Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University,

Slides:

Advertisements

Similar presentations

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.

Advertisements

A Survey of Key Management for Secure Group Communications Celia Li.

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

Building Cloud-ready Video Transcoding System for Content Delivery Networks(CDNs) Zhenyun Zhuang and Chun Guo Speaker: 饒展榕.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

CLOUD COMPUTING FOR MOBILE USERS: CAN OFFLOADING COMPUTATION SAVE ENERGY? Purdue University.

Suphakit Awiphan, Takeshi Muto, Yu Wang, Zhou Su, Jiro Katto

Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.

Broadcast Encryption and Traitor Tracing Jin Kim.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada Multimedia Streaming in Dynamic Peer-to-Peer Systems and Mobile Wireless.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Digital Asset Protection in Personal Private Networks Imad Abbadi Information Security Group Royal Holloway, University of London

APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

P2P Games Conference “Attributes of the Gaming Cloud?” Norman Henderson ASANKYA

Secure Content Delivery in Information- Centric Networks: Design, Implementation, and Analysis Satysjayant Misra, Reza Tourani, Nahid Ebrahimi Majd Presenter.

Research on cloud computing application in the peer-to-peer based video-on-demand systems Speaker : 吳靖緯 MA0G rd International Workshop.

A Secure Protocol for Spontaneous Wireless Ad Hoc Networks Creation.

EE616 Technical Project Video Hosting Architecture By Phillip Sutton.

Michael Sirivianos Xiaowei Yang Stanislaw Jarecki Presented by Vidya Nalan Chakravarthy.

MobiQuitous 2004Kimaya Sanzgiri Leveraging Mobility to Improve Quality of Service in Mobile Networks Kimaya Sanzgiri and Elizabeth Belding-Royer Department.

1 Secure Ad-Hoc Network Eunjin Jung

1 Configurable Security for Scavenged Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh with: Samer Al-Kiswany, Matei Ripeanu.

Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.

Exploiting Proxy-Based Transcoding to Increase the User Quality of Experience in Networked Applications Maarten Wijnants Patrick Monsieurs Peter Quax Wim.

Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.

Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems.

Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.

Korea University CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim Generic Transformation for Scalable Broadcast Encryption Schemes.

MULTIMEDIA OVER WIRELESS BROADBAND NETWORKS BY: NEELIMA PUNJALA.

Content Sharing over Smartphone-Based Delay- Tolerant Networks.

Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa

Kiew-Hong Chua a.k.a Francis Computer Network Presentation 12/5/00.

Adaptive Web Caching CS411 Dynamic Web-Based Systems Flying Pig Fei Teng/Long Zhao/Pallavi Shinde Computer Science Department.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.

1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.

Architectural Design of a Multi- Agent System for handling Metadata streams Don Cruickshank, Luc Moreau, David De Roure Department of Electronics and Computer.

Presenting By CH . MADHURI(12QU1D5806) Under the supervision of

Under The Guidance of Smt. Ch.Ratna Kumari Asst.Professor Submitted by M Ravi Kumar Roll No:10021F0006 M.C.A.

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

When DRM Meets Restricted Multicast A Content Encryption Key Scheme for Restricted Multicast and DRM Min FENG and Bin ZHU Microsoft Research Asia.

Attribute-Based Encryption With Verifiable Outsourced Decryption.

Overlay Networks : An Akamai Perspective

Dynamic Control of Coding for Progressive Packet Arrivals in DTNs.

Video Caching in Radio Access network: Impact on Delay and Capacity

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.

10-Jun-05 BWCTL (Bandwidth Test Control) Jeff Boote Network Performance Workshop.

Guided By: Prof. Rajarshree Karande JSPM’S IMPERIAL COLLEGE OF ENGINEERING & RESEARCH WAGHOLI, PUNE Group MemberRoll No. Abhijeet Aralgundkar03.

WHAT'S THE DIFFERENCE BETWEEN A WEB APPLICATION STREAMING NETWORK AND A CDN? INSTART LOGIC.

Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.

Windows Vista Configuration MCTS : Advanced Networking.

Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.

Fault – Tolerant Distributed Multimedia Streaming Web Application By Nirvan Sagar – Srishti Ganjoo – Syed Shahbaaz Safir

PROJECT DOMAIN : NETWORK SECURITY Project Members : M.Ananda Vadivelan & E.Kalaivanan Department of Computer Science.

INTERNET PROTOCOL TELEVISION (IP-TV)

Chapter 9: Transport Layer

Providing Real-time Security Support for Multi-level Ad-hoc Networks

Mohammad Malli Chadi Barakat, Walid Dabbous Alcatel meeting

Digital Forensics 2 Presented by : J.Silaa Lecture: FCI 30 Aug 2017

Video Distribution on Internet

INTERNET PROTOCOL TELEVISION (IP-TV)

ECE 671 – Lecture 16 Content Distribution Networks

PREPARED BY: RUMMY MIRANDA

MULTIMEDIA OVER WIRELESS BROADBAND NETWORKS

Design Unit 26 Design a small or home office network

Technical University of Cluj-Napoca

Presentation transcript:

Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University, USA New Mexico State University, Las Cruces, NM, USA Satyajayant MisraReza Tourani Nahid Majd

Agenda Introduction and Motivation Models and Assumptions Design of Framework Testbed Results Conclusion New Mexico State University, Las Cruces, NM, USA

High bandwidth video makes 51% of the Internet traffic today and would rise to 54% by 2016; Sum of all video traffic would become approximately 86% of global traffic; By 2014, mobile wireless devices will account for 61% of world Internet traffic. New Mexico State University, Las Cruces, NM, USA The Cisco Visual Networking Index underlines the need for a high bandwidth content-centric Internet.

What does this traffic trend mean for the future of the Internet? New Mexico State University, Las Cruces, NM, USA Bandwidth Intensive

A typical content delivery hierarchy in today’s Internet. New Mexico State University, Las Cruces, NM, USA Content ProviderCDN Nodes ISP Nodes End Users

However, using CDNs does not solve the bandwidth bottleneck problem at the ISPs (the edge). New Mexico State University, Las Cruces, NM, USA Redundant/Duplicate transmissions undermine network performance Solution: In-network caching at the ISP-level.

In-network caching at the ISPs will help reduce bandwidth requirement at the ISP level. New Mexico State University, Las Cruces, NM, USA

The important concern is, how do we ensure high availability of the cached data only to legitimate users? New Mexico State University, Las Cruces, NM, USA

Let’s look at a simplified example of how your content is delivered to your Netflix player from the Netflix server. New Mexico State University, Las Cruces, NM, USA Microsoft’s Individualization Server Netflix Control ServerNetflix’s Regular Webserver Netflix License ServerNetflix Streaming Server (Akamai, etc.) Amazon EC2 Your Player

If the Cloud is down, then the service is down! New Mexico State University, Las Cruces, NM, USA

These conditions serve as the motivation for this work. New Mexico State University, Las Cruces, NM, USA For more than 20 million users; revocation of 1-2 million users; system re- initialization possible.

We use a Shamir’s secret-sharing based broadcast encryption mechanism* for content security. New Mexico State University, Las Cruces, NM, USA n: total number of users; t: maximum revocation threshold Server sends t shares, user adds one more to make t+1. * W. Tzeng and Z. Tzeng. A public-key traitor tracing scheme with revocation using dynamic shares. In Public Key Cryptography, pages 207–224, 2001.

The basic steps are split between the server and the client, with the operations being heavy on the server-side. New Mexico State University, Las Cruces, NM, USA  Server encrypts content using a symmetric key  It generates “n + t” shares  Gives each user one of the shares  Encrypts the key using “t” shares and makes it available  Legitimate user adds his share to create t+1 shares to decrypt the key * W. Tzeng and Z. Tzeng. A public-key traitor tracing scheme with revocation using dynamic shares. In Public Key Cryptography, pages 207–224, 2001.

The framework has three basic protocols: First two performed at the server and the last one at the client. New Mexico State University, Las Cruces, NM, USA  Polynomials and shares generation at the server  Enabling block generation and encryption at the server  Secret Extraction at the mobile user We perform pre-computations at the server so user has to perform only O(t) computations to obtain secret key.

CCN/NDN Architecture Details: User Registration, Chunk Creation, Packet Naming, Versioning, User Revocation New Mexico State University, Las Cruces, NM, USA Sequence Numbers: Sequential or Random Versioning: Content and Enabling Block can have different numbers, versions can help with expiration. User Registration and Revocation: Messages transmitted as interests.

We have addressed some of the questions pertaining to the handling of system dynamics in the framework. New Mexico State University, Las Cruces, NM, USA How to revoke a subscribed user at the end of the subscription? Can we handle the case where the number of revoked user is more than t the system revocation threshold? How do we handle new user(s) when the system reaches user capacity?

The framework was implemented in a CCNx testbed to verify its feasibility for mobile users. New Mexico State University, Las Cruces, NM, USA CCNx-0.7 codebase. 3 nodes: Intel Core i7, 8 GB RAM, 2.4 GHz. Code in C++, compiled with gcc GNU multi-precision arithmetic library MB video hosted using the ccnputfile command. n: 1 M to 20 M in increments of 5 M. t: 5 K to 40 K in increments of 5 K. Experiments were run over 100 runs.

We implemented two versions: No Server-side Pre- computation (SD) & Server-side Pre-computation (PSD). New Mexico State University, Las Cruces, NM, USA No server-side pre-computation => No computation of the Lagrangian interpolation at the server, requiring O(t 2 ) computations at the mobile device. Server-side pre-computation => The Lagrangian interpolation variables are partially computed at the server; only O(t) computations at the mobile device.

Polynomial generation and user shares generation depended on the number of users in the system. New Mexico State University, Las Cruces, NM, USA Cost increases for large number of users, however, this part can be parallelized easily.

The pre-computation at the server adds to the enabling block cost, however the overhead is still modest. New Mexico State University, Las Cruces, NM, USA Even in PSD, the addition of the enabling block to the content transmission adds only a 0.3% overhead for a 300 MB movie.

The extraction at the user with PSD is far better than in SD, hence is recommended. New Mexico State University, Las Cruces, NM, USA Even when t is 1 million it takes 4.17 seconds (0.06% of a standard Netflix movie time) to extract using one 2.4 GHz processor.

Conclusions: Our framework will scale to large number of mobile users New Mexico State University, Las Cruces, NM, USA Legitimate users can access content available close-by. Even when the CP is down! The framework is tailor-made for mobile users. It is efficient to scale to several million users Tested for upto 20 million subscribers. Number of revoked users upto 1 million. CCNx testbed implementation results show promise.

Thank You New Mexico State University, Las Cruces, NM, USA

New Mexico State University, Las Cruces, NM, USA