Show simple item record

dc.contributor.authorAbdAllah, Eslam
dc.contributor.otherQueen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.))en
dc.date.accessioned2017-03-30T13:04:15Z
dc.date.available2017-03-30T13:04:15Z
dc.identifier.urihttp://hdl.handle.net/1974/15610
dc.description.abstractInformation Centric Networking (ICN) is a new communication paradigm that focuses on content retrieval from the network regardless of the content storage location. ICN changes the security model from securing the path to securing the content, which is available to all the ICN nodes as ICN users could benefit from any available copy. Existing security solutions cannot be applied directly to ICN architectures because of unique ICN attributes. In this research, we propose a security framework for ICN traffic management that includes the required functions of three components: availability, access control, and privacy. Our framework has the following attributes: be integrated within the architecture; deliver contents with high availability; transfer contents securely to legitimate users; and preserve the privacy of ICN users and contents. In this thesis, we focus on the availability and access control components. To build the proposed framework, it is crucial to have a comprehensive understanding of ICN attacks and their classification. In our research, we identify unique attacks to ICN architectures and other generic relevant attacks that have impacts on ICN. The attacks can be classified into four main categories: naming, routing, caching, and other miscellaneous attacks. We study the impacts of ICN attacks on ICN attributes and security services. An attacker can easily send a large number of malicious requests or publish invalid contents or routes to cause Distributed Denial of Service (DDoS) and cache pollution.Hence, we propose a solution for Defending Against DDoS in ICN routing and caching (DADI). DADI limits malicious requests, selects top-ranked contents and publishers, marks malicious routes, and caches the most popular contents. We evaluate DADI using various attack scenarios and under different ratios of attackers to legitimate users. To prevent unauthorized access attacks, we propose Elliptic Curve based Access Control (ECAC) solution. In this protocol, fewer public messages are needed for access control enforcement between ICN subscribers and ICN nodes than the existing access control protocols. We perform security and performance analysis for ECAC.We evaluate ECAC using various scenarios and under different request rates and number of attackers with respect to the number of legitimate users.en_US
dc.language.isoenen_US
dc.relation.ispartofseriesCanadian thesesen
dc.rightsQueen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canadaen
dc.rightsProQuest PhD and Master's Theses International Dissemination Agreementen
dc.rightsIntellectual Property Guidelines at Queen's Universityen
dc.rightsCopying and Preserving Your Thesisen
dc.rightsThis publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.en
dc.subjectInformation Centric Networkingen_US
dc.subjectNetwork Securityen_US
dc.titleDefending Against DDoS and Unauthorized Access Attacks in Information Centric Networkingen_US
dc.typethesisen_US
dc.description.degreeDoctor of Philosophyen_US
dc.contributor.supervisorZulkernine, Mohammaden
dc.contributor.supervisorHassanein, Hossam S.en
dc.contributor.departmentComputingen


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record