Security, Privacy, and Access Control in Information-Centric Networking: A Survey (1603.03409v3)

Abstract: Information-Centric Networking (ICN) is a new networking paradigm, which replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet, mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents origin. Content and client security are more intrinsic in the ICN paradigm versus the current host centric paradigm where they have been instrumented as an after thought. By design, the ICN paradigm inherently supports several security and privacy features, such as provenance and identity privacy, which are still not effectively available in the host-centric paradigm. However, given its nascency, the ICN paradigm has several open security and privacy concerns, some that existed in the old paradigm, and some new and unique. In this article, we survey the existing literature in security and privacy research sub-space in ICN. More specifically, we explore three broad areas: security threats, privacy risks, and access control enforcement mechanisms. We present the underlying principle of the existing works, discuss the drawbacks of the proposed approaches, and explore potential future research directions. In the broad area of security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning. In the broad area of privacy, we discuss user privacy and anonymity, name and signature privacy, and content privacy. ICN's feature of ubiquitous caching introduces a major challenge for access control enforcement that requires special attention. In this broad area, we review existing access control mechanisms including encryption-based, attribute-based, session-based, and proxy re-encryption-based access control schemes. We conclude the survey with lessons learned and scope for future work.

• The paper provides a comprehensive survey of ICN security, privacy, and access control, critically assessing attack types like DoS, content poisoning, and cache pollution.
• It categorizes mitigation strategies such as signature verification, rate limiting, and collaborative caching while addressing trade-offs between security effectiveness and performance.
• The paper concludes with a roadmap for future ICN research, recommending scalable naming schemes, robust caching frameworks, and decentralized access control solutions.

Overview of Security, Privacy, and Access Control in Information-Centric Networking

The survey titled "Security, Privacy, and Access Control in Information-Centric Networking: A Survey" by Tourani et al. provides a comprehensive analysis of the existing literature in the domain of Information-Centric Networking (ICN). It offers a critical examination of security, privacy, and access control (AC) concerns, focusing on ICN's potential to redefine communication paradigms by emphasizing content delivery over host-centric approaches.

Security Challenges in ICN

In addressing security, the paper thoroughly categorizes attacks into denial of service (DoS), content poisoning, cache pollution, and others, while discussing proposed mitigation strategies across various ICN architectures. One focal point in DoS attacks is the interest flooding, which manipulates interest packets to overload the network. The survey highlights rate limiting and collaborative approaches as countermeasures, emphasizing the struggle to maintain QoS for legitimate users while mitigating attacks. A nuanced analysis points to a trade-off between security efficacy and system responsiveness.

For content poisoning, where attackers introduce invalid content into caches, the authors discuss signature verification methods, revealing scalability and computational challenges. Proposed solutions often demand routers to validate content in transit, impacting their processing speed given resource constraints.

Cache pollution attacks, which artificially inflate the popularity ranking of certain content, are discussed with a focus on strategies that thwart locality disruption and false locality. The proposed solutions balance between detection efficiency and computational overhead, recognizing a gap for scalable yet secure caching frameworks.

Privacy Concerns in ICN

The privacy discussion underscores the intricacies of timing and monitoring attacks, which exploit cache behaviors to infer client interests and content locality. Solutions such as introducing delays are critiqued for impacting user experience, while enhanced collaborative caching emerges as a potential path to secure privacy without sacrificing performance.

Anonymity and censorship resistance receive significant attention, especially concerning the inherent exposure in content naming schemes. The paper categorizes solutions into proxy-based and direct methods, noting the computational challenges linked to encryption and routing through anonymity networks.

Access Control Mechanisms

Access control in ICN is notably challenging due to the decentralized nature of content distribution. This paper divides existing strategies into encryption-based and independent solutions, with further subdivisions based on cryptographic frameworks. Broadcast and proxy re-encryption schemes aim to leverage efficient key distribution, yet face hurdles in dynamic key revocation and client authentication without a persistent online authority. The analysis presents a candid reflection on the inefficiencies and additional infrastructure burdens these AC mechanisms impose.

Implications and Future Directions

The paper concludes by synthesizing the lessons learned through its exhaustive review, advocating for holistic solutions that seamlessly integrate security, privacy, and access control into ICN frameworks. The discussion stresses the importance of fundamental architectural redesigns and interdisciplinary innovations to fully harness ICN's potential.

Future research is encouraged to tackle scalable naming schemas, develop robust caching strategies that balance security with latency, and design access control systems inherently resilient to ICN's distributed nature. The paper indicates a research trajectory that aligns with evolving network paradigms, where enhancing content availability, ensuring privacy, and mitigating security threats are paramount. The authors suggest that ICN's intrinsic attributes, like name-based routing and in-network caching, be leveraged to create a more resilient and efficient network fabric. The paper does not only offer a survey of current literature but proposes a roadmap for researchers aiming to advance the field of Information-Centric Networking.