Information-Centric Networking is an emerging alternative to host-centric networking designed for large-scale content distribution and stricter privacy requirements. Recent research on Information-Centric Networking focused on the protection of the network from attacks targeting the content delivery protocols, while assuming genuine content can always be retrieved from trustworthy nodes. In this paper, we depart from the assumption of the trustworthiness of network nodes and propose a novel certification methodology for information-centric networks that supports continuous security verification of non-functional properties. Our methodology provides a complete and detailed view of the network security status, increasing the trustworthiness of the network and its services. The proposed approach builds on an enhanced certification model capturing the evolution of the system over time. It also defines certification services that fully integrate with existing networks to collect evidence on the target of certification and carry out the certification process. It finally proposes two certification processes, centralized and decentralized, balancing the impact on the network and the system performance. Efficiency, performance, and soundness of our approach are experimentally evaluated in a simulated Named Data Networking (NDN) network targeting property availability.
A security certification scheme for Information-Centric Networks / M. Anisetti, C.A. Ardagna, F. Berto, E. Damiani. - In: IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT. - ISSN 1932-4537. - 19:3(2022 Sep), pp. 2397-2408. [10.1109/TNSM.2022.3165144]
A security certification scheme for Information-Centric Networks
M. AnisettiPrimo
;C.A. ArdagnaSecondo
;F. BertoPenultimo
;E. DamianiUltimo
2022
Abstract
Information-Centric Networking is an emerging alternative to host-centric networking designed for large-scale content distribution and stricter privacy requirements. Recent research on Information-Centric Networking focused on the protection of the network from attacks targeting the content delivery protocols, while assuming genuine content can always be retrieved from trustworthy nodes. In this paper, we depart from the assumption of the trustworthiness of network nodes and propose a novel certification methodology for information-centric networks that supports continuous security verification of non-functional properties. Our methodology provides a complete and detailed view of the network security status, increasing the trustworthiness of the network and its services. The proposed approach builds on an enhanced certification model capturing the evolution of the system over time. It also defines certification services that fully integrate with existing networks to collect evidence on the target of certification and carry out the certification process. It finally proposes two certification processes, centralized and decentralized, balancing the impact on the network and the system performance. Efficiency, performance, and soundness of our approach are experimentally evaluated in a simulated Named Data Networking (NDN) network targeting property availability.
| File | Dimensione | Formato | |
|---|---|---|---|
|
pub_main.pdf
accesso aperto
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione
1.15 MB
Formato
Adobe PDF
|
1.15 MB | Adobe PDF | Visualizza/Apri |
|
paper.pdf
accesso aperto
Tipologia:
Pre-print (manoscritto inviato all'editore)
Dimensione
1.11 MB
Formato
Adobe PDF
|
1.11 MB | Adobe PDF | Visualizza/Apri |
|
A_Security_Certification_Scheme_for_Information-Centric_Networks.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
1.2 MB
Formato
Adobe PDF
|
1.2 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
