Visible to the public Biblio

Filters: Keyword is ICN  [Clear All Filters]
2023-08-25
Clark, Nicholas K..  2022.  Enhancing an Information-Centric Network of Things at the Internet Edge with Trust-Based Access Control. 2022 IEEE 8th World Forum on Internet of Things (WF-IoT). :1–6.
This work expands on our prior work on an architecture and supporting protocols to efficiently integrate constrained devices into an Information-Centric Network-based Internet of Things in a way that is both secure and scalable. In this work, we propose a scheme for addressing additional threats and integrating trust-based behavioral observations and attribute-based access control by leveraging the capabilities of less constrained coordinating nodes at the network edge close to IoT devices. These coordinating devices have better insight into the behavior of their constituent devices and access to a trusted overall security management cloud service. We leverage two modules, the security manager (SM) and trust manager (TM). The former provides data confidentiality, integrity, authentication, and authorization, while the latter analyzes the nodes' behavior using a trust model factoring in a set of service and network communication attributes. The trust model allows trust to be integrated into the SM's access control policies, allowing access to resources to be restricted to trusted nodes.
2022-07-01
Yin, Jinyu, Jiang, Li, Zhang, Xinggong, Liu, Bin.  2021.  INTCP: Information-centric TCP for Satellite Network. 2021 4th International Conference on Hot Information-Centric Networking (HotICN). :86—91.
Satellite networks are booming to provide high-speed and low latency Internet access, but the transport layer becomes one of the main obstacles. Legacy end-to-end TCP is designed for terrestrial networks, not suitable for error-prone, propagation delay varying, and intermittent satellite links. It is necessary to make a clean-slate design for the satellite transport layer. This paper introduces a novel Information-centric Hop-by-Hop transport layer design, INTCP. It carries out hop-by-hop packets retransmission and hop-by-hop congestion control with the help of cache and request-response model. Hop-by-hop retransmission recovers lost packets on hop, reduces retransmission delay. INTCP controls traffic and congestion also by hop. Each hop tries its best to maximize its bandwidth utilization and improves end-to-end throughput. The capability of caching enables asynchronous multicast in transport layer. This would save precious spectrum resources in the satellite network. The performance of INTCP is evaluated with the simulated Starlink constellation. Long-distance communication with more than 1000km is carried out. The results demonstrate that, for the unicast scenario INTCP could reduce 42% one-way delay, 53% delay jitters, and improve 60% throughput compared with the legacy TCP. In multicast scenario, INTCP could achieve more than 6X throughput.
Ciko, Kristjon, Welzl, Michael, Teymoori, Peyman.  2021.  PEP-DNA: A Performance Enhancing Proxy for Deploying Network Architectures. 2021 IEEE 29th International Conference on Network Protocols (ICNP). :1—6.
Deploying a new network architecture in the Internet requires changing some, but not necessarily all elements between communicating applications. One way to achieve gradual deployment is a proxy or gateway which "translates" between the new architecture and TCP/IP. We present such a proxy, called "Performance Enhancing Proxy for Deploying Network Architectures (PEP-DNA)", which allows TCP/IP applications to benefit from advanced features of a new network architecture without having to be redeveloped. Our proxy is a kernel-based Linux implementation which can be installed wherever a translation needs to occur between a new architecture and TCP/IP domains. We discuss the proxy operation in detail and evaluate its efficiency and performance in a local testbed, demonstrating that it achieves high throughput with low additional latency overhead. In our experiments, we use the Recursive InterNetwork Architecture (RINA) and Information-Centric Networking (ICN) as examples, but our proxy is modular and flexible, and hence enables realistic gradual deployment of any new "clean-slate" approaches.
2022-06-09
Sabir, Zakaria, Amine, Aouatif.  2021.  Connected Vehicles using NDN: Security Concerns and Remaining Challenges. 2021 7th International Conference on Optimization and Applications (ICOA). :1–6.
Vehicular networks have been considered as a hopeful technology to enhance road safety, which is a crossing area of Internet of Things (IoT) and Intelligent Transportation Systems (ITS). Current Internet architecture using the TCP/IP model and based on host-to-host is limited when it comes to vehicular communications which are characterized by high speed and dynamic topology. Thus, using Named Data Networking (NDN) in connected vehicles may tackle the issues faced with the TCP/IP model. In this paper, we investigate the security concerns of applying NDN in vehicular environments and discuss the remaining challenges in order to guide researchers in this field to choose their future research direction.
2022-05-24
Fazea, Yousef, Mohammed, Fathey.  2021.  Software Defined Networking based Information Centric Networking: An Overview of Approaches and Challenges. 2021 International Congress of Advanced Technology and Engineering (ICOTEN). :1–8.
ICN (Information-Centric Networking) is a traditional networking approach which focuses on Internet design, while SDN (Software Defined Networking) is known as a speedy and flexible networking approach. Integrating these two approaches can solve different kinds of traditional networking problems. On the other hand, it may expose new challenges. In this paper, we study how these two networking approaches are been combined to form SDN-based ICN architecture to improve network administration. Recent research is explored to identify the SDN-based ICN challenges, provide a critical analysis of the current integration approaches, and determine open issues for further research.
2021-04-08
Yamaguchi, A., Mizuno, O..  2020.  Reducing Processing Delay and Node Load Using Push-Based Information-Centric Networking. 2020 3rd World Symposium on Communication Engineering (WSCE). :59–63.
Information-Centric Networking (ICN) is attracting attention as a content distribution method against increasing network traffic. Content distribution in ICN adopts a pull-type communication method that returns data to Interest. However, in this case, the push-type communication method is advantageous. Therefore, the authors have proposed a method in which a server pushes content to reduce the node load in an environment where a large amount of Interest to specific content occurs in a short time. In this paper, we analyze the packet processing delay time with and without the proposed method in an environment where a router processes a large number of packets using a simulator. Simulation results show that the proposed method can reduce packet processing delay time and node load.
Yang, Z., Li, X., Wei, L., Zhang, C., Gu, C..  2020.  SGX-ICN: A Secure and Privacy-Preserving Information-Centric Networking with SGX Enclaves. 2020 3rd International Conference on Hot Information-Centric Networking (HotICN). :142–147.
As the next-generation network architecture, Information-Centric Networking (ICN) has emerged as a novel paradigm to cope with the increasing demand for content delivery on the Internet. In contrast to the conventional host-centric architectures, ICN focuses on content retrieval based on their name rather than their storage location. However, ICN is vulnerable to various security and privacy attacks due to the inherent attributes of the ICN architectures. For example, a curious ICN node can monitor the network traffic to reveal the sensitive data issued by specific users. Hence, further research on privacy protection for ICN is needed. This paper presents a practical approach to effectively enhancing the security and privacy of ICN by utilizing Intel SGX, a commodity trusted execution environment. The main idea is to leverage secure enclaves residing on ICN nodes to do computations on sensitive data. Performance evaluations on the real-world datasets demonstrate the efficiency of the proposed scheme. Moreover, our scheme outperforms the cryptography based method.
Lin, X., Zhang, Z., Chen, M., Sun, Y., Li, Y., Liu, M., Wang, Y., Liu, M..  2020.  GDGCA: A Gene Driven Cache Scheduling Algorithm in Information-Centric Network. 2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE). :167–172.
The disadvantages and inextensibility of the traditional network require more novel thoughts for the future network architecture, as for ICN (Information-Centric Network), is an information centered and self-caching network, ICN is deeply rooted in the 5G era, of which concept is user-centered and content-centered. Although the ICN enables cache replacement of content, an information distribution scheduling algorithm is still needed to allocate resources properly due to its limited cache capacity. This paper starts with data popularity, information epilepsy and other data related attributes in the ICN environment. Then it analyzes the factors affecting the cache, proposes the concept and calculation method of Gene value. Since the ICN is still in a theoretical state, this paper describes an ICN scenario that is close to the reality and processes a greedy caching algorithm named GDGCA (Gene Driven Greedy Caching Algorithm). The GDGCA tries to design an optimal simulation model, which based on the thoughts of throughput balance and satisfaction degree (SSD), then compares with the regular distributed scheduling algorithm in related research fields, such as the QoE indexes and satisfaction degree under different Poisson data volumes and cycles, the final simulation results prove that GDGCA has better performance in cache scheduling of ICN edge router, especially with the aid of Information Gene value.
Deng, L., Luo, J., Zhou, J., Wang, J..  2020.  Identity-based Secret Sharing Access Control Framework for Information-Centric Networking. 2020 IEEE/CIC International Conference on Communications in China (ICCC). :507–511.
Information-centric networking (ICN) has played an increasingly important role in the next generation network design. However, to make better use of request-response communication mode in the ICN network, revoke user privileges more efficiently and protect user privacy more safely, an effective access control mechanism is needed. In this paper, we propose IBSS (identity-based secret sharing), which achieves efficient content distribution by using improved Shamir's secret sharing method. At the same time, collusion attacks are avoided by associating polynomials' degree with the number of users. When authenticating user identity and transmitting content, IBE and IBS are introduced to achieve more efficient and secure identity encryption. From the experimental results, the scheme only introduces an acceptable delay in file retrieval, and it can request follow-up content very efficiently.
Dinh, N., Tran, M., Park, Y., Kim, Y..  2020.  An Information-centric NFV-based System Implementation for Disaster Management Services. 2020 International Conference on Information Networking (ICOIN). :807–810.
When disasters occur, they not only affect the human life. Therefore, communication in disaster management is very important. During the disaster recovery phase, the network infrastructure may be partially fragmented and mobile rescue operations may involve many teams with different roles which can dynamically change. Therefore, disaster management services require high flexibility both in terms of network infrastructure management and rescue group communication. Existing studies have shown that IP-based or traditional telephony solutions are not well-suited to deal with such flexible group communication and network management due to their connection-oriented communication, no built-in support for mobile devices, and no mechanism for network fragmentation. Recent studies show that information-centric networking offers scalable and flexible communication based on its name-based interest-oriented communication approach. However, considering the difficulty of deploying a new service on the existing network, the programmability and virtualization of the network are required. This paper presents our implementation of an information-centric disaster management system based on network function virtualization (vICSNF). We show a proof-of-concept system with a case study for Seoul disaster management services. The system achieves flexibility both in terms of network infrastructure management and rescue group communication. Obtained testbed results show that vICSNF achieves a low communication overhead compared to the IP-based approach and the auto-configuration of vICSNFs enables the quick deployment for disaster management services in disaster scenarios.
Nasir, N. A., Jeong, S.-H..  2020.  Testbed-based Performance Evaluation of the Information-Centric Network. 2020 International Conference on Information and Communication Technology Convergence (ICTC). :166–169.
Proliferation of the Internet usage is rapidly increasing, and it is necessary to support the performance requirements for multimedia applications, including lower latency, improved security, faster content retrieval, and adjustability to the traffic load. Nevertheless, because the current Internet architecture is a host-oriented one, it often fails to support the necessary demands such as fast content delivery. A promising networking paradigm called Information-Centric Networking (ICN) focuses on the name of the content itself rather than the location of that content. A distinguished alternative to this ICN concept is Content-Centric Networking (CCN) that exploits more of the performance requirements by using in-network caching and outperforms the current Internet in terms of content transfer time, traffic load control, mobility support, and efficient network management. In this paper, instead of using the saturated method of validating a theory by simulation, we present a testbed-based performance evaluation of the ICN network. We used several new functions of the proposed testbed to improve the performance of the basic CCN. In this paper, we also show that the proposed testbed architecture performs better in terms of content delivery time compared to the basic CCN architecture through graphical results.
2021-03-16
Netalkar, P. P., Maheshwari, S., Raychaudhuri, D..  2020.  Evaluation of Network Assisted Handoffs in Heterogeneous Networks. 2020 29th International Conference on Computer Communications and Networks (ICCCN). :1—9.

This paper describes a novel distributed mobility management (DMM) scheme for the "named-object" information centric network (ICN) architecture in which the routers forward data based on unique identifiers which are dynamically mapped to the current network addresses of a device. The work proposes and evaluates two specific handover schemes namely, hard handoff with rebinding and soft handoff with multihoming intended to provide seamless data transfer with improved throughput during handovers. The evaluation of the proposed handover schemes using system simulation along with proof-of-concept implementation in ORBIT testbed is described. The proposed handoff and scheduling throughput gains are 12.5% and 44% respectively over multiple interfaces when compared to traditional IP network with equal share split scheme. The handover performance with respect to RTT and throughput demonstrate the benefits of clean slate network architecture for beyond 5G networks.

Jahanian, M., Chen, J., Ramakrishnan, K. K..  2020.  Managing the Evolution to Future Internet Architectures and Seamless Interoperation. 2020 29th International Conference on Computer Communications and Networks (ICCCN). :1—11.

With the increasing diversity of application needs (datacenters, IoT, content retrieval, industrial automation, etc.), new network architectures are continually being proposed to address specific and particular requirements. From a network management perspective, it is both important and challenging to enable evolution towards such new architectures. Given the ubiquity of the Internet, a clean-slate change of the entire infrastructure to a new architecture is impractical. It is believed that we will see new network architectures coming into existence with support for interoperability between separate architectural islands. We may have servers, and more importantly, content, residing in domains having different architectures. This paper presents COIN, a content-oriented interoperability framework for current and future Internet architectures. We seek to provide seamless connectivity and content accessibility across multiple of these network architectures, including the current Internet. COIN preserves each domain's key architectural features and mechanisms, while allowing flexibility for evolvability and extensibility. We focus on Information-Centric Networks (ICN), the prominent class of Future Internet architectures. COIN avoids expanding domain-specific protocols or namespaces. Instead, it uses an application-layer Object Resolution Service to deliver the right "foreign" names to consumers. COIN uses translation gateways that retain essential interoperability state, leverages encryption for confidentiality, and relies on domain-specific signatures to guarantee provenance and data integrity. Using NDN and MobilityFirst as important candidate solutions of ICN, and IP, we evaluate COIN. Measurements from an implementation of the gateways show that the overhead is manageable and scales well.

2021-02-22
Gündoğan, C., Amsüss, C., Schmidt, T. C., Wählisch, M..  2020.  IoT Content Object Security with OSCORE and NDN: A First Experimental Comparison. 2020 IFIP Networking Conference (Networking). :19–27.
The emerging Internet of Things (IoT) challenges the end-to-end transport of the Internet by low power lossy links and gateways that perform protocol translations. Protocols such as CoAP or MQTT-SN are degraded by the overhead of DTLS sessions, which in common deployment protect content transfer only up to the gateway. To preserve content security end-to-end via gateways and proxies, the IETF recently developed Object Security for Constrained RESTful Environments (OSCORE), which extends CoAP with content object security features commonly known from Information Centric Networks (ICN). This paper presents a comparative analysis of protocol stacks that protect request-response transactions. We measure protocol performances of CoAP over DTLS, OSCORE, and the information-centric Named Data Networking (NDN) protocol on a large-scale IoT testbed in single- and multi-hop scenarios. Our findings indicate that (a) OSCORE improves on CoAP over DTLS in error-prone wireless regimes due to omitting the overhead of maintaining security sessions at endpoints, and (b) NDN attains superior robustness and reliability due to its intrinsic network caches and hop-wise retransmissions.
2020-09-08
Campioni, Lorenzo, Tortonesi, Mauro, Wissingh, Bastiaan, Suri, Niranjan, Hauge, Mariann, Landmark, Lars.  2019.  Experimental Evaluation of Named Data Networking (NDN) in Tactical Environments. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :43–48.
Tactical edge networks represent a uniquely challenging environment from the communications perspective, due to their limited bandwidth and high node mobility. Several middleware communication solutions have been proposed to address those issues, adopting an evolutionary design approach that requires facing quite a few complications to provide applications with a suited network programming model while building on top of the TCP/IP stack. Information Centric Networking (ICN), instead, represents a revolutionary, clean slate approach that aims at replacing the entire TCP/IP stack with a new communication paradigm, better suited to cope with fluctuating channel conditions and network disruptions. This paper, stemmed from research conducted within NATO IST-161 RTG, investigates the effectiveness of Named Data Networking (NDN), the de facto standard implementation of ICN, in the context of tactical edge networks and its potential for adoption. We evaluated an NDN-based Blue Force Tracking (BFT) dissemination application within the Anglova scenario emulation environment, and found that NDN obtained better-than-expected results in terms of delivery ratio and latency, at the expense of a relatively high bandwidth consumption.
2020-07-24
Wang, Jinmiao, Lang, Bo.  2016.  An efficient KP-ABE scheme for content protection in Information-Centric Networking. 2016 IEEE Symposium on Computers and Communication (ISCC). :830—837.

Media streaming has largely dominated the Internet traffic and the trend will keep increasing in the next years. To efficiently distribute the media content, Information-Centric Networking (ICN) has attracted many researchers. Since end users usually obtain content from indeterminate caches in ICN, the publisher cannot reinforce data security and access control depending on the caches. Hence, the ability of self-contained protection is important for the cached contents. Attribute-based encryption (ABE) is considered the preferred solution to achieve this goal. However, the existing ABE schemes usually have problems regarding efficiency. The exponentiation in key generation and pairing operation in decryption respectively increases linearly with the number of attributes involved, which make it costly. In this paper, we propose an efficient key-policy ABE with fast key generation and decryption (FKP-ABE). In the key generation, we get rid of exponentiation and only require multiplications/divisions for each attribute in the access policy. And in the decryption, we reduce the pairing operations to a constant number, no matter how many attributes are used. The efficiency analysis indicates that our scheme has better performance than the existing KP-ABE schemes. Finally, we present an implementation framework that incorporates the proposed FKP-ABE with the ICN architecture.

2020-05-29
Sattar, Muhammad Umar, Rehman, Rana Asif.  2019.  Interest Flooding Attack Mitigation in Named Data Networking Based VANETs. 2019 International Conference on Frontiers of Information Technology (FIT). :245—2454.

Nowadays network applications have more focus on content distribution which is hard to tackle in IP based Internet. Information Centric Network (ICN) have the ability to overcome this problem for various scenarios, specifically for Vehicular Ad Hoc Networks (VANETs). Conventional IP based system have issues like mobility management hence ICN solve this issue because data fetching is not dependent on a particular node or physical location. Many initial investigations have performed on an instance of ICN commonly known as Named Data Networking (NDN). However, NDN exposes the new type of security susceptibilities, poisoning cache attack, flooding Interest attack, and violation of privacy because the content in the network is called by the name. This paper focused on mitigation of Interest flooding attack by proposing new scheme, named Interest Flooding Attack Mitigation Scheme (IFAMS) in Vehicular Named Data Network (VNDN). Simulation results depict that proposed IFAMS scheme mitigates the Interest flooding attack in the network.

2020-05-11
Xue, Kaiping, Zhang, Xiang, Xia, Qiudong, Wei, David S.L., Yue, Hao, Wu, Feng.  2018.  SEAF: A Secure, Efficient and Accountable Access Control Framework for Information Centric Networking. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications. :2213–2221.
Information Centric Networking (ICN) has been regarded as an ideal architecture for the next-generation network to handle users' increasing demand for content delivery with in-network cache. While making better use of network resources and providing better delivery service, an effective access control mechanism is needed due to wide dissemination of contents. However, in the existing solutions, making cache-enabled routers or content providers authenticate users' requests causes high computation overhead and unnecessary delay. Also, straightforward utilization of advanced encryption algorithms increases the opportunities for DoS attacks. Besides, privacy protection and service accountability are rarely taken into account in this scenario. In this paper, we propose a secure, efficient, and accountable access control framework, called SEAF, for ICN, in which authentication is performed at the network edge to block unauthorized requests at the very beginning. We adopt group signature to achieve anonymous authentication, and use hash chain technique to greatly reduce the overhead when users make continuous requests for the same file. Furthermore, the content providers can affirm the service amount received from the network and extract feedback information from the signatures and hash chains. By formal security analysis and the comparison with related works, we show that SEAF achieves the expected security goals and possesses more useful features. The experimental results also demonstrate that our design is efficient for routers and content providers, and introduces only slight delay for users' content retrieval.
2020-01-21
Saadeh, Huda, Almobaideen, Wesam, Sabri, Khair Eddin, Saadeh, Maha.  2019.  Hybrid SDN-ICN Architecture Design for the Internet of Things. 2019 Sixth International Conference on Software Defined Systems (SDS). :96–101.
Internet of Things (IoT) impacts the current network with many challenges due to the variation, heterogeneity of its devices and running technologies. For those reasons, monitoring and controlling network efficiently can rise the performance of the network and adapts network techniques according to environment measurements. This paper proposes a new privacy aware-IoT architecture that combines the benefits of both Information Centric Network (ICN) and Software Defined Network (SDN) paradigms. In this architecture controlling functionalities are distributed over multiple planes: operational plane which is considered as smart ICN data plane with Controllers that control local clusters, tactical plane which is an Edge environment to take controlling decisions based on small number of clusters, and strategic plane which is a cloud controlling environment to make long-term decision that affects the whole network. Deployment options of this architecture is discussed and SDN enhancement due to in-network caching is evaluated.
2019-12-05
Campioni, Lorenzo, Hauge, Mariann, Landmark, Lars, Suri, Niranjan, Tortonesi, Mauro.  2019.  Considerations on the Adoption of Named Data Networking (NDN) in Tactical Environments. 2019 International Conference on Military Communications and Information Systems (ICMCIS). :1-8.

Mobile military networks are uniquely challenging to build and maintain, because of their wireless nature and the unfriendliness of the environment, resulting in unreliable and capacity limited performance. Currently, most tactical networks implement TCP/IP, which was designed for fairly stable, infrastructure-based environments, and requires sophisticated and often application-specific extensions to address the challenges of the communication scenario. Information Centric Networking (ICN) is a clean slate networking approach that does not depend on stable connections to retrieve information and naturally provides support for node mobility and delay/disruption tolerant communications - as a result it is particularly interesting for tactical applications. However, despite ICN seems to offer some structural benefits for tactical environments over TCP/IP, a number of challenges including naming, security, performance tuning, etc., still need to be addressed for practical adoption. This document, prepared within NATO IST-161 RTG, evaluates the effectiveness of Named Data Networking (NDN), the de facto standard implementation of ICN, in the context of tactical edge networks and its potential for adoption.

2019-11-04
Abani, Noor, Braun, Torsten, Gerla, Mario.  2018.  Betweenness Centrality and Cache Privacy in Information-Centric Networks. Proceedings of the 5th ACM Conference on Information-Centric Networking. :106-116.

In-network caching is a feature shared by all proposed Information Centric Networking (ICN) architectures as it is critical to achieving a more efficient retrieval of content. However, the default "cache everything everywhere" universal caching scheme has caused the emergence of several privacy threats. Timing attacks are one such privacy breach where attackers can probe caches and use timing analysis of data retrievals to identify if content was retrieved from the data source or from the cache, the latter case inferring that this content was requested recently. We have previously proposed a betweenness centrality based caching strategy to mitigate such attacks by increasing user anonymity. We demonstrated its efficacy in a transit-stub topology. In this paper, we further investigate the effect of betweenness centrality based caching on cache privacy and user anonymity in more general synthetic and real world Internet topologies. It was also shown that an attacker with access to multiple compromised routers can locate and track a mobile user by carrying out multiple timing analysis attacks from various parts of the network. We extend our privacy evaluation to a scenario with mobile users and show that a betweenness centrality based caching policy provides a mobile user with path privacy by increasing an attacker's difficulty in locating a moving user or identifying his/her route.

2019-08-05
Xia, S., Li, N., Xiaofeng, T., Fang, C..  2018.  Multiple Attributes Based Spoofing Detection Using an Improved Clustering Algorithm in Mobile Edge Network. 2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN). :242–243.

Information centric network (ICN) based Mobile Edge Computing (MEC) network has drawn growing attentions in recent years. The distributed network architecture brings new security problems, especially the identity security problem. Because of the cloud platform deployed on the edge of the MEC network, multiple channel attributes can be easily obtained and processed. Thus this paper proposes a multiple channel attributes based spoofing detection mechanism. To further reduce the complexity, we also propose an improved clustering algorithm. The simulation results indicate that the proposed spoofing detection method can provide near-optimal performance with extremely low complexity.

Chakraborti, Asit, Amin, Syed Obaid, Azgin, Aytac, Misra, Satyajayant, Ravindran, Ravishankar.  2018.  Using ICN Slicing Framework to Build an IoT Edge Network. Proceedings of the 5th ACM Conference on Information-Centric Networking. :214–215.
We demonstrate 5G network slicing as a unique deployment opportunity for information centric networking (ICN), by using a generic service orchestration framework that operates on commodity compute, storage, and bandwidth resource pools to realize ICN service slices. In this demo, we specifically propose a service slice for the IoT Edge network. ICN has often been considered pertinent for IoT use due to its benefits like simpler stacks on resource constrained devices, in-network caching, and in-built data provenance. We use a lightweight ICN stack on IoT devices connected with sensors and actuators to build a network, where clients can set realistic policies using their legacy hand-held devices. We employ name based authentication protocols between the service end-points and IoT devices to allow secure onboarding. The IoT slice co-exists with other service slices that cater to different classes of applications (e.g., bandwidth intensive applications, such as video conferencing) allowing resource management flexibility. Our design creates orchestrated service Edge functions to which the clients connect, and these can in turn utilize in-network stateless functions to perform tasks, such as decision making and analytics using the available compute resources efficiently.
Kita, Kentaro, Kurihara, Yoshiki, Koizumi, Yuki, Hasegawa, Toru.  2018.  Location Privacy Protection with a Semi-honest Anonymizer in Information Centric Networking. Proceedings of the 5th ACM Conference on Information-Centric Networking. :95–105.
Location-based services, which provide services based on locations of consumers' interests, are becoming essential for our daily lives. Since the location of a consumer's interest contains private information, several studies propose location privacy protection mechanisms using an anonymizer, which sends queries specifying anonymous location sets, each of which contains k - 1 locations in addition to a location of a consumer's interest, to an LBS provider based on the k-anonymity principle. The anonymizer is, however, assumed to be trusted/honest, and hence it is a single point of failure in terms of privacy leakage. To address this privacy issue, this paper designs a semi-honest anonymizer to protect location privacy in NDN networks. This study first reveals that session anonymity and location anonymity must be achieved to protect location privacy with a semi-honest anonymizer. Session anonymity is to hide who specifies which anonymous location set and location anonymity is to hide a location of a consumer's interest in a crowd of locations. We next design an architecture to achieve session anonymity and an algorithm to generate anonymous location sets achieving location anonymity. Our evaluations show that the architecture incurs marginal overhead to achieve session anonymity and anonymous location sets generated by the algorithm sufficiently achieve location anonymity.
2019-03-06
AbdAllah, E. G., Zulkernine, M., Hassanein, H. S..  2018.  A Security Framework for ICN Traffic Management. 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech). :78-85.

Information Centric Networking (ICN) changed the communication model from host-based to content-based to cope with the high volume of traffic due to the rapidly increasing number of users, data objects, devices, and applications. ICN communication model requires new security solutions that will be integrated with ICN architectures. In this paper, we present a security framework to manage ICN traffic by detecting, preventing, and responding to ICN attacks. The framework consists of three components: availability, access control, and privacy. The availability component ensures that contents are available for legitimate users. The access control component allows only legitimate users to get restrictedaccess contents. The privacy component prevents attackers from knowing content popularities or user requests. We also show our specific solutions as examples of the framework components.