Protecting User Privacy in a Multi-Path Information-Centric Network Using Multiple Random-Caches
Tóm tắt
In-network caching is a fundamental mechanism advocated by information-centric networks (ICNs) for efficient content delivery. However, this new mechanism also brings serious privacy risks due to cache snooping attacks. One effective solution to this problem is random-cache, where the cache in a router randomly mimics a cache hit or a cache miss for each content request/probe. In this paper, we investigate the effectiveness of using multiple random-caches to protect cache privacy in a multi-path ICN. We propose models for characterizing the privacy of multi-path ICNs with random-caches, and analyze two different attack scenarios: 1) prefix-based attacks and 2) suffix-based attacks. Both homogeneous and heterogeneous caches are considered. Our analysis shows that in a multi-path ICN an adversary can potentially gain more privacy information by adopting prefix-based attacks. Furthermore, heterogeneous caches provide much better privacy protection than homogeneous ones under both attacks. The effect of different parameters on the privacy of multi-path random-caches is further investigated, and the comparison with its single-path counterpart is carried out based on numerical evaluations. The analysis and results in this paper provide insights in designing and evaluating multi-path ICNs when we take privacy into consideration.
Tài liệu tham khảo
Koponen T, Chawla M, Chun B et al. A data-oriented (and beyond) network architecture. ACM SIGCOMM Computer Communication Review, 2007, 37(4): 181-192.
Mark A. Academic dissemination and exploitation of a clean-slate internetworking architecture: The publishsubscribe Internet routing paradigm. http://www.psirp.org/files/Deliverables/PSIRP-TR10-0003-Academic-dissemination.pdf, Mar. 2017.
Jacobson V, Smetters D K, Thornton J D et al. Networking named content. In Proc. ACM International Conference on emerging Networking Experiments and Technologies, Dec. 2009, pp.1-12.
Zhang L, Jacobson V, Tsudik G et al. Named data networking (NDN) project. http://named-data.org/, Mar. 2017.
Cho K, Choi J, Ko D et al. Content-oriented networking as a future Internet infrastructure: Concepts, strengths, and application scenarios. In Proc. the 3rd Int. Conf. Future Internet Technologies, June 2008.
Choi J, Han J, Cho E, Kwon T, Choi Y. A survey on content-oriented networking for efficient content delivery. IEEE Communications Magazine, 2011, 49(3): 121-127.
Acs G, Conti M, Gasti P, Ghali C, Tsudik G. Cache privacy in named-data networking. In Proc. the 33rd International Conference on Distributed Computing Systems, July 2013, pp.41-51.
Tourani R, Mick T, Misra S et al. Security, privacy, and access control in information-centric networking: A survey. arXiv: 1603.03409, 2016. https://arxiv.org/pdf/1603.034-09U1.pdf, Mar. 2017.
Chaabane A, Cristofaro E D, Kaafar M A, Uzun E. Privacy in content-oriented networking: Threats and countermeasures. ACM SIGCOMM Computer Communication Review, 2013, 43(3): 25-33.
Mohaisen A, Mekky H, Zhang X, Xie H, Kim Y. Timing attacks on access privacy in information centric networks and countermeasures. IEEE Transactions on Dependable and Secure Computing, 2015, 12(6): 675-687.
Mohaisen A, Zhang X, Schuchard M, Xie H, Kim Y. Protecting access privacy of cached contents in information centric networks. In Proc. ACM SIGSAC Symposium on Information, Computer and Communications Security, May 2013, pp.173-178.
Compagno A, Conti M, Gasti P, Mancini L V, Tsudik G. Violating consumer anonymity: Geo-locating nodes in named data networking. In Proc. the 13th International Conference on Applied Cryptography and Network Security, June 2015, pp.243-262.
Felten E W, Schneider M A. Timing attacks on web privacy. In Proc. the 7th ACM Conference on Computer and Communications Security, Nov. 2000, pp.25-32.
Focardi R, Gorrieri R, Lanotte R et al. Formal models of timing attacks on web privacy. Electronic Notes in Theoretical Computer Science, 2002, 62: 229-243.
Gorrieri R, Lanotte R, Maggiolo-Schettini A et al. Automated analysis of timed security: A case study on Web privacy. International Journal of Information Security, 2004, 2(3/4): 168-186.
Weinberg Z, Chen E, Jayaraman P, Jackson C. I still know what you visited last summer: Leaking browsing history via user interaction and side channel attacks. In Proc. IEEE Symposium on Security & Privacy, May 2011, pp.147-161.
Baron L. Preventing attacks on a user’s history through CSS: Visited selectors. http://dbaron.org/mozilla/visitedprivacy, Mar. 2017.
Bortz A, Boneh D. Exposing private information by timing web applications. In Proc. the 16th International Conference on World Wide Web, May 2007, pp.621-628.
Zhang G, Fischer-Huebner S, Martucci L et al. Revealing the calling history of SIP VoIP systems by timing attacks. In Proc. ARES, March 2009, pp.135-142.
Jakobsson M, Stamm S. Web camouflage: Protecting your clients from browser-sniffing attacks. IEEE Security & Privacy, 2007, 5(6): 16-24.
Schinzel S. An efficient mitigation method for timing side channels on the web. In Proc. the 2nd International Workshop on Constructive Side-Channel Analysis and Secure Design, Feb. 2011, pp.120-125.
Lauinger T. Security & scalability of content-centric networking [Master’s Thesis]. Technische Universitat Darmstadt, 2010.
Lauinger T, Laoutaris N, Rodriguez P et al. Privacy implications of ubiquitous caching in named data networking architectures. Technical Report, TR-iSecLab-0812-001, iSecLab, 2012.
Lauinger T, Laoutaris N, Rodriguez P et al. Privacy risks in named data networking: What is the cost of performance? ACM SIGCOMM Computer Communications Review, 2012, 42(5): 54-57.
Wong W, Nikander P. Secure naming in information-centric networks. In Proc. the Re-Architecting the Internet Workshop, Nov. 2010, Article No. 12.
Dannewitz C, Golic J, Ohlman B, Ahlgren B. Secure naming for a network of information. In Proc. INFOCOM Workshops, Mar. 2010.
Burke J, Gasti P, Nathan N, Tsudik G. Securing instrumented environments over content-centric networking: The case of lighting control and NDN. In Proc. Computer Communications Workshops, Apr. 2012, pp.394-398.