Home // AICT 2015, The Eleventh Advanced International Conference on Telecommunications // View article

Mitigating Distributed Denial-of-Service Attacks in Named Data Networking

Authors:
Vassilios Vassilakis
Bashar Alohali
Ioannis Moscholios
Michael Logothetis

Keywords: Named Data Networking; Distributed Denial of Service; Interest Flooding Attack

Abstract:
Named Data Networking (NDN) is a novel networking approach that aims at overcoming some of the limitations of the current Internet. In particular, NDN aims at providing better privacy and security by focusing on the data items themselves rather than on the location of data. This is achieved by using soft states at the routers, which record the requests/interests for data from users in the Pending Interest Table (PIT). However, this new networking concept opens up avenues for launching Distributed Denial-of-Service (DDoS) attacks on PITs. That is, an attacker may flood the network with a large number of Interest packets that would overflow the PITs at the routers, thus preventing legitimate users from receiving the requested data. This type of DDoS attack is known as the Interest Flooding Attack (IFA) and, if not adequately dealt with, may severely disrupt the normal operation of an NDN system. In this paper, we first show that the basic NDN mechanism is vulnerable to IFA even when the attacker has very limited resources. Next,we propose a mitigation technique that allows routers to quickly identify and block such DDoS attempts, by detecting anomalous user behaviour. We also introduce an additional security layer by using public-key based router authentication. We evaluate our proposed scheme by means of computer simulations and show that a sufficient level of security can be achieved with little processing and storage overhead.

Pages: 18 to 23

Copyright: Copyright (c) IARIA, 2015

Publication date: June 21, 2015

Published in: conference

ISSN: 2308-4030

ISBN: 978-1-61208-411-4

Location: Brussels, Belgium

Dates: from June 21, 2015 to June 26, 2015