The Producer-Consumer Collusion Attack in Content-Centric Networks

André Luiz Nasserala Pires, Igor Monteiro Moraes

Abstract


This paper evaluates a denial-of-service attack in
information-centric networks based on the Content Centric
Networking (CCN) architecture. This attack aims at increasing the
content retrieval time. In this attack, both malicious consumers
and producers collude, by generating, publishing, and changing
content popularity. Malicious contents are stored by intermediate
nodes and occupy the cache space that should be occupied by
legitimate content. Thus, the probability of a legitimate consumer
retrieves content directly from the producer increases as well as
the content retrieval time. We evaluate the impact of the attack by
varying the number of consumers and producers in collusion, the
interest packets rate, and the way malicious contents are
requested. Results show if 20% of consumers are malicious and
send 500 interests/s each, the content retrieval time experienced by
legitimate users increases by 20 times, which shows the
effectiveness of the attack.


Keywords


Content-Centric Networks; Producer-Consumer

References


A. Afanasyev, P. Mahadevan, I. Moiseenko, E. Uzun, e L. Zhang, “Interest

flooding attack and countermeasures in named data networking,”

in IFIP Networking, May 2013, pp. 1–9.

L. Breslau, P. Cao, L. Fan, G. Phillips, and S. Shenker, “Web caching

and zipf-like distributions: Evidence and implications,” in IEEE Conference

on Computer Communications - INFOCOM, Mar. 1999, pp.

–134.

G. M. Brito, P. B. Velloso e I. M. Moraes, “Redes orientadas a

conteúdo: Um novo paradigma para a Internet.” Em Minicursos do

Simpósio Brasileiro de Redes de Computadores - SBRC, Abr. 2012 pp

–264.

G. M. Brito, P. B. Velloso, and I. M. Moraes, Information-Centric

Networks, A New Paradigm for the Internet, 1st ed., ser. FOCUS -

Networks and Telecommunications Series. Wiley-ISTE, 2013.

S. Choi, K. Kim, S. Kim, and B. Roh, “Threat of DoS by interest

flooding attack in content-centric networking,” in Information

Networking International Conference, Jan. 2013, pp. 315–319.

P. Gasti, G. Tsudik, E. Uzun, and L. Zhang, “DoS and DDoS in nameddata

networking,” in International Conference on Computer

Communications and Networks - ICCCN, Aug. 2013, pp. 1–7.

F. Q. Guimarães, I. C. G. Ribeiro, A. A. de Rocha e C. V. N.

Albuquerque. “Nem tanto nem tão pouco: Existe um timeout Ótimo

para PIT CCN na mitigação de ataques DoS,” Em Simpósio Brasileiro

em Segurança da Informação e de Sistemas Computacionais - SBSeg,

Out. 2013.

V. Jacobson, D. Smetters, J. Thornton, M. Plass, N. Briggs, and R.

Braynard, “Networking named content,” in International Conference on

emerging Networking EXperiments and Technologies - CoNEXT, Dec.

, pp. 1–12.

Y. Kim, U. Kim, and I. Yeoml, “The impact of large flows in content

centric networks,” in IEEE International Conference on Network

Protocols - ICNP, Oct. 2013, pp. 1–2.

I. C. G. Ribeiro, A. A. de A. Rocha, C. V. N. Albuquerque, and F. Q.

Guimarães, “On the possibility of mitigating content pollution in

content-centric networking,” in Conference on Local Computer

Networks (LCN), Sep. 2014, pp. 498–501.

I. C. G. Ribeiro, A. A. de A. Rocha, C. V. N. Albuquerque, and F. Q.

Guimarães, “CCNcheck: um mecanismo de mitigação para poluição de

conteúdos em redes centradas em conteúdo,” Em Simpósio Brasileiro

em Segurança da Informação e de Sistemas Computacionais - SBSeg.

Out. 2013.

I. C. G. Ribeiro, F. Q. Guimarães, J. F. Kazienko, A. A. Rocha, P. B.

Velloso, I. M. Moraes e C. V. N. Albuquerque, “Segurança em redes

centradas em conteúdo: Vulnerabilidades, ataques e contramedidas.”

Em Minicurso do Simpósio Brasileiro em Segurança da Informação e

de Sistemas Computacionais - SBSeg. Out. 2012, pp 101-150.

D. Smetters and V. Jacobson, “Securing network content,” Xerox Palo

Alto Research Center - PARC, Tech. Rep. TR-2009-1, 2009.

M. Xie, I. Widjaja, and H. Wang, “Enhancing cache robustness for

content-centric networking,” in IEEE Conference on Computer

Communications - INFOCOM, Mar. 2012, pp. 2426–2434.

L. Zhang, D. Estrin, J. Burke, V. Jacobson, J. Thornton, D. K. Smetters,

B. Zhang, G. Tsudik, K. Claffy, D. Krioukov, D. Massey, C.

Papadopoulos, T. Abdelzaher, L. Wang, P. Crowley, and E. Yeh,

“Named Data Networking (NDN) project,” Xerox Palo Alto Research

Center - PARC, Tech. Rep. NDN-0001, 2010.




DOI: https://doi.org/10.17648/enig.v2i1.47

Refbacks

  • There are currently no refbacks.




Licença Creative Commons
This site is licensed with the Creative Commons Atribuição-NãoComercial-SemDerivações 4.0 Internacional

RENASIC Logo1 Logo2 Logo3