命名数据网络中的安全问题分析
|
摘要
IP以及内容分发网络已经无法满足当今人们对所有的数据分发以及安全性的要求了。随着21世纪因特网的广泛应用,命名数据网络(NDN)则着眼于解决当下高速发展的网络与陈旧的TCP/IP架构之间日益不兼容的问题。尽管NDN在诞生之初就已经把安全性纳入其架构之中,但是作为最有可能代替TCP/IP网络成为未来网络主流架构的命名数据网络仍然在安全性方面面临着严峻的挑战。主要介绍了NDN在安全性方面所面临的隐私与信任问题,以及可能遭受到的恶意攻击,例如拒绝服务攻击和协议与定时攻击,以及针对这些攻击目前所应用的防御措施,还有未来可能的研究方向。
IP and content distribution networks are no longer able to meet all of today's data distribution and security requirements.With widespread use of the Internet in the 21 st century,NDN(Named Data Network) aims to address the growing incompatibility between today's fast-growing network and old TCP/IP architectures.Although having incorporated security into its architecture since its inception,the named data network,which is most likely to replace the TCP/IP network as the mainstream architecture of the future network,still faces severe security challenges.Therefore,the privacy and trust issues faced by NDN in security are mainly introduced,including potential malicious attacks,such as denial-of-service attacks,protocol and timing attacks,and the defensive measures against these attacks at present.Finally,the possible research directions in the future are discussed.
IP and content distribution networks are no longer able to meet all of today's data distribution and security requirements.With widespread use of the Internet in the 21 st century,NDN(Named Data Network) aims to address the growing incompatibility between today's fast-growing network and old TCP/IP architectures.Although having incorporated security into its architecture since its inception,the named data network,which is most likely to replace the TCP/IP network as the mainstream architecture of the future network,still faces severe security challenges.Therefore,the privacy and trust issues faced by NDN in security are mainly introduced,including potential malicious attacks,such as denial-of-service attacks,protocol and timing attacks,and the defensive measures against these attacks at present.Finally,the possible research directions in the future are discussed.
引文
[1]于晔,李联峰,郭红纲.新一代互联网NDN面临的挑战及脆弱性分析[J].信息安全与通信保密,2014(03):123-127.YU Wei,LI Lian-feng,Guo Honggang.Analysis of Challenges and Vulnerabilities of Next Generation Internet NDN[J].Information Security&Communication Confidentiality,2014(03):123-127.
[2]雷凯.信息中心网络与命名数据网络[M].北京:北京大学出版社,2015.LEI Kai.Information Center Network and Named Data Network[M].Beijing:Peking University Press,2015.7.
[3]Lutz R.Security and Privacy in Future Internet Architectures-Benefits and Challenges of Content Centric Networks[J].Computing Research Repository,2016(21):12-15.
[4]Chaabane A.Privacy in Content-Oriented Networking:Threats and Countermeasures[J].ACM SIGCOMMComputer Comm.Rev,2013,43(3):26-33.
[5]Gasti P.DoS&DDoS in Named-Data Networking[J].Proc.Int’l Conf.Computer Comm.And etworks,2013(31):22-25.
[6]XIE M,Widjaja I,WANg H.Enhancing Cache Robustness for Content-Centric Networks[J].Proc.Int’l Conf.Computer Comm.,2012(15):2426-2434.
[7]郑林浩,汤红波,葛国栋.内容中心网络中基于多样化存储的缓存污染防御机制[J].计算机应用,2015,35(06):1688-1692.ZHENG Lin-hao,TANG Hong-bo,GE Guo-dong.Cache Pollution Prevention Mechanism based on Diversified Storage in Content Center Network[J].Computer Applicat ions,2015,35(06):1688-1692.
[8]Benedetto S Di.ANDaNA:Anonymous Named Data Networking Application[J].Proc.Network and Distributed System Security Symp.(NDSS 12),2012(11):56-57.
[9]Yu Y,Afanasyev A,Clark D.Schematizing Trust in Named Data Networking[J].Proc.2nd Int’l Conf.InformationCentric Networking,2015(12):177-186.
[10]Acs G.Cache Privacy in Named Data Networking[J].Proc.Int’l Conf.Distributed Computing Systems,2013(10):41-51.
[11]Conti M,Gasti P,Teoli M.A Lightweight Mechanism for Detection of Cache Pollution Attacks in Named Data Networking[J].Computer Networks,2013(16):3178-3191.
[12]Rezazad M,Tay C.CCndnS:A Strategy for Spreading Content and Decoupling NDN Caches[J].Proc.Int’l IFIPNetworking Conf,2015(18):1-9.
[2]雷凯.信息中心网络与命名数据网络[M].北京:北京大学出版社,2015.LEI Kai.Information Center Network and Named Data Network[M].Beijing:Peking University Press,2015.7.
[3]Lutz R.Security and Privacy in Future Internet Architectures-Benefits and Challenges of Content Centric Networks[J].Computing Research Repository,2016(21):12-15.
[4]Chaabane A.Privacy in Content-Oriented Networking:Threats and Countermeasures[J].ACM SIGCOMMComputer Comm.Rev,2013,43(3):26-33.
[5]Gasti P.DoS&DDoS in Named-Data Networking[J].Proc.Int’l Conf.Computer Comm.And etworks,2013(31):22-25.
[6]XIE M,Widjaja I,WANg H.Enhancing Cache Robustness for Content-Centric Networks[J].Proc.Int’l Conf.Computer Comm.,2012(15):2426-2434.
[7]郑林浩,汤红波,葛国栋.内容中心网络中基于多样化存储的缓存污染防御机制[J].计算机应用,2015,35(06):1688-1692.ZHENG Lin-hao,TANG Hong-bo,GE Guo-dong.Cache Pollution Prevention Mechanism based on Diversified Storage in Content Center Network[J].Computer Applicat ions,2015,35(06):1688-1692.
[8]Benedetto S Di.ANDaNA:Anonymous Named Data Networking Application[J].Proc.Network and Distributed System Security Symp.(NDSS 12),2012(11):56-57.
[9]Yu Y,Afanasyev A,Clark D.Schematizing Trust in Named Data Networking[J].Proc.2nd Int’l Conf.InformationCentric Networking,2015(12):177-186.
[10]Acs G.Cache Privacy in Named Data Networking[J].Proc.Int’l Conf.Distributed Computing Systems,2013(10):41-51.
[11]Conti M,Gasti P,Teoli M.A Lightweight Mechanism for Detection of Cache Pollution Attacks in Named Data Networking[J].Computer Networks,2013(16):3178-3191.
[12]Rezazad M,Tay C.CCndnS:A Strategy for Spreading Content and Decoupling NDN Caches[J].Proc.Int’l IFIPNetworking Conf,2015(18):1-9.