File Download
Supplementary

postgraduate thesis: Experimental work on NDN simulation for privacy related problems

TitleExperimental work on NDN simulation for privacy related problems
Authors
Advisors
Advisor(s):Hui, CK
Issue Date2016
PublisherThe University of Hong Kong (Pokfulam, Hong Kong)
Citation
Tsang, Y. [曾儒軒]. (2016). Experimental work on NDN simulation for privacy related problems. (Thesis). University of Hong Kong, Pokfulam, Hong Kong SAR.
AbstractNamed Data Networking (NDN) is one of the examples of Content Oriented Networking to be the prospective next generation network candidate to fix the scalability, mobility and network efficiency issues of today's TCP/IP-based Internet, by replacing the host-centric network architecture to a data-centric one. This conceptually simple change helps us to be more clearly on how to design, develop and use networks and applications. In NDN, the usage of named content, powerful routers and intermediate cache give us several advantages especially in scalability, mobility and network efficiency, however, at the same time, some security features have to be explored. One of the examples is to make censorship more easily to deploy. In this thesis we study the robustness of file transmission in NDN in the face of censorship. There are two most effective types of attacks for the possible censorship techniques in NDN: (i) name-watchlist attack and (ii) deep packet inspection (DPI). Existing solutions against censorship in IP-based network and NDN either cannot defend against both attacks or disable the cache mechanism, which is one of the major characteristics of NDN, then the network efficiency will be decreased. Our research is about how to achieve privacy-preserving and anti-censorship in NDN. The first part of our research is to show by simulation that the file transmission in NDN is robuster than that in TCP/IP-based network since NDN allows multiple outgoing faces for forwarding an Interest packet. After that we propose our design of the anti-censorship systems and evaluate our proposed schemes using security analysis and simulations. We show that our solutions are available to mitigate the performance overhead and keep the network efficiency in a well-performed level. Our primitive design assumes the existence of the Public Key Infrastructure (PKI) in NDN but does not need to pre-share any information between the data producers and consumers by name renaming using encryption. However, name renaming makes the intermediate cache mechanism of NDN disabled, then there will be a trade-off between the benefits of the anti-censorship and the network efficiency, so we further improve our scheme to the new design. Our improved design adopts the idea of proxy web servers and brings in the concept of smart routers such that the intermediate cache mechanism can be enabled again for network efficiency improvement. In this scheme we will make use of the smart routers to perform a second-time disguise of the NDN packet name, then when a consumer can connect to a smart router, the consumer will be able to retrieve the corresponding interested Data packet. After showing the detailed design of our schemes, security analysis and simulation result, together with performance evaluation will be carried out. We simulate our anti-censorship scheme using ndnSIM, which is an open source NS-3 based simulator for NDN simulation. Our simulation result shows that although our scheme brings extra performance overhead, the use of smart routers enables the usage of intermediate content store and mitigates the overhead.
DegreeMaster of Philosophy
SubjectComputer networks - Simulation methods
Security measures - Computer networks
Dept/ProgramComputer Science
Persistent Identifierhttp://hdl.handle.net/10722/244324

 

DC FieldValueLanguage
dc.contributor.advisorHui, CK-
dc.contributor.authorTsang, Yu-hin-
dc.contributor.author曾儒軒-
dc.date.accessioned2017-09-14T04:42:19Z-
dc.date.available2017-09-14T04:42:19Z-
dc.date.issued2016-
dc.identifier.citationTsang, Y. [曾儒軒]. (2016). Experimental work on NDN simulation for privacy related problems. (Thesis). University of Hong Kong, Pokfulam, Hong Kong SAR.-
dc.identifier.urihttp://hdl.handle.net/10722/244324-
dc.description.abstractNamed Data Networking (NDN) is one of the examples of Content Oriented Networking to be the prospective next generation network candidate to fix the scalability, mobility and network efficiency issues of today's TCP/IP-based Internet, by replacing the host-centric network architecture to a data-centric one. This conceptually simple change helps us to be more clearly on how to design, develop and use networks and applications. In NDN, the usage of named content, powerful routers and intermediate cache give us several advantages especially in scalability, mobility and network efficiency, however, at the same time, some security features have to be explored. One of the examples is to make censorship more easily to deploy. In this thesis we study the robustness of file transmission in NDN in the face of censorship. There are two most effective types of attacks for the possible censorship techniques in NDN: (i) name-watchlist attack and (ii) deep packet inspection (DPI). Existing solutions against censorship in IP-based network and NDN either cannot defend against both attacks or disable the cache mechanism, which is one of the major characteristics of NDN, then the network efficiency will be decreased. Our research is about how to achieve privacy-preserving and anti-censorship in NDN. The first part of our research is to show by simulation that the file transmission in NDN is robuster than that in TCP/IP-based network since NDN allows multiple outgoing faces for forwarding an Interest packet. After that we propose our design of the anti-censorship systems and evaluate our proposed schemes using security analysis and simulations. We show that our solutions are available to mitigate the performance overhead and keep the network efficiency in a well-performed level. Our primitive design assumes the existence of the Public Key Infrastructure (PKI) in NDN but does not need to pre-share any information between the data producers and consumers by name renaming using encryption. However, name renaming makes the intermediate cache mechanism of NDN disabled, then there will be a trade-off between the benefits of the anti-censorship and the network efficiency, so we further improve our scheme to the new design. Our improved design adopts the idea of proxy web servers and brings in the concept of smart routers such that the intermediate cache mechanism can be enabled again for network efficiency improvement. In this scheme we will make use of the smart routers to perform a second-time disguise of the NDN packet name, then when a consumer can connect to a smart router, the consumer will be able to retrieve the corresponding interested Data packet. After showing the detailed design of our schemes, security analysis and simulation result, together with performance evaluation will be carried out. We simulate our anti-censorship scheme using ndnSIM, which is an open source NS-3 based simulator for NDN simulation. Our simulation result shows that although our scheme brings extra performance overhead, the use of smart routers enables the usage of intermediate content store and mitigates the overhead.-
dc.languageeng-
dc.publisherThe University of Hong Kong (Pokfulam, Hong Kong)-
dc.relation.ispartofHKU Theses Online (HKUTO)-
dc.rightsThe author retains all proprietary rights, (such as patent rights) and the right to use in future works.-
dc.rightsThis work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.-
dc.subject.lcshComputer networks - Simulation methods-
dc.subject.lcshSecurity measures - Computer networks-
dc.titleExperimental work on NDN simulation for privacy related problems-
dc.typePG_Thesis-
dc.description.thesisnameMaster of Philosophy-
dc.description.thesislevelMaster-
dc.description.thesisdisciplineComputer Science-
dc.description.naturepublished_or_final_version-
dc.date.hkucongregation2017-
dc.identifier.mmsid991043953696003414-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats