skip to main content
research-article

Securing Scalable Real-time Multiparty Communications with Hybrid Information-centric Networking

Published:19 May 2023Publication History
Skip Abstract Section

Abstract

In this article, we consider security aspects of online meeting applications based on protocols such as WebRTC that leverage the Information-centric Networking (ICN) architecture to make the system fundamentally more scalable. If the scalability properties provided by ICN have been proved in recent literature, the security challenges and implications for real-time applications have not been reviewed. We show that this class of applications can benefit from strong security and scalability jointly without any major tradeoff and with significant performance improvements over traditional WebRTC systems. To achieve this goal, some modifications to the current ICN architecture must be implemented in the way integrity and authentication are verified. Extensive performance analysis of the architecture based on the open source implementation of Hybrid-ICN proves that real-time applications can greatly benefit from this novel network architecture in terms of strong security and scalable communications.

REFERENCES

  1. [1] AbdAllah Eslam G., Hassanein Hossam S., and Zulkernine Mohammad. 2015. A survey of security attacks in information-centric networking. IEEE Communications Surveys Tutorials 17, 3 (2015), 14411454. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. [2] Acs Gergely, Conti Mauro, Gasti Paolo, Ghali Cesar, and Tsudik Gene. 2013. Cache privacy in named-data networking. In 2013 IEEE 33rd International Conference on Distributed Computing Systems. 4151. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. [3] Afanasyev Alexander, Mahadevan Priya, Moiseenko Ilya, Uzun Ersin, and Zhang Lixia. 2013. Interest flooding attack and countermeasures in Named Data Networking. In 2013 IFIP Networking Conference. 19.Google ScholarGoogle Scholar
  4. [4] Ahlgren Bengt and Grinnemo Karl-Johan. 2022. ZQTRTT: A multipath scheduler for heterogeneous traffic in ICNs based on zero queueing time ratio. In Proceedings of the 9th ACM Conference on Information-centric Networking (ICN’22). Association for Computing Machinery, New York, NY, 110. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. [5] Ambrosin Moreno, Compagno Alberto, Conti Mauro, Ghali Cesar, and Tsudik Gene. 2018. Security and privacy analysis of National Science Foundation future internet architectures. IEEE Communications Surveys Tutorials 20, 2 (2018), 14181442. Google ScholarGoogle ScholarCross RefCross Ref
  6. [6] Andreasen Flemming, Wing Dan, and Baugher Mark. 2006. Session Description Protocol (SDP) Security Descriptions for Media Streams. RFC 4568. (July2006). Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. [7] Barach David, Linguaglossa Leonardo, Marion Damjan, Pfister Pierre, Pontarelli Salvatore, and Rossi Dario. 2018. High-speed software data plane via vectorized packet processing. IEEE Communications Magazine 56, 12 (2018), 97103. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. [8] Baugher Mark, Davie Bruce, Narayanan Ashok, and Oran Dave. 2012. Self-verifying names for read-only named data. In 2012 Proceedings of IEEE INFOCOM Workshops. 274279. Google ScholarGoogle ScholarCross RefCross Ref
  9. [9] Carofiglio Giovanna, Muscariello Luca, Augé Jordan, Papalini Michele, Sardara Mauro, and Compagno Alberto. 2019. Enabling ICN in the internet protocol: Analysis and evaluation of the hybrid-ICN architecture. In Proceedings of the 6th ACM Conference on Information-centric Networking. 5566. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. [10] Chaabane Abdelberi, Cristofaro Emiliano De, Kaafar Mohamed Ali, and Uzun Ersin. 2013. Privacy in content-oriented networking: Threats and countermeasures. SIGCOMM Comput. Commun. Rev. 43, 3 (July2013), 2533. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. [11] Chakraborti Asit, Amin Syed Obaid, Zhao Bin, Azgin Aytac, Ravindran Ravishankar, and Wang Guoqiang. 2015. ICN based scalable audio-video conferencing on virtualized service edge router (VSER) platform. In Proceedings of the 2nd ACM Conference on Information-centric Networking. Association for Computing Machinery, 217218. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. [12] Compagno Alberto, Conti Mauro, Gasti Paolo, Mancini Luigi Vincenzo, and Tsudik Gene. 2015. Violating consumer anonymity: Geo-locating nodes in named data networking. In Applied Cryptography and Network Security. Springer International Publishing, 243262.Google ScholarGoogle ScholarCross RefCross Ref
  13. [13] Compagno Alberto, Conti Mauro, Gasti Paolo, and Tsudik Gene. 2013. Poseidon: Mitigating interest flooding DDoS attacks in named data networking. In 38th Annual IEEE Conference on Local Computer Networks. 630638. Google ScholarGoogle ScholarCross RefCross Ref
  14. [14] Conti Mauro, Gasti Paolo, and Teoli Marco. 2013. A lightweight mechanism for detection of cache pollution attacks in named data networking. Computer Networks: The International Journal of Computer and Telecommunications Networking 57 (Nov.2013), 31783191. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. [15] Gasti Paolo, Tsudik Gene, Uzun Ersin, and Zhang Lixia. 2013. DoS and DDoS in named data networking. In 2013 22nd International Conference on Computer Communication and Networks (ICCCN’13). 17. Google ScholarGoogle ScholarCross RefCross Ref
  16. [16] Ghali Cesar, Tsudik Gene, and Uzun Ersin. 2014. Needle in a haystack: Mitigating content poisoning in named-data networking. In Proceedings of the Workshop on Security of Emerging Networking Technologies. Google ScholarGoogle ScholarCross RefCross Ref
  17. [17] Ghali Cesar, Tsudik Gene, and Uzun Ersin. 2014. Network-layer trust in named-data networking. ACM SIGCOMM Computer Communication Review 44 (Feb.2014). Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. [18] Gündoğan Cenk, Pfender Jakob, Frey Michael, Schmidt Thomas C., Shzu-Juraschek Felix, and Wählisch Matthias. 2019. Gain more for less: The surprising benefits of QoS management in constrained NDN networks. In Proceedings of the 6th ACM Conference on Information-Centric Networking (ICN’19). Association for Computing Machinery, New York, NY, 141152. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. [19] (IETF) Internet Engineering Task Force (Ed.). 2021. Hybrid Information-centric Networking. https://datatracker.ietf.org/doc/html/draft-muscariello-intarea-hicn-04.Google ScholarGoogle Scholar
  20. [20] (IETF) Internet Engineering Task Force (Ed.). 2021. The Messaging Layer Security (MLS) Protocol. https://datatracker.ietf.org/doc/html/draft-ietf-mls-protocol-12.Google ScholarGoogle Scholar
  21. [21] Jacobson Van, Smetters Diana K., Thornton James D., Plass Michael F., Briggs Nicholas H., and Braynard Rebecca L.. 2009. Networking named content. In Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies. 112. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. [22] Jangam Anil, Ravindran Ravishankar, Chakraborti Asit, Wan Xili, and Wang Guoqiang. 2015. Realtime multi-party video conferencing service over information centric network. In 2015 IEEE International Conference on Multimedia and Expo Workshops (ICMEW’15). 16. Google ScholarGoogle ScholarCross RefCross Ref
  23. [23] Kent S.. 2005. IP Authentication Header. RFC 4302. RFC Editor. https://datatracker.ietf.org/doc/html/rfc4302.Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. [24] Kent S.. 2005. IP Encapsulating Security Payload (ESP). RFC 4303. RFC Editor. https://datatracker.ietf.org/doc/html/rfc4303.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. [25] Kent S. and Seo K.. 2005. Security Architecture for the Internet Protocol. RFC 4301. RFC Editor. https://datatracker.ietf.org/doc/html/rfc4301.Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. [26] Lacan J.. 2009. Reed-Solomon Forward Error Correction (FEC) Schemes. RFC 5510. RFC Editor. https://datatracker.ietf.org/doc/html/rfc5510.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. [27] Networks Linux Foundation - Fast Data. 2021. FDIO HICN. Technical Report. https://wiki.fd.io/view/HICN.Google ScholarGoogle Scholar
  28. [28] Misra Satyajayant, Tourani Reza, and Majd Nahid Ebrahimi. 2013. Secure content delivery in information-centric networks: Design, implementation, and analyses. In Proceedings of the 3rd ACM SIGCOMM Workshop on Information-Centric Networking (ICN’13). Association for Computing Machinery, New York, NY, 7378. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. [29] Misra Satyajayant, Tourani Reza, Natividad Frank, Mick Travis, Majd Nahid Ebrahimi, and Huang Hong. 2019. AccConF: An access control framework for leveraging in-network cached data in the ICN-enabled wireless edge. IEEE Transactions on Dependable and Secure Computing 16, 1 (2019), 517. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. [30] Mohaisen Aziz, Mekky Hesham, Zhang Xinwen, Xie Haiyong, and Kim Yongdae. 2015. Timing attacks on access privacy in information centric networks and countermeasures. IEEE Transactions on Dependable and Secure Computing 12, 6 (2015), 675687. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. [31] Moiseenko Ilya, Wang Lijing, and Zhang Lixia. 2015. Consumer / producer communication with application level framing in named data networking. In Proceedings of the 2nd ACM Conference on Information-Centric Networking (ACM-ICN’15). Association for Computing Machinery, New York, NY, 99108. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. [32] Nguyen Tan, Cogranne Remi, and Doyen Guillaume. 2015. An optimal statistical test for robust detection against interest flooding attacks in CCN. In 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM’15). 252260. Google ScholarGoogle ScholarCross RefCross Ref
  33. [33] Nour Boubakr, Khelifi Hakima, Hussain Rasheed, Mastorakis Spyridon, and Moungla Hassine. 2021. Access control mechanisms in named data networks: A comprehensive survey. ACM Comput. Surv. 54, 3 (Apr2021), Article 61, 35 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. [34] Oran David R.. 2021. Considerations in the Development of a QoS Architecture for CCNx-like Information-centric Networking Protocols. RFC 9064. (June2021). Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. [35] Papalini Michele, Carofiglio Giovanna, Compagno Alberto, Mantellini Angelo, Muscariello Luca, Samain Jacques, and Sardara Mauro. 2020. On the scalability of WebRTC with information-centric networking. In 2020 IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN’20). 16. Google ScholarGoogle ScholarCross RefCross Ref
  36. [36] Sardara Mauro, Muscariello Luca, and Compagno Alberto. 2018. A transport layer and socket API for (h)ICN: Design, implementation and performance analysis. In Proceedings of the 5th ACM Conference on Information-centric Networking. 137147. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. [37] Shirey R.. 2007. Internet Security Glossary, Version 2. RFC 4949. RFC Editor. https://datatracker.ietf.org/doc/html/rfc4949.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. [38] Smetters Diana and Jacobson Van. 2009. Securing network content. PARC Technical Report (October2009).Google ScholarGoogle Scholar
  39. [39] Tourani Reza, Misra Satyajayant, Mick Travis, and Panwar Gaurav. 2018. Security, privacy, and access control in information-centric networking: A survey. IEEE Communications Surveys Tutorials 20, 1 (2018), 566600. Google ScholarGoogle ScholarCross RefCross Ref
  40. [40] Marlinspike Trevor Perrin (Ed.) and Moxie. 2016. The Double Ratchet Algorithm. Technical Paper. https://signal.org/docs/specifications/doubleratchet/.Google ScholarGoogle Scholar
  41. [41] Tschudin Christian, Wood Christopher A., Mosko Marc, and Oran David R.. 2022. File-like ICN Collections (FLIC). Internet-Draft draft-irtf-icnrg-flic-04. Internet Engineering Task Force. https://datatracker.ietf.org/doc/draft-irtf-icnrg-flic/04/. Work in Progress.Google ScholarGoogle Scholar
  42. [42] Weidner Matthew, Kleppmann Martin, Hugenroth Daniel, and Beresford Alastair R.. 2021. Key agreement for decentralized secure group messaging with strong security guarantees. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS’21). Association for Computing Machinery, New York, NY, 20242045. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. [43] Wählisch Matthias, Schmidt Thomas, and Vahlenkamp Markus. 2013. Backscatter from the data plane — Threats to stability and security in information-centric networking. Computer Networks 57 (Nov.2013), 31923206. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. [44] Zhang Zhiyi, Yu Yingdi, Ramani Sanjeev Kaushik, Afanasyev Alex, and Zhang Lixia. 2018. NAC: Automating access control via named data. In 2018 IEEE Military Communications Conference (MILCOM’18). IEEE. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Securing Scalable Real-time Multiparty Communications with Hybrid Information-centric Networking

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM Transactions on Internet Technology
            ACM Transactions on Internet Technology  Volume 23, Issue 2
            May 2023
            276 pages
            ISSN:1533-5399
            EISSN:1557-6051
            DOI:10.1145/3597634
            • Editor:
            • Ling Liu
            Issue’s Table of Contents

            Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 19 May 2023
            • Online AM: 19 April 2023
            • Accepted: 17 April 2023
            • Revised: 5 April 2023
            • Received: 23 June 2022
            Published in toit Volume 23, Issue 2

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article
          • Article Metrics

            • Downloads (Last 12 months)105
            • Downloads (Last 6 weeks)20

            Other Metrics

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          Full Text

          View this article in Full Text.

          View Full Text
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!