Experimental work on NDN simulation for privacy related problems

Abstract

Named Data Networking (NDN) is one of the examples of Content Oriented Networking to be the prospective next generation network candidate to fix the scalability, mobility and network efficiency issues of today's TCP/IP-based Internet, by replacing the host-centric network architecture to a data-centric one. This conceptually simple change helps us to be more clearly on how to design, develop and use networks and applications. In NDN, the usage of named content, powerful routers and intermediate cache give us several advantages especially in scalability, mobility and network efficiency, however, at the same time, some security features have to be explored. One of the examples is to make censorship more easily to deploy. In this thesis we study the robustness of file transmission in NDN in the face of censorship. There are two most effective types of attacks for the possible censorship techniques in NDN: (i) name-watchlist attack and (ii) deep packet inspection (DPI). Existing solutions against censorship in IP-based network and NDN either cannot defend against both attacks or disable the cache mechanism, which is one of the major characteristics of NDN, then the network efficiency will be decreased. Our research is about how to achieve privacy-preserving and anti-censorship in NDN. The first part of our research is to show by simulation that the file transmission in NDN is robuster than that in TCP/IP-based network since NDN allows multiple outgoing faces for forwarding an Interest packet. After that we propose our design of the anti-censorship systems and evaluate our proposed schemes using security analysis and simulations. We show that our solutions are available to mitigate the performance overhead and keep the network efficiency in a well-performed level. Our primitive design assumes the existence of the Public Key Infrastructure (PKI) in NDN but does not need to pre-share any information between the data producers and consumers by name renaming using encryption. However, name renaming makes the intermediate cache mechanism of NDN disabled, then there will be a trade-off between the benefits of the anti-censorship and the network efficiency, so we further improve our scheme to the new design. Our improved design adopts the idea of proxy web servers and brings in the concept of smart routers such that the intermediate cache mechanism can be enabled again for network efficiency improvement. In this scheme we will make use of the smart routers to perform a second-time disguise of the NDN packet name, then when a consumer can connect to a smart router, the consumer will be able to retrieve the corresponding interested Data packet. After showing the detailed design of our schemes, security analysis and simulation result, together with performance evaluation will be carried out. We simulate our anti-censorship scheme using ndnSIM, which is an open source NS-3 based simulator for NDN simulation. Our simulation result shows that although our scheme brings extra performance overhead, the use of smart routers enables the usage of intermediate content store and mitigates the overhead.