A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures

Detalhes bibliográficos
Autor(a) principal: Dogruluk, Ertugrul
Data de Publicação: 2022
Outros Autores: Macedo, Joaquim, Costa, António
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: https://hdl.handle.net/1822/79804
Resumo: One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests.
id RCAP_fcb82e023838717705e9dd0b69ee21ab
oai_identifier_str oai:repositorium.sdum.uminho.pt:1822/79804
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architecturesNamed data networksCache privacySide-channel timing attacksScience & TechnologyOne key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests.This work has been supported by FCT - Fundação para a Ciência e Tecnologia within the R&D Units Project Scope: UIDB/00319/2020.Multidisciplinary Digital Publishing Institute (MDPI)Universidade do MinhoDogruluk, ErtugrulMacedo, JoaquimCosta, António2022-04-162022-04-16T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://hdl.handle.net/1822/79804engDogruluk, E.; Macedo, J.; Costa, A. A Countermeasure Approach for Brute-Force Timing Attacks on Cache Privacy in Named Data Networking Architectures. Electronics 2022, 11, 1265. https://doi.org/10.3390/electronics110812652079-929210.3390/electronics110812651265https://www.mdpi.com/2079-9292/11/8/1265info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-21T12:53:35Zoai:repositorium.sdum.uminho.pt:1822/79804Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T19:52:59.600476Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
title A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
spellingShingle A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
Dogruluk, Ertugrul
Named data networks
Cache privacy
Side-channel timing attacks
Science & Technology
title_short A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
title_full A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
title_fullStr A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
title_full_unstemmed A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
title_sort A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
author Dogruluk, Ertugrul
author_facet Dogruluk, Ertugrul
Macedo, Joaquim
Costa, António
author_role author
author2 Macedo, Joaquim
Costa, António
author2_role author
author
dc.contributor.none.fl_str_mv Universidade do Minho
dc.contributor.author.fl_str_mv Dogruluk, Ertugrul
Macedo, Joaquim
Costa, António
dc.subject.por.fl_str_mv Named data networks
Cache privacy
Side-channel timing attacks
Science & Technology
topic Named data networks
Cache privacy
Side-channel timing attacks
Science & Technology
description One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests.
publishDate 2022
dc.date.none.fl_str_mv 2022-04-16
2022-04-16T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://hdl.handle.net/1822/79804
url https://hdl.handle.net/1822/79804
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Dogruluk, E.; Macedo, J.; Costa, A. A Countermeasure Approach for Brute-Force Timing Attacks on Cache Privacy in Named Data Networking Architectures. Electronics 2022, 11, 1265. https://doi.org/10.3390/electronics11081265
2079-9292
10.3390/electronics11081265
1265
https://www.mdpi.com/2079-9292/11/8/1265
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Multidisciplinary Digital Publishing Institute (MDPI)
publisher.none.fl_str_mv Multidisciplinary Digital Publishing Institute (MDPI)
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799133124828856320

Registros relacionados