DoS & DDoS in Named Data Networking

Abstract

With the growing realization that current Internet protocols are reaching the limits of their senescence, several on-going research efforts aim to design potential next-generation Internet architectures. Although they vary in maturity and scope, in order to avoid past pitfalls, these efforts seek to treat security and privacy as fundamental requirements. Resilience to Denial-of-Service (DoS) attacks that plague today’s Internet is a major issue for any new architecture and deserves full attention. In this paper, we focus on DoS in a specific candidate next generation Internet architecture called Named Data Networking (NDN) – an instantiation of Content-Centric Networking approach. By stressing content dissemination, NDN appears to be attractive and viable approach to many types of current and emerging communication models. It also incorporates some basic security features that mitigate certain attacks. However, NDN’s resilience to DoS attacks has not been analyzed to-date. This paper represents the first step towards assessment and possible mitigation of DoS in NDN. After identifying and analyzing several new types of attacks, it investigates their variations, effects and counter-measures. This paper also sheds some light on the debate about relative virtues of self-certifying, as opposed to human-readable, names in the context of content-centric networking.