Cache nFace: uma Contramedida Simples para o Ataque em Conluio Produtor-Consumidor em Redes Centradas em Conteúdo
Resumo
Esse artigo propõe e avalia uma contramedida para comedir o ataque de negação de serviço por conluio produtor-consumidor na arquitetura CCN chamada de Cache nFace. A contramedida proposta comede este ataque dividindo o cache de um nó em sub-caches. Cada sub-cache armazena somente os conteúdos solicitados através de uma interface de rede específica. Isso aumenta a robustez do cache sob ataque. São realizadas simulações para avaliar a proposta para diferentes topologias de rede e configurações do ataque. Os resultados mostram que o Cache nFace reduz em até 50% a eficiência do ataque e supera outra proposta encontrada na literatura em todos os cenários analisados.Referências
Afanasyev, A., Mahadevan, P., Moiseenko, I., Uzun, E., and Zhang, L. (2013). Interest flooding attack and countermeasures in named data networking. In IFIP Networking, pages 1–9.
Afanasyev, A., Moiseenko, I., and Zhang, L. (2012). ndnSIM: NDN simulator for NS-3. Technical Report NDN-0005, NDN.
Breslau, L., Cao, P., Fan, L., Phillips, G., and Shenker, S. (1999). Web caching and zipf-like distributions: evidence and implications. In IEEE Conference on Computer Communications - INFOCOM, pages 126–134.
Brito, G. M., Velloso, P. B., and Moraes, I. M. (2012). Redes orientadas a conteúdo: Um novo paradigma para a Internet. In Minicursos do Simpósio Brasileiro de Redes de Computadores - SBRC, pages 211–264.
Brito, G. M., Velloso, P. B., and Moraes, I. M. (2013). Information-Centric Networks, A New Paradigm for the Internet. FOCUS - Networks and Telecommunications Series. Wiley-ISTE, 1 edition.
Gallo, M., Perino, D., and Muscariello, L. (2015). Content-centric networking packet header format. Technical Report BCP-78, Internet Engineering Task Force.
Gasti, P., Tsudik, G., Uzun, E., and Zhang, L. (2013). DoS and DDoS in named-data networking. In International Conference on Computer Communications and Networks - ICCCN, pages 1–7.
Jacobson, V., Smetters, D., Thornton, J., Plass, M., Briggs, N., and Braynard, R. (2009). Networking named content. In International Conference on emerging Networking EXperiments and Technologies - CoNEXT.
Kim, J., Shin, D., and Ko, Y.-B. (2013a). Top-ccn: Topology aware content centric networking for mobile ad hoc networks. In 2013 19th IEEE International Conference on Networks (ICON), pages 1–6.
Kim, Y., Kim, U., and Yeoml, I. (2013b). The impact of large flows in content centric networks. In IEEE International Conference on Network Protocols - ICNP, pages 1–2.
Nasserala, A. and Moraes, I. M. (2015). Artigo 1. In XXXIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC), pages 641–654.
Nasserala, A. and Moraes, I. M. (2016a). Artigo 2. IEEE Latin America Transactions, 14(6):3003–3010.
Nasserala, A. and Moraes, I. M. (2016b). Artigo 3. In 2016 13th IEEE Annual Consumer Communications Networking Conference (CCNC), pages 849–852.
Smetters, D. and Jacobson, V. (2009). Securing network content. Technical Report TR- 2009-1, Xerox Palo Alto Research Center - PARC.
Spring, N., Mahajan, R., Wetherall, D., and Anderson, T. (2004). Measuring ISP topologies with Rocketfuel. IEEE/ACM Transactions on Networking, 12(1):2–16.
Xie, M.,Widjaja, I., and Wang, H. (2012). Enhancing cache robustness for content-centric networking. In IEEE Conference on Computer Communications - INFOCOM, pages 2426–2434.
Afanasyev, A., Moiseenko, I., and Zhang, L. (2012). ndnSIM: NDN simulator for NS-3. Technical Report NDN-0005, NDN.
Breslau, L., Cao, P., Fan, L., Phillips, G., and Shenker, S. (1999). Web caching and zipf-like distributions: evidence and implications. In IEEE Conference on Computer Communications - INFOCOM, pages 126–134.
Brito, G. M., Velloso, P. B., and Moraes, I. M. (2012). Redes orientadas a conteúdo: Um novo paradigma para a Internet. In Minicursos do Simpósio Brasileiro de Redes de Computadores - SBRC, pages 211–264.
Brito, G. M., Velloso, P. B., and Moraes, I. M. (2013). Information-Centric Networks, A New Paradigm for the Internet. FOCUS - Networks and Telecommunications Series. Wiley-ISTE, 1 edition.
Gallo, M., Perino, D., and Muscariello, L. (2015). Content-centric networking packet header format. Technical Report BCP-78, Internet Engineering Task Force.
Gasti, P., Tsudik, G., Uzun, E., and Zhang, L. (2013). DoS and DDoS in named-data networking. In International Conference on Computer Communications and Networks - ICCCN, pages 1–7.
Jacobson, V., Smetters, D., Thornton, J., Plass, M., Briggs, N., and Braynard, R. (2009). Networking named content. In International Conference on emerging Networking EXperiments and Technologies - CoNEXT.
Kim, J., Shin, D., and Ko, Y.-B. (2013a). Top-ccn: Topology aware content centric networking for mobile ad hoc networks. In 2013 19th IEEE International Conference on Networks (ICON), pages 1–6.
Kim, Y., Kim, U., and Yeoml, I. (2013b). The impact of large flows in content centric networks. In IEEE International Conference on Network Protocols - ICNP, pages 1–2.
Nasserala, A. and Moraes, I. M. (2015). Artigo 1. In XXXIII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC), pages 641–654.
Nasserala, A. and Moraes, I. M. (2016a). Artigo 2. IEEE Latin America Transactions, 14(6):3003–3010.
Nasserala, A. and Moraes, I. M. (2016b). Artigo 3. In 2016 13th IEEE Annual Consumer Communications Networking Conference (CCNC), pages 849–852.
Smetters, D. and Jacobson, V. (2009). Securing network content. Technical Report TR- 2009-1, Xerox Palo Alto Research Center - PARC.
Spring, N., Mahajan, R., Wetherall, D., and Anderson, T. (2004). Measuring ISP topologies with Rocketfuel. IEEE/ACM Transactions on Networking, 12(1):2–16.
Xie, M.,Widjaja, I., and Wang, H. (2012). Enhancing cache robustness for content-centric networking. In IEEE Conference on Computer Communications - INFOCOM, pages 2426–2434.
Publicado
06/11/2017
Como Citar
NASSERALA, André; MORAES, Igor Monteiro.
Cache nFace: uma Contramedida Simples para o Ataque em Conluio Produtor-Consumidor em Redes Centradas em Conteúdo. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 17. , 2017, Brasília.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2017
.
p. 320-333.
DOI: https://doi.org/10.5753/sbseg.2017.19509.