serves to identify the data uniquely. In a computer network, a network routing is an essential factor to support data communication. The network routing on IP network relies only on Routing Information Base (RIB) derived from the IP table on the router. So that, if there is a problem on the network such as there is one node exposed to a dangerous attack, the IP router should wait until the IP table is updated, and then the routing channel is changed. The issue of how to change the routing path without updating IP table has received considerable critical attention. The NDN network has an advantage such as its capability to execute an adaptive forwarding mechanism, which FIB (Forwarding Information Base) of the NDN router keeps information for routing and forwarding planes. Therefore, if there is a problem on the network, the NDN router can detect the problem more quickly than the IP router. The contribution of this study is important to explain the benefit of the forwarding mechanism of the NDN network compared to the IP network forwarding mechanism when there is a node which is suffered a hijack attack.