19.06.16 - 22.06.16, Seminar 16251

Information-centric Networking and Security

Diese Seminarbeschreibung wurde vor dem Seminar auf unseren Webseiten veröffentlicht und bei der Einladung zum Seminar verwendet.

Motivation

In recent years, Information-centric Networking (ICN) has received a lot attention from both academic and industrial sectors. ICN offers a means of inter-networking that is radically different from today's IP-based Internet which is host- or address-centric. Security and privacy issues in ICN have become increasingly important, as ICN technology gradually matures and nears real-world deployment. As is well known, in today's Internet, security and privacy features were originally not present and had to be incrementally and individually retrofitted (with varying success) over the last 35 years. In contrast, since ICN-based architectures (e.g., NDN, CCNx, etc.) are still evolving, it is both timely and important to explore ICN security and privacy issues as well as devise and assess possible mitigation techniques. Therefore, the general purpose of this Dagstuhl seminar is to discuss and explore potential ICN security features, attacks, privacy leaks, and potential means of mitigating vulnerabilities. Candidate topics for this seminar include, but are not limited to:

  • The most prominent ICN characteristic is the decoupling of information (aka data or content) from its source and allowing the former to be cached in the network. The main consequent benefits are reduced traffic load and better scalability, due to popular content being served from router caches, rather than from its source. However, indiscriminate serving of content immediately prompts the challenge of access control: how to (efficiently) make cached data accessible only to authorized users? A closely related issue is: how to securely account for content served by the network? Furthermore, how to effectively flush cached content from the network? Cached content also opens the door for powerful attacks, such as Interest Flooding and Content Poisoning. While the latter might be addressable at the expense of in-network security processing, the former remains elusive.
  • From the privacy perspective, in-network caching is beneficial as it reduces observability of traffic near content sources. However, it is also detrimental to privacy since edge-router caching leaks information about nearby demand for certain content. Also, in contrast to "opaque" numeric IP addresses, ICN content requests and returned content carry meaningful names (e.g., human-readable strings in NDN) and this seeming convenience results in a loss of privacy since it becomes easy to censor communication. This triggers the need for mitigation strategies, e.g., VPN-like tunnels, network-layer anonymous communication, etc.
  • Another key challenge is trust management in ICN. Since the network's currency is content, rather than IP packets, what is the role of the network layer in controlling (e.g., authenticating and/or authorizing) requests for, and returned, content? In the same vein, how do applications (that can vary greatly in terms of trust architectures and semantics) manage trust and propagate it to the network? Furthermore, given that today's DNS appears to be no longer needed in ICN, is there a role for a global DNS-like service for the purposes of trust management?

This seminar aims to gather researchers with ICN interests from both networking and security/privacy research communities. While the primary focus is on security/privacy in the ICN context, the outcomes will offer broader benefits, since in-depth exploration of ICN security and privacy concepts might benefit the current Internet, even before ICN technology is eventually deployed, e.g. how object encryption can provide an alternative to end-to-end encryption in today’s Internet.