Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Privacy of Future Internet Architectures: Named-Data Networking Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content.

Published byPaul Alexander Modified over 9 years ago

Similar presentations

Presentation on theme: "Security and Privacy of Future Internet Architectures: Named-Data Networking Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content."— Presentation transcript:

1 Security and Privacy of Future Internet Architectures: Named-Data Networking Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide for acknowledgements!

2 The Internet of today Design dates back to the 70’s – Inspired by telephony systems – TCP/IP Main principle: end-to-end communication – Look up the endpoints of interest CS660 - Advanced Information Assurance - UMassAmherst 2

3 Routing in the Internet 3 User’s AS CNN’s AS Transit AS CS660 - Advanced Information Assurance - UMassAmherst

4 The Internet of today Design dates back to the 70’s – TCP/IP Main principle: end-to-end communication – Look up the endpoints of interest – Build applications on the top of TCP/IP CS660 - Advanced Information Assurance - UMassAmherst 4

5 5

6 But things have changed a lot since the 70’s! – Back then, communications were mostly end-to- end, so it was efficient – Security is not built into the TCP/IP Internet, but was added as an add-on CS660 - Advanced Information Assurance - UMassAmherst 6

7 Today New communication paradigms: – Content-intensive communications Content lookup Content caching – Mobility – Cloud computing The current Internet is not efficient anymore – Also, suffers from security challenges CS660 - Advanced Information Assurance - UMassAmherst 7

8 Not efficient! CS660 - Advanced Information Assurance - UMassAmherst 8 ISP

9 Goal: Look Like This CS660 - Advanced Information Assurance - UMassAmherst 9 ISP

10 Next-Generation Internet Architectures Design the Internet of the future! – More efficient More scalable Less overhead Less expensive … – More secure CS660 - Advanced Information Assurance - UMassAmherst 10

11 Next-Generation Internet Architectures Various proposals: – Content-centric networking (CCN) – NSF’s FIA program NDN MobilityFirst NEBULA XIA ChoiceNet – Many more CS660 - Advanced Information Assurance - UMassAmherst 11

12 Next-Generation Internet Architectures Main principles: – Built-in security – Content is the first-class citizen Cache content Name content Look for content – Mobility is pervasive – Cloud computing is ubiquitous CS660 - Advanced Information Assurance - UMassAmherst 12

13 Content-Centric Designs: Narrow Waist is the Content! CS660 - Advanced Information Assurance - UMassAmherst 13 TCP/IPCCN

14 Named-Data Networking (NDN) Name the content instead of the end-hosts – A content-centric architecture NSF FIA and FIA-NP programs Consumers: send interest packets Producers: return “pulled” content packets CS660 - Advanced Information Assurance - UMassAmherst 14

15 Routing in the TCP/IP Internet 15 User’s AS CNN’s AS Transit AS CS660 - Advanced Information Assurance - UMassAmherst

16 Routing in NDN 16 CS660 - Advanced Information Assurance - UMassAmherst Interest Content Interest

17 TCP/IPNDN Name end-hosts (e.g., IP addresses)Name content CommunicationContent distribution Mobility is difficultMobility-friendly Make processes secureMake content secure CS660 - Advanced Information Assurance - UMassAmherst 17

18 NDN Security All content objects are signed by the publishers – Authenticity – Integrity Content objects are encrypted – Confidentiality of content How about privacy? CS660 - Advanced Information Assurance - UMassAmherst 18

19 NDN: Privacy Benefits No “source address” in content interests – Not needed for routing Traffic monitoring less effective for non-global adversaries CS660 - Advanced Information Assurance - UMassAmherst 19 Interest Content Interest Does not see the interest

20 NDN: Privacy Challenges Name privacy – /CNN/Video/03-24-15/protest Content privacy – Public content Cache privacy – Detect hit/miss Signature privacy – Reveal publisher identity CS660 - Advanced Information Assurance - UMassAmherst 20

21 Privacy in NDN Privacy is not built-in – Need to protect privacy 1.Design PET tools 2.Integrate with the architecture CS660 - Advanced Information Assurance - UMassAmherst 21

22 ANDaNA An anonymous communication network for the NDN architecture – Tor’s counterpart Based on onion routing – Any router/host can be an anonymizing “relay” – Ephemeral circuits – Non-global adversary assumption CS660 - Advanced Information Assurance - UMassAmherst 22

23 ANDaNA design A circuit is composed of two routers (relays): – Entry router – Exit router Comparable to Tor’s three-hop circuits Why two routers: – NDN itself provides some notion of anonymity because of no source address in interests CS660 - Advanced Information Assurance - UMassAmherst 23

24 Onion Routing in NDN 24 /OR-1 /OR-2 I: /omh/blood-pressure/steve Nonce: Loc: /fitbit/key I: /omh/blood-pressure/steve Nonce: Loc: /fitbit/key I: /OR-2 I: /OR-1 I: /omh/blood-pressure/steve Nonce: Loc: /fitbit/key I: /OR-2 I: /omh/blood-pressure/steve Nonce: Loc: /fitbit/key D: /omh/blood-pressure/steve Loc: /fitbit/key { mmHg: 100 } D: /omh/blood-pressure/steve Loc: /fitbit/key { mmHg: 100 } D: /OR-2 D: /omh/blood-pressure/steve Loc: /fitbit/key { mmHg: 100 } D: /OR-2 D: /OR-1

25 Performance compared to Tor CS660 - Advanced Information Assurance - UMassAmherst 25

26 Performance compared to Tor CS660 - Advanced Information Assurance - UMassAmherst 26

27 Discussion So, is NDN (or other next-generation archs) more/less secure? More/less private? Is building PET tools easier or harder in NDN? Tradeoffs between security/privacy and performance? – Do we still benefit from caching? How is censorship circumvention different? Easier? Harder? How can we design next-generation Internet architectures with built-in privacy? Is it practical? What are the tradeoffs? CS660 - Advanced Information Assurance - UMassAmherst 27

28 Acknowledgement Some of the slides, content, or pictures are borrowed from the following resources, and some pictures are obtained through Google search without being referenced below: NDSS’12 presentation of the ANDaNA paper provided by the authors Steve DiBenedetto’s slides: ANDaNA: Onion Routing for NDN 28 CS660 - Advanced Information Assurance - UMassAmherst

Download ppt "Security and Privacy of Future Internet Architectures: Named-Data Networking Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content."

Similar presentations

Panel: ICN Architecture Overview Cedric Westphal Huawei Innovations

Panel: ICN Architecture Overview Cedric Westphal Huawei Innovations
Information-centric networking: Concepts for a future Internet David D. Clark, Karen Sollins MIT CFP November, 2012.

Information-centric networking: Concepts for a future Internet David D. Clark, Karen Sollins MIT CFP November, 2012.
Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.

Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
Information Hiding: Watermarking and Steganography

Information Hiding: Watermarking and Steganography
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Content Centric Networking in Tactical and Emergency MANETs Soon Y. Oh, Davide Lau, and Mario Gerla Computer Science Department University of California,

Content Centric Networking in Tactical and Emergency MANETs Soon Y. Oh, Davide Lau, and Mario Gerla Computer Science Department University of California,
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Introduction and Logistics Amir Houmansadr CS660: Advanced Information Assurance Spring 2015.

Introduction and Logistics Amir Houmansadr CS660: Advanced Information Assurance Spring 2015.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
ANDaNA: Onion Routing for NDN Steve DiBenedetto Colorado State University ANDaNA: Anonymous Named Data Networking Application NDSS ’12 Steven DiBenedetto,

ANDaNA: Onion Routing for NDN Steve DiBenedetto Colorado State University ANDaNA: Anonymous Named Data Networking Application NDSS ’12 Steven DiBenedetto,
Darknet Anonymous peer to peer file sharing CS555 INTRODUCTION TO COMPUTER NETWORKSDR. KURT MALYFALL 2014 KHAJA MASROOR AHMED00999044.

Darknet Anonymous peer to peer file sharing CS555 INTRODUCTION TO COMPUTER NETWORKSDR. KURT MALYFALL 2014 KHAJA MASROOR AHMED
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
COS 420 Day 18. Agenda Assignment 4 Posted Chap 16-20 Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?

Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Distributed Systems & Networks i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg.

Distributed Systems & Networks i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google