• Login
    View Item 
    •   Home
    • Graduate Theses, Dissertations and Projects
    • Queen's Graduate Theses and Dissertations
    • View Item
    •   Home
    • Graduate Theses, Dissertations and Projects
    • Queen's Graduate Theses and Dissertations
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Defending Against DDoS and Unauthorized Access Attacks in Information Centric Networking

    Thumbnail
    View/Open
    AbdAllah_Eslam_G_201703_PhD.pdf (3.062Mb)
    Author
    AbdAllah, Eslam
    Metadata
    Show full item record
    Abstract
    Information Centric Networking (ICN) is a new communication paradigm that focuses on content retrieval from the network regardless of the content storage location. ICN changes the security model from securing the path to securing the content, which is available to all the ICN nodes as ICN users could benefit from any available copy. Existing security solutions cannot be applied directly to ICN architectures because of unique ICN attributes.

    In this research, we propose a security framework for ICN traffic management that includes the required functions of three components: availability, access control, and privacy. Our framework has the following attributes: be integrated within the architecture; deliver contents with high availability; transfer contents securely to legitimate users; and preserve the privacy of ICN users and contents. In this thesis, we focus on the availability and access control components.

    To build the proposed framework, it is crucial to have a comprehensive understanding of ICN attacks and their classification. In our research, we identify unique attacks to ICN architectures and other generic relevant attacks that have impacts on ICN. The attacks can be classified into four main categories: naming, routing, caching, and other miscellaneous

    attacks. We study the impacts of ICN attacks on ICN attributes and security services.

    An attacker can easily send a large number of malicious requests or publish invalid contents or routes to cause Distributed Denial of Service (DDoS) and cache pollution.Hence, we propose a solution for Defending Against DDoS in ICN routing and caching (DADI). DADI limits malicious requests, selects top-ranked contents and publishers, marks malicious routes, and caches the most popular contents. We evaluate DADI using various attack scenarios and under different ratios of attackers to legitimate users.

    To prevent unauthorized access attacks, we propose Elliptic Curve based Access Control (ECAC) solution. In this protocol, fewer public messages are needed for access control enforcement between ICN subscribers and ICN nodes than the existing access control protocols. We perform security and performance analysis for ECAC.We evaluate ECAC using various scenarios and under different request rates and number of attackers with respect to the number of legitimate users.
    URI for this record
    http://hdl.handle.net/1974/15610
    Collections
    • School of Computing Graduate Theses
    • Queen's Graduate Theses and Dissertations
    Request an alternative format
    If you require this document in an alternate, accessible format, please contact the Queen's Adaptive Technology Centre

    DSpace software copyright © 2002-2015  DuraSpace
    Contact Us
    Theme by 
    Atmire NV
     

     

    Browse

    All of QSpaceCommunities & CollectionsPublished DatesAuthorsTitlesSubjectsTypesThis CollectionPublished DatesAuthorsTitlesSubjectsTypes

    My Account

    LoginRegister

    Statistics

    View Usage StatisticsView Google Analytics Statistics

    DSpace software copyright © 2002-2015  DuraSpace
    Contact Us
    Theme by 
    Atmire NV