A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
Autor(a) principal: | |
---|---|
Data de Publicação: | 2022 |
Outros Autores: | , |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | https://hdl.handle.net/1822/79804 |
Resumo: | One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests. |
id |
RCAP_fcb82e023838717705e9dd0b69ee21ab |
---|---|
oai_identifier_str |
oai:repositorium.sdum.uminho.pt:1822/79804 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architecturesNamed data networksCache privacySide-channel timing attacksScience & TechnologyOne key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests.This work has been supported by FCT - Fundação para a Ciência e Tecnologia within the R&D Units Project Scope: UIDB/00319/2020.Multidisciplinary Digital Publishing Institute (MDPI)Universidade do MinhoDogruluk, ErtugrulMacedo, JoaquimCosta, António2022-04-162022-04-16T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://hdl.handle.net/1822/79804engDogruluk, E.; Macedo, J.; Costa, A. A Countermeasure Approach for Brute-Force Timing Attacks on Cache Privacy in Named Data Networking Architectures. Electronics 2022, 11, 1265. https://doi.org/10.3390/electronics110812652079-929210.3390/electronics110812651265https://www.mdpi.com/2079-9292/11/8/1265info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-21T12:53:35Zoai:repositorium.sdum.uminho.pt:1822/79804Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T19:52:59.600476Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures |
title |
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures |
spellingShingle |
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures Dogruluk, Ertugrul Named data networks Cache privacy Side-channel timing attacks Science & Technology |
title_short |
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures |
title_full |
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures |
title_fullStr |
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures |
title_full_unstemmed |
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures |
title_sort |
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures |
author |
Dogruluk, Ertugrul |
author_facet |
Dogruluk, Ertugrul Macedo, Joaquim Costa, António |
author_role |
author |
author2 |
Macedo, Joaquim Costa, António |
author2_role |
author author |
dc.contributor.none.fl_str_mv |
Universidade do Minho |
dc.contributor.author.fl_str_mv |
Dogruluk, Ertugrul Macedo, Joaquim Costa, António |
dc.subject.por.fl_str_mv |
Named data networks Cache privacy Side-channel timing attacks Science & Technology |
topic |
Named data networks Cache privacy Side-channel timing attacks Science & Technology |
description |
One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests. |
publishDate |
2022 |
dc.date.none.fl_str_mv |
2022-04-16 2022-04-16T00:00:00Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
https://hdl.handle.net/1822/79804 |
url |
https://hdl.handle.net/1822/79804 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
Dogruluk, E.; Macedo, J.; Costa, A. A Countermeasure Approach for Brute-Force Timing Attacks on Cache Privacy in Named Data Networking Architectures. Electronics 2022, 11, 1265. https://doi.org/10.3390/electronics11081265 2079-9292 10.3390/electronics11081265 1265 https://www.mdpi.com/2079-9292/11/8/1265 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Multidisciplinary Digital Publishing Institute (MDPI) |
publisher.none.fl_str_mv |
Multidisciplinary Digital Publishing Institute (MDPI) |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799133124828856320 |