Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy in ICN Nikos Fotiou and George Xylomenos Mobile Multimedia Laboratory Department of Informatics AUEB, Greece PURSUIT: Publish Subscribe Internet.

Published byLawrence Bradley Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy in ICN Nikos Fotiou and George Xylomenos Mobile Multimedia Laboratory Department of Informatics AUEB, Greece PURSUIT: Publish Subscribe Internet."— Presentation transcript:

1 Privacy in ICN Nikos Fotiou and George Xylomenos Mobile Multimedia Laboratory Department of Informatics AUEB, Greece PURSUIT: Publish Subscribe Internet Technology - http://www.fp7-pursuit.eu

2 A myth to bust (?) ICN inherently preserves user’s privacy –Endpoints are decoupled –Interest/Subscription and Advertisement/Publication messages do not contain sensitive information –Crumb-based and zFilter-based forwarding do not reveal packet destination 15/2/20132ICNRG Interim Meeting

3 But ICN reveals more information… 15/2/20133ICNRG Interim Meeting

4 …even if packet header is scrambled… 15/2/20134ICNRG Interim Meeting

5 …everybody can be a publisher… Let’s spy on some users! 15/2/20135ICNRG Interim Meeting

6 …and some old privacy attacks are upgraded…. I received the content fast. It should be cached. Someone close to me has already received it! 15/2/20136ICNRG Interim Meeting

7 The devil is in the (implementation) details “We represent this by having P(ublisher) digitally sign the mapping from his chosen name”* “PLA divides this problem into two distinct parts: binding a user's traffic to that user's cryptographic identity, and binding the user's cryptographic identity to their real identity”** * D. Smetters, V. Jacobson, "Securing Network Content", PARC Tech Report, October 2009. ** D. Lagutin and S. Tarkoma. Cryptographic signatures on the network layer - an alternative to the ISP data retention, ISCC 2010. Possibly Censorship Possibly Surveillance 15/2/20137ICNRG Interim Meeting

8 Privacy deserves our attention A proposed methodology: –Capture common ICN roles –Capture common ICN functions –Create a common threat model –Investigate how design choices affect user privacy 15/2/20138ICNRG Interim Meeting

9 An example Roles –Relaying party: Makes data available –Consumer: Interested in data –Mediator: Facilitates data dissemination Functions: Advertisement, Lookup Threat model: malicious local mediators, malicious global mediators, both targeting consumer surveillance and censorship 15/2/20139ICNRG Interim Meeting

10 Design choice 1: Advertisement and lookup are coupled to routing Advertisements are flooded 15/2/201310ICNRG Interim Meeting

11 Design choice 1: Advertisement and lookup are coupled to routing Lookups follow the routing plane 15/2/201311ICNRG Interim Meeting

12 Design choice 1: Advertisement and lookup are coupled to routing Default GW: I see all lookups of subscriber Intermediate Router: I have many chances to see both Lookup and Advertisement It is possible to use alternative routes 15/2/201312ICNRG Interim Meeting

13 Design choice 2: Advertisement and lookup are decoupled from routing Advertisements are sent to an overlay rendezvous node 15/2/201313ICNRG Interim Meeting

14 Design choice 2: Advertisement and lookup are decoupled to routing A single overlay node is the “Rendezvous point” for an information item 15/2/201314ICNRG Interim Meeting

15 Design choice 2: Advertisement and lookup are decoupled to routing Lookups follow the overlay network 15/2/201315ICNRG Interim Meeting

16 Design choice 2: Advertisement and lookup are decoupled to routing Default rendezvous node: It can be easily changed (as easily we can change default DNS) Intermediate Rendezvous node: Less chances to see both Lookup and Advertisement Rendezvous point: I see all advertisements for a piece of content 15/2/201316ICNRG Interim Meeting

17 Analysis Design choice 1: –Consumer can not easily change default GW –Default GW can easily watch/censor a consumer –Intermediate routers have also good chances to watch a consumer –Use alternative lookup paths to avoid censorship 15/2/201317ICNRG Interim Meeting

18 Analysis Design choice 2: –Default rendezvous node can be easily changed –Intermediate rendezvous nodes do not have many chances to watch or censor a consumer –The rendezvous point of an information item can watch all consumer interests and perform censorship 15/2/201318ICNRG Interim Meeting

19 On going work This was a very simple ICN model…. …a simpler threat model …and an even simpler set of design choices Much more to do! 15/2/201319ICNRG Interim Meeting

Download ppt "Privacy in ICN Nikos Fotiou and George Xylomenos Mobile Multimedia Laboratory Department of Informatics AUEB, Greece PURSUIT: Publish Subscribe Internet."

Similar presentations

I2ComM 2008 Colombia, Cartagena February 22 Next Generation Internet Architectures: Current Status and Challenges Fábio Luciano Verdi University of Campinas.

I2ComM 2008 Colombia, Cartagena February 22 Next Generation Internet Architectures: Current Status and Challenges Fábio Luciano Verdi University of Campinas.
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Information-centric networking: Concepts for a future Internet David D. Clark, Karen Sollins MIT CFP November, 2012.

Information-centric networking: Concepts for a future Internet David D. Clark, Karen Sollins MIT CFP November, 2012.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Security: Packet Level Authentication and Pub/Sub Security Solution Dr. Dmitrij Lagutin Helsinki Institute for Information Technology (HIIT) 4.10.2011.

Security: Packet Level Authentication and Pub/Sub Security Solution Dr. Dmitrij Lagutin Helsinki Institute for Information Technology (HIIT)
ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Resilience Issues in Information Centric Networks Ning Wang University of Surrey.

Resilience Issues in Information Centric Networks Ning Wang University of Surrey.
Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.

Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
Mobility in a Publish Subscribe Internetwork Dr. Dmitrij Lagutin Helsinki Institute for Information Technology (HIIT) (based on slides by Prof. George.

Mobility in a Publish Subscribe Internetwork Dr. Dmitrij Lagutin Helsinki Institute for Information Technology (HIIT) (based on slides by Prof. George.
Location vs. Identities in Internet Content: Applying Information-Centric Principles in Today’s Networks Instructor: Assoc. Prof. Chung-Horng Lung Group.

Location vs. Identities in Internet Content: Applying Information-Centric Principles in Today’s Networks Instructor: Assoc. Prof. Chung-Horng Lung Group.
Access Control Enforcement Delegation for Information-Centric Networking Architectures N. Fotiou, G.F. Marias, G.C Polyzos.

Access Control Enforcement Delegation for Information-Centric Networking Architectures N. Fotiou, G.F. Marias, G.C Polyzos.
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
Content-based Routing for Information Centric Networks D. Reininger ECE 544 Spring 2014.

Content-based Routing for Information Centric Networks D. Reininger ECE 544 Spring 2014.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Reliable Internetworking using the Pub/Sub Paradigm Nikos Fotiou Advisor: Prof. George C. Polyzos Mobile Multimedia Laboratory, Department of Informatics.

Reliable Internetworking using the Pub/Sub Paradigm Nikos Fotiou Advisor: Prof. George C. Polyzos Mobile Multimedia Laboratory, Department of Informatics.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
Illustrating a Publish-Subscribe Internet Architecture Nikolaos Fotiou 1 George C. Polyzos 1 Dirk Trossen 2 Presenter: Konstantinos Katsaros 1 1 Athens.

Illustrating a Publish-Subscribe Internet Architecture Nikolaos Fotiou 1 George C. Polyzos 1 Dirk Trossen 2 Presenter: Konstantinos Katsaros 1 1 Athens.

Similar presentations

Ads by Google