Security and Privacy Challenges in Content-Centric Networks

摘要

Today's Internet is aging. Connections are point-to-point and increasingly protected by end-to-end encryption. This reduces security to data transport instead of data itself. Content-Centric Networking (CCN) is a paradigm shift away from this host- and channel-based design. CCN is an architecture for naming, securing, and transferring named data from producers to consumers upon request. Consumers issue interests for named content. Routers forward interests towards producers capable of providing authentic content with cryptographic name-to-data bindings. Once found, routers forward content, in reverse, towards consumers. Routers may also choose to cache content to serve duplicate future interests. Object security, native authenticity, pull-based data transfer, flow symmetry, and in-network services are among the notable characteristics of CCN. In this dissertation, we study security and privacy issues that stem from these architectural properties. Specifically, we study variations and facets of access control, privacy risks and remedies, and network-layer availability attacks and architectural mitigations. For each issue, we describe the problem in detail and explain several countermeasures. We also present detailed analyses and experimental assessments for each approach. We find that sound engineering can mitigate several issues, while others remain insurmountable challenges exacerbated by fundamental security and performance tradeoffs made by CCN.