Abstract | ||
---|---|---|
Named Data Networking NDN is one the proposals for the Future Internet design relying on the Information Centric Networking paradigm and probably the most promising. To enable a large-scale deployment by Internet Service Providers, however, a well-established security is fundamental. While numerous prior works study the security of NDN, a large amount of those works have been conducted using simulation frameworks which prevent the consideration of potential threats and flaws in a real deployment context. Toward this effort, this paper studies the practical vulnerabilities exposed by NDN Forwarding Daemon NFD, the current implementation of NDN, and especially its Pending Interest Table. An attack scenario, based on the Interest Flooding Attack, is implemented on NFD routers deployed in a Network Function Virtualization environment. We show that the current implementation, though designed to be flexible, has some flaws that can ease the mounting of attacks in a real NDN network. We have found that there is no mechanism to protect NFD router when Pending Interest Table PIT is overloaded and identified the set of parameters which can increase the attack success. Several recommendations are proposed for the security of future implementations. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1007/978-3-319-39814-3_10 | AIMS |
Field | DocType | Volume |
Software deployment,Computer science,Computer security,Network packet,Computer network,Implementation,Information-centric networking,Router,Daemon,The Internet,Vulnerability | Conference | 9701 |
ISSN | Citations | PageRank |
0302-9743 | 0 | 0.34 |
References | Authors | |
10 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Hoang Long Mai | 1 | 8 | 2.47 |
Ngoc Tan Nguyen | 2 | 0 | 0.34 |
Guillaume Doyen | 3 | 0 | 0.34 |
Alain Ploix | 4 | 0 | 0.34 |
Rémi Cogranne | 5 | 545 | 30.57 |