Defending Against DDoS and Unauthorized Access Attacks in Information Centric Networking

Loading...
Thumbnail Image

Authors

AbdAllah, Eslam

Date

Type

thesis

Language

eng

Keyword

Information Centric Networking , Network Security

Research Projects

Organizational Units

Journal Issue

Alternative Title

Abstract

Information Centric Networking (ICN) is a new communication paradigm that focuses on content retrieval from the network regardless of the content storage location. ICN changes the security model from securing the path to securing the content, which is available to all the ICN nodes as ICN users could benefit from any available copy. Existing security solutions cannot be applied directly to ICN architectures because of unique ICN attributes. In this research, we propose a security framework for ICN traffic management that includes the required functions of three components: availability, access control, and privacy. Our framework has the following attributes: be integrated within the architecture; deliver contents with high availability; transfer contents securely to legitimate users; and preserve the privacy of ICN users and contents. In this thesis, we focus on the availability and access control components. To build the proposed framework, it is crucial to have a comprehensive understanding of ICN attacks and their classification. In our research, we identify unique attacks to ICN architectures and other generic relevant attacks that have impacts on ICN. The attacks can be classified into four main categories: naming, routing, caching, and other miscellaneous attacks. We study the impacts of ICN attacks on ICN attributes and security services. An attacker can easily send a large number of malicious requests or publish invalid contents or routes to cause Distributed Denial of Service (DDoS) and cache pollution.Hence, we propose a solution for Defending Against DDoS in ICN routing and caching (DADI). DADI limits malicious requests, selects top-ranked contents and publishers, marks malicious routes, and caches the most popular contents. We evaluate DADI using various attack scenarios and under different ratios of attackers to legitimate users. To prevent unauthorized access attacks, we propose Elliptic Curve based Access Control (ECAC) solution. In this protocol, fewer public messages are needed for access control enforcement between ICN subscribers and ICN nodes than the existing access control protocols. We perform security and performance analysis for ECAC.We evaluate ECAC using various scenarios and under different request rates and number of attackers with respect to the number of legitimate users.

Description

Citation

Publisher

License

Queen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canada
ProQuest PhD and Master's Theses International Dissemination Agreement
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.

Journal

Volume

Issue

PubMed ID

External DOI

ISSN

EISSN