Threat identification and risk assessments for named data networking architecture using SecRam

Abstract

Named Data networking is an instance of information centric networking, aims to improve the performance of the Internet by using in-network caching at storage-enabled routers and provide name based content access. However, name based content access and in-network caching make Name Data network vulnerable to new security attacks like cache pollutions, cache poisoning, false locality, cache snooping and interest flooding, etc. In this paper, we have evaluated NDN security principles, the impact of threats, ratified various security enablers, and built-in mitigation actions to combat security attacks. We have systematically applied SecRam in NDN for statistical security risk assessment, identification of run time threats, and assessment of available methods to mitigate these threats, as SecRam considers operational focus areas and proved useful for identification and severity assessment of run time threats. We have modified SecRam and used it in an entirely different domain, i.e., to a computer network, as SESAR proposed SecRam specifically for ATM systems that cannot be directly applied to another context. According to the best of our knowledge, it is the first attempt for a complete risk assessment of NDN. We have concluded this paper by defining a set of open security challenges that should be considered by future researchers.

Keywords

Named data networking future internet architecture threat identification attack modeling risk assessment SecRam

Table 1
Abbreviations used in this paper

Abbreviation	Explanation
NDN	Name data networking
FIB	Forwarding information base
PIT	Pending interest table
CS	Content store
I_Pckt	Interest packet
D_Pckt	Data packet
PKI	Public key infrastructure
NDO	Name data object
Interests	Interest packets
PA	Primary assets
SA	Secondary assets
TCP	Transmission control protocol
IP	Internet protocol

Figure 1.

NDN layered architecture.

1. Introduction

Named Data Networking (NDN) [1] is a content-centric networking based Internet architecture, proposed in 2010 (NSF sponsored) to cope with a future demand of the Internet as well to overcome the imperfections in current TCP/IP based Internet. NDN focuses on content delivery based on directly addressable content and considers content as a top priority rather than location, provider, or users. The usage pattern of the Internet has changed dramatically over the past decade, and now the most Internet traffic includes video data, and users are now only concerned about the fast content access irrespective of its location. NDN considered security in its architecture from the beginning that was not considered at the time of designing TCP/IP based Internet and later, it is provided as patches that lead to various security vulnerabilities. NDN uses the same thin waistline hourglass architecture as TCP/IP but with different layers (Fig. 1) and different functions and able to overcome most of the shortcomings (unintegrated security functions, point-to-point communication, location-dependent addressing, stateless, and symmetric protocols, etc.) existing in our current Internet architecture. NDN added an extra layer “security” in its architecture that provides end-to-end encryption, secure access control mechanism that provide security to the user and the content but at the same time NDN’s router side caching and Name-Based content access gives rise to new types of security attacks like cache pollutions, cache poisoning, false locality, cache snooping and interest flooding, etc. For being a perfect candidate for the future Internet, NDN should provide proper mechanisms to mitigate existing security vulnerabilities. Methodological assessments of the system are essential as well as necessary for understanding its functioning, significance, and shortcomings. In this paper, we have used a structured methodology to identify threats, attack models, and associated risks in NDN. Attack Modeling and methodological risk assessment can help system architects, designers and administrators to make a secure system and make a resilient decision in run time. We have used SecRam [2], a recent risk assessment methodology, in an entirely different context. We have systematically applied SecRam in NDN for statistical security risk assessment, identification of run time threats, and assessment of available methods to mitigate these threats, as SecRam considers operational focus areas and proved useful for identification and severity assessment of run time threats. There is a tradeoff between the performance and security of the system. NDN needs to identify and mitigate the most severe security risks to provide an appropriate level of protection without compromising the performance of the system. SecRam identifies the assets and divides them into two categories: primary and secondary assets. In the next step, it ranks the related risks quantitatively by identifying various threat scenarios and likelihood. The security threats can then be treated according to the security and performance requirement of the user. We have established context and set the scope for security analysis of Name Data Networking architecture, various threats, attack models, risk assessment and built-in security controls and enablers, and new enhancements recommendations. We have verified the underlying security enablers and controls to see if they can be used flexibly according to the user needs on run time. The three main security objectives defined for an information system are confidentiality, which roughly equals to privacy or disclosure of information; Integrity, which is related to the modification of content by unauthorized entity and Availability, which ensures that information is available to the authorized user. Most of the security attacks are launched to disrupt one or more than one of the defined objectives. System architects and security administrator design and uses various security mechanisms, protocols, services to ensure all of the objectives as mentioned earlier (CIA). The most promising and hassle-free way to secure a system is to provide security by design, and most of the security architects are recommended to use and design application that provides security as an inherent feature rather than provided by some add-on application. NDN architecture added a new layer “security” that deals with all aspects of security. Building blocks on NDN security are security keys, trust policies, and NDN certificates. NDN have only two types of packets i.e., Interest packet and Data Packet. Interest packets are used to pull information from the producer and consumer get data in form of Data packets. D_Pckts that are signed using a public key so that communicating parties can verify the authenticity of the data. All D_Pckts are encrypted to provide confidentiality and integrity. I_Pckts are not encrypted and can revel user information and can lead to an attack on privacy. One of the primary attacks on the network layer is prefix hijacking [3]. Prefix hijacking is not effective in NDN, as its architecture keeps track of unsatisfied I_Pckts that further help in identifying I_Pckts leading to prefix hijacking. The NDN is susceptible to significant attacks in the strategy layer only. Common scanning attacks like port scanning is also not effective in NDN as it is infeasible to scan all prefixes hosted by a producer. NDN routers use rate limits that help at the time of congestion and reduces the packet retransmissions. Common application-layer attacks like Dos and DDoS are not effective in NDN as it stores incoming requests in its pending Interest tables. Upon initial pull of requested content from its producer, it is cached on the NDN router, and subsequent interests are retrieved from the cache of these routers. Therefore, the network itself will limit the number of Interests reaching the victim. NDN is developed with a strong idea of security by design. NDN aims to handle an enormous amount of Internet traffic efficiently. The fundamental principle behind developing NDN is to deliver content based on the content names rather than host and to break the point-to-point communication nature of IP based Internet and provides stateless service with the help of caching.

The attacker’s main objectives are to disrupt communication by attacking cache, hosts, and to find private information. In this paper, we have performed the security risk assessment of NDN, find out the run time and non-run time threats, evaluated, and verify NDN fundamental design to control security threats. The remaining paper is structured as follows, related history is described in Section 2, in Section 3, we have described various risk assessment methodology and the methodology we have used. In Section 4, we have briefly explained NDN architecture, scope, and assets. In Section 5, we have identifies various threats scenarios and preformed risk assessment in Section 6.

2. Related work

Name Data Networking is a relatively new research area, and very little research has been done on NDN risk assessment and management. In this section, we have presented the previous efforts for NDN risk assessment and surveyed various available security risk assessment standards developed in the last decade. In [4], authors have modeled various privacy attacks on name data networking using attack graphs and performed a privacy risk assessment. The authors have used multi-attribute utility theory [5] to find out the attacker’s utility and find out the most vulnerable assets. The authors have only considered attacks on privacy for their research and did not provide complete attack scenarios and threat models. NDN is most vulnerable to Denial of Service (DoS) attacks and attacks on privacy. The most common DoS in NDN are Interest flooding attack (IFA), cache-poisoning attack, cache pollution attacks, and false locality attack. These attacks are presented in [6, 7, 8, 9], but none of the paper performed a risk assessment and evaluated the impact and severity of these attacks on the performance of the system. In [6], authors have presented the method for assessing and mitigating collusive version of the Interest Flooding Attack. Dogruluk et al. [10] evaluated the timing attack and its impact on user privacy and suggested a method for mitigating this attack without compromising the performance of the system. Authors have not defined attacks and threats models and only considered one scenario for risk assessment. Later in this section, we have presented a brief survey on the popular security risk assessment standard.

Lot of work has been done in the field of security risk assessment and management and it leads to development of various risk assessment standards, frameworks, guides and method i.e. ISO27005 [11], NIST SP800-30 [12], ENISA [13], CRAMM [14], OCTAVE [15], SecRam, AURUM [16], QUIRC [17], AS/N25 4360 [18], CORAS [19]. Among all these ISO2700, ENISA, OCTAVE, BSI, MITRE are well established and used in copious contexts.NIST SP 800-30 is published in 2002, and it is one of the first documents published on security risk management; most of the security management standards, reports, techniques, and guides are based on it. NIST SP 800-30 primarily focuses on securing IT infrastructure, mainly where assets reside. It has an entirely technical perspective and involves nine steps in three stages. NIST SP 800-30 lacks asset identification and provides only one way for calculating risk.

ISO27005 is another well-established latest security risk management standard published in 2008. It is widely used in various contexts, both commercial and government sectors. ISO 27005 is part of ISO 27000 standard and establish that security practices should be carried out according to the industry, organization characteristics, and scope of its information security management system. ISO 27005 imply a continual process that consists of structures sequence of iterative as well as non- iterative activities for establishing risk management context which includes scope, methods, policies and compliance obligations for qualitative and quantitative risk assessment as well as treatment of risk appropriately; monitoring and reviewing security risks on continual basis with communication to others parties. ISO 27005 does not specify any particular risk management method. Different from NIST SP 800-30 and OCTANE, ISO 27005 is more flexible towards defining their risk parameters. Another standard ISO 31010:2009 suggests guidelines for the Risk Management designing, implementation, and maintenance throughout the organization and emphasizes on ERM (Enterprise Risk Management). The scope of this risk management approach is to enable all operation, strategic and management tasks of an organization throughout projects and processes to be aligned to common management objectives. It gives consideration to all types of information security risks unlike 27005, which is specific for information security risks only. AURUM is presented as a method for supporting NIST SP 800-30 document as NIST SP800-30 lacks concrete implementation suggestions, risk mitigation, and countermeasure methods. AURUM supports all three risk management processes of NIST SP 800-30, namely risk assessment, risk evaluation, and risk mitigation. CRAMM is another risk assessment method developed by the British government and used for government and large bodies. It is still used in the UK as well as outside the UK. It consists of three stages. The first two stages consist of quaternary and guidelines, which are used to identify risk, and the third stage is all about mitigating and managing the risk. MEHARI is an RA (risk assessment) and RM (risk management) method. It combines knowledge base (available in excel) and suits of tools for threat analysis, probability of occurrence and analyzing various risk scenarios.

OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a technique for security risk assessment and planning. Octave focuses on operational risks and practices, not on technologies. OCTAVE is a qualitative risk analysis methodology; the main drawbacks of OCTAVE are its complexity and lack of mathematical modeling (quantitative risk analysis). Quantitative risk assessment methodologies are intended to measure, define, and predict the likelihood and the occurrence of the threat. In apposition of qualitative risk assessment techniques, the quantitative risk assessment does not require to have costly experienced expert all-time in the threat assessment process. SESAR (Single European Sky ATM Research) developed a methodology for security risk assessment of air traffic management it is a quantitative risk assessment methodology, which is also applied in cloud-based ATM environment. Security Risk Assessment Methodology (SecRAM) is ISO 2700 standard-based and pertained to air traffic control systems as well on cloud-based ATM (air traffic management).

Risk estimation methodologies also have been applied to new network paradigms like wireless sensors networks and cloud computing. Wireless sensor networks and cloud computing have different security requirements and various constraints, so risk estimation has to be done differently. Cloud computing heavily relies on the core hardware platform, software services, network, and infrastructure. Cloud computing characteristics give rise to new security requirements like mutual auditability and multiparty trust. Another platform QUIRC is proposed to risk assessment in cloud computing. It is quantitative, iterative and the probability of a ‘threat event and it’s sereneness, measured as its impact. Risk assessment methods also have been proposed for cyber-physical systems like smart grid and smart metering and discussed in SecAmi [20].

NDN considered security from the initial phase of designing and considered secure, but still, there exist several security challenges and needs risk assessment method, customized according to this futuristic Internet architecture. NDN design is inherently safe, and it is out of the scope of this paper to compare NDN security with other networking architecture. In [21], authors have discussed the NDN architecture, protocols, applications, and future prospective. Zhang et al. [22], explored the security protocols and issues of NDN. We have chosen SecRam to perform risk estimation of NDN as it is a recent and well-defined risk estimation methodology. It facilitates risk assessment from the beginning of the development life cycle that also includes the architectural phase. In this paper, we are applying SecRam to an entirely new context (NDN) for risk assessment study, considering total assets and their values to NDN architecture.

Figure 2.

SecRam methodology.

3. Risk assessment methodology

Our proposed risk assessment and threat evaluation methodology follows ISO 25005 based SecRam methodology. SecRam was proposed and developed by the SESAR program as a cost-effective, reliable, and proportionate risk assessment methodology for Air traffic control management system. SecRam is an effective way of performing risk identification, evaluation, and treatment (Fig. 2). We have used SecRam in an entirely different context and made certain changes, as it was developed for ATM, and it cannot be directly applied for Internet architectures. The changes are performed for impact assessment to identified threats in Name Date Networking.

For proper consisting results, a risk assessment methodology required to have a specific boundary that restricts our analysis area establishes the scope for analysis and criteria that will be used to analyze the system. Following are steps of the security risk analysis process, which should be followed for defensible results.

viii. i.
Establishment of context and scope: it is the very first step, defines the scope of the risk assessment process, and sets various criteria against which risk assessment has to be done for NDN. Both internal as well external contexts are necessary for effective and proper risk management.
ii.
Identification of assets, threats, and threat scenarios: it is crucial to clearly identify both primary and secondary assets as well as sources of threats and their related threat scenarios.
iii.
Identification of existing controls: Identifying inbuilt security controls provided in NDN architecture.
iv.
Identification of vulnerabilities: identifying various vulnerabilities exists in the system even after using security controls and without using these controls.
v.
Evaluate the impact of attack-Identifying the consequences of the exploitation of security vulnerabilities even after using provided security controls.
vi.
Evaluate the likelihood and level of Risk-Assessment of the likelihood of the attacks for the system (NDN).
vii.
Risk evaluation and treatment: It includes verifying the security risk level against information security objective and treatment of that risk using certain security measures (risk reeducation, risk retention, avoidance, and transfer) and communicate to all needed parties. Risk evaluation should be performed both quantitatively and qualitatively.
viii.
Security control: It is the last step, and it includes the implementation of security controls identified in the risk treatment step.

Table 2
NDN routing protocols comparison

Author and routing protocol Properties Advantages Drawbacks

Lang et al., 2012 (OSPFN) OSLA OSPF enhancement I based Multipath forwarding use Repo/SYNC No Update authentication Depends on IP address for router ID Repo based Sync leads to memory problems

Hoque et al., 2013 (NLSR) OSPFN enhancement name based OLSA broadcast LSA pull update mechanism Full Multipath forwarding good stability and scalability use ChronoSync so sync support No update authentication router overhead Scalabilty over internet

Dai et al., 2012 (two layer protocol) Two-layer design: Topology maintaining layer and a pref announcing layer push updates mechanism Best scalability and stability by name aggregation support multipath routing No updates authentication no sync support limited multipath forwarding

Liu et al., 2016 (SDAR) DSN based centralized control plane Support adaptive forwarding support multipath routing Controller placement trust and security

Lehman et al., 2016 (hyperbolic routing) Location based shortest distance Low memory consumption best for scalability and stability very fast and simple No update authentication computation burden local minima trap issue

4. Context, scope, and assets

Author and routing protocol	Properties	Advantages	Drawbacks
Lang et al., 2012 (OSPFN)	OSLA OSPF enhancement I based	Multipath forwarding use Repo/SYNC	No Update authentication Depends on IP address for router ID Repo based Sync leads to memory problems
Hoque et al., 2013 (NLSR)	OSPFN enhancement name based OLSA broadcast LSA pull update mechanism	Full Multipath forwarding good stability and scalability use ChronoSync so sync support	No update authentication router overhead Scalabilty over internet
Dai et al., 2012 (two layer protocol)	Two-layer design: Topology maintaining layer and a pref announcing layer push updates mechanism	Best scalability and stability by name aggregation support multipath routing	No updates authentication no sync support limited multipath forwarding
Liu et al., 2016 (SDAR)	DSN based centralized control plane	Support adaptive forwarding support multipath routing	Controller placement trust and security
Lehman et al., 2016 (hyperbolic routing)	Location based shortest distance	Low memory consumption best for scalability and stability very fast and simple	No update authentication computation burden local minima trap issue

4.1 Context

This paper is focused on the security analysis of Name Data Networking architecture, its components, strategies, and applications. NDN is projected as the most auspicious Internet architecture for the future, and this architecture must be more secure then present Internet and avoid existing security attacks. NDN reference model and architecture are shown in Fig. 1. NDN has different architecture then TCP/IP but shares some properties as NDN also follows the end-to-end principle; both architectures have an hourglass shape and uses datagram for communication. NDN and TCP/IP also have some dissimilarities, like IP uses IP addresses, and NDN uses its own content naming method. Names are hierarchical, and they contain a sequence of name components. Name component is defined as:

NameComponent $=$ GenericNameComponent / ImplicitSha256DigestComponent / ParametersSha256DigestComponent / OtherTypeComponent

NDN uses components and interfaces to forward packets to the next node. The paramount constituents of NDN architecture are Content Store (CS), Pending Interest Table (PIT), Forwarding Information Base (FIB), and associated strategies and protocols. NDN routers maintain three data structures PIT, CS, and FIB. Users in NDN requests content by sending I_Pckts (Interest_Packets) (Fig. 3), and the user gets content in the form of D_Packet (D_Pckts).

Figure 3.

NDN packet format.

Figure 4.

NDN working flow chart.

Figure 5.

NDN security attacks taxonomy.

Table 3

NDN forwarding strategies

Forwarding Strategy	Policy	Operational mode
Best route (Afanasyev et al.) [32]	Multicast flooding	Uncoupled
Multicast (Zhang et al.) [1]	Selective multicast	Uncoupled
CORBA (Tortelli et al.) [33]	SBF based FIB using routing hints	Uncoupled
INFORM (Chiocchettiand et al.) [34]	Based on Q routing	Uncoupled
Probabilistic (Lie et al.) [35]	Entropy-based forwarding	Uncoupled
CollaCache (Rao et al.) [36]	Two-level hierarchical forwarding	Coupled
NbSc (Wong et al.) [37]	Index table search based on neighborhood	Coupled

Table 4

Name data networking primary assets

Primary assets	Type	Description
User Data	Information	Any data transferred from content provider to user and user to content provider.
Management data	Information	Data related to the proper functioning of network, e.g. policies, cryptographic keys, configurations, etc.
Communication	Service	Various services that help in transferring data from one system to another.
Computing resources of NDN routers	Service	Computing resources like memory, storage, processor, etc.

The only required component of I_Pckts is Name, and other components are optional to use like interest signature, interest lifetime, nonce, forward hint, and CanBePrefix of not. D_Pckts contains the data, signature and other meta information like content type, freshness period and FinalBlockID.

Name data objects are cached at CS, and user (requester) can access the data by sending I_Pckts. NDN interest can be flooded or sent on a specific interface. When an I_Pckt arrives at a router, router search in its content store for the requested data. It performs searching using an exact prefix match. If there is a match, it sends the requested data back on the incoming interface. If there is no match, then the router looks into its PIT for previous unsatisfied requests for the same content. If the router finds earlier requests for the same data, then it adds a new interface to previous entries, and if a router does not find any entry, then it creates a new entry in the PIT and sends a request packet to the FIB. FIB contains the entries filled by routing protocols. Router searches the FIB for the longest prefix match and forwards the I_Pckt to the next node according to the entry found in FIB. The working in NDN is defied in Fig. 5. Name lookup is performed at PIT for every miss in the cache. The number of I_Pckts and size of PIT is vast in bigger networks and may become bottlenecked even it may grow to maximum size and results in overflow, and it will start discarding new requests. FIB lookup is a resource-intensive process, as it performs the longest prefix match on entries in FIB and has to scan a large number of characters before finding an exact match, and sometimes it needs to scan the entire table. NDN hierarchical naming scheme makes it difficult to aggregate prefixes in comparison to IP. There are various name aggregation schemes are proposed for NDN based on hash tables, bloom filters, recursion methods, etc. These aggregation schemes and their impacts are discussed in [23, 24, 25, 26]. Routing disseminates the initial network topology and policy information. NDN separated the routing and forwarding plane. Routing algorithms are used to populate FIB that is suede to forward I_Pckts to the next nodes. The selection of the appropriate path is performed on FIB by separate forwarding algorithms. The complete routing process in NDN can be divided into three significant steps, i.e. (i) Name resolution (ii) discover (iii) delivery. Name resolution translates Name Data Object (NDO) into its locator. Discovery routes the requests to the content (requested data) based on Names. The last step delivery sends the content to the requester. Routing protocols are used to fill up FIB in NDN routers, and they can be classified into two categories, i.e., interdomain and intradomain routing. The five main protocols proposed for intradomain routing are OSPFN [27], NSLR [28], Two-layer routing [29], SDAR [30], and hyperbolic routing [31]. We have provided a comparative study of routing protocols in Table 4. OSPFN is a modified version of OSPF (used in IP networks) to use in NDN, we have used OSPFN as the default routing protocol in this paper. NDN architecture separate routing and forwarding in different planes that allow designers to design new routing protocol without considering forwarding algorithm. The significant factors for formulating a forwarding strategy are – efficient interface checking, selection of on-demand paths, context-based selection, and work paths. A lot of work has been done in the field of NDN forwarding designing we have listed these strategies in Table 3. It is out of the scope of this paper to describe these forwarding strategies here. For the sake of simplicity, In this paper, we have considered using only BestRoute forwarding strategy. NDN recommends each data packet to be encrypted by public-key encryption, but it increases the complexity as each packet needs to be decrypted for proper routing. To authenticate using a digital signature, NDN needs a trustworthy key management system that can reliably distribute public key certificates, public keys, and revoke and validate them.

4.2 Scope

Context establishment bounds various parameters of analysis, define criteria, and sets the scope for the process. The setting of scope determines what and which information we want to secure. We have considered various vulnerabilities presents from designing, runtime attack on NDN and evaluating available built-in countermeasures and APIs. Mitigations of security attacks and new proposed strategies and protocols are kept out of the scope.

We have considered a simple NDN network with in-path caching. There are two types of nodes in the network

(a) (a)
End users: Data provider (repositories) and consumer nodes. These nodes can request the data as well as provide data in response to a request message. They do not have a caching facility.
(b)
Intermediate nodes or routers: These nodes have a caching facility and can store data for full filling further requests. CS, FIB, and PIT tables reside on these nodes.

End-users rely on intermediate routers and TCP/UPD (transport layer) for transporting the data and cannot see through the protocols, content of CS, FIB, and PIT. Nodes can communicate via both wired and wireless communication. A malicious node (or AP) can attack directly connected nodes as well as by using intermediate routers. The analysis is also performed for Identification, authentication, and authorization.
4.3 Assets identification

We have considered two types of assets, i.e. Primary and supporting assets (SAs). Primary assets (PAs) are considered as main assets, and they are the target of attackers, and they are valuable for owner and network. A successful attack harms a PA, which can lead to a negative impact on network operations. SAs supports PAs and involved in processing storing or transmitting/transporting PAs. Vulnerabilities present in SAs can be exploited to attack PAs. All primary assets are connected to at least one secondary asset; also, SAs are connected to at least one PA. PAs are listed in Tables 4 and 5 consist of secondary assets.

5. Threat scenarios

This paper focuses only on the intentional threats to the NDN network. Therefore, we have not considered all of the threats, which also include accidental, natural, unintentional misconfigurations, faults, terrorist damage, etc. In this section, we have only discussed the threats described in scope (Section 4.2). All the specified threats target the CIA (Confidentiality, Integrity, and availability) of the system. All the attacks are considered independent of each other and target different scopes. Attack graph and attack trees are also used in some literature for attack modeling, and it may involve exploitation of multiple vulnerabilities present in the system to launch an attack [4, 38]. Tables 6 and 7 consists of attack scenarios for DoS and privacy respectively. In NDN architecture data is transferred with the help of I_Pckts and D_Pckt which is routed by the help of Names and interfaces only.

If the attacker is not a part of the network even then, he can go for physical layer attacks, which include network sniffing, and as I_Pckts are not encrypted and contain simple names, he can guess a lot of things about what user is requested from the network. But for that, the attacker has to sniff data between a legitimate user and directly connected routers. An attacker can also be part of the system (unprivileged user) as a data provider and data requester. We have listed all the identified invasive and non-invasive attacks.

Table 5
NDN secondary assets

Secondary assets	Related primary assets
MA (user management agent)	Management data
Resource allocation	Computing resources
Content name manager, content name authenticator	Management data, service
FIB, PIT, CS, flow allocation	Communication, computing resources
PKI, PKG, NDN certificates	User data, management data

Table 6

NDN security attacks scenarios

Threat ID	Supporting asset	Description
A1	PIT, CS	The attacker sends too many I_Pckts to request genuine content, which is not cached at intermediate NDN routers. (Interest flooding attack).
A2	PIT, FIB	An attacker sends an enormous amount of I_Pckts to request nonexistent data. (Interest flooding attack).
A3	FAS, CS, PIT	The malicious Content source (attacker-controlled source) releases contents with a prolonged speed that increases service time. (Piling requests attack).
A4	FIB	The malicious Content source (attacker-controlled source) send/update content at a high frequency that results in FIB overflow. (Excessive Content publication or updation attribute.
A5	RA	Attacker requests for parallel processing (e.g., Parallel file download) for cached content to increase average response time. (Chunk based state multiplication attack [39].
A6	CS	Attacker requests for parallel processing (e.g., Parallel file downloads) for non-cached content to increase the average response time of content source. (Chunk based state multiplication attack).
A7	CS	The malicious Content source (attacker-controlled source) insert (advertise) fake content, forged signature with legitimate names. Increase retransmissions. (Content poisoning attack [8].
A8	CS	CCN routers cache memory is populated with unpopular content intended to bypass cache hits and forward interests towards CS to reduce cache efficiency and increase cache service time. (Cache pollution attack).
A9	CS	Attacker frequently requests for cached content at the router to increase its cache popularity, which results in a reduction of cache hits for legitimate users (cache pollution attack).
A10	RA	The malicious content source (attacker-controlled source) exploits the NDN routers caching system to retrieve the signature key of newly arrived data from a specified location for validation before it stored in the cache to increase routers computation cycle per data chunk and service time (signature keys retrieval attack).
A11	PIT, RA	Black-hole and Gray-Hole attack.
A12	FIB	An attacker-controlled router engages other routers or data seeker that he has the best route to reach a destination and then discard all packets he gets.

Table 7

NDN security attacks

Threat ID	Supporting asset	Description
B1	NDN certification	An attacker can sniff I_Pckts to find out what content is requested by the user (with the help of content names) as I_Pckts are not encrypted. This attack has more impact if the attacker is near to the content requester (network sniffing).
B2	PKI, NDN certification	Sniffing D_Pckts. Even if the content is encrypted, the attacker can successfully retrieve publisher ID, key information (network sniffing).
B3	PKI, PKG, NDN certification	An attacker can steal signature from D_Pckts to find out key locators, and from the key locator, the attacker will get to know about the publisher.
B4	CS, PIT, FIB	If an attacker and the legitimate user are connected to the same router, then an attacker can get information about particular content that is requested by the user or not. For this attacker, send a request for the content he wants to check, and he gets that content after the d1 second delay. The attacker again sends that request for similar content and get it after d2 delay. If d1 is equal to d2, then the attacker can confirm that particular content is recently requested by the user. The attacker also needs to find out probing frequency before checking for an object in routers cache (timing attack [40]).
B5	CS, FIB, resource provider cache	An attacker can find out whether a particular object is cached in a router or not without updating the state of the router cache. The attacker sends a request for content (which he want to check whether it is cached on that router or not) with setting scope $=$ 2. If the attacker gets that content successfully, means that the router caches content and connected routers recently request it (non-invasive cache probing [41]).
B6	Resource provider cache	This attack on based pattern exclusion and prefix matching feature of NDN. Attacker probe for all the content on a root prefix using a prefix matching feature. Attacker discovers the whole of the namespace and cached content (additional monitoring attacks) by iteratively exploring it by using I_Pckts with the exclusion feature (object discovery attack [4]).
B7	Resource allocation, user info	In scoping attack, attacker probes content objects in the nearby cache by using the scope field in the I_Pckts. By properly scoping, an attacker can find the content cached at routers, thereby breaching privacy.
B8	CS, FIB, user info	Flow cloning attack.

6. Security risk assessment

A security risk assessment identifies threats, vulnerabilities, and risks associated with a system and gives an output in qualitative or quantitative form. Security risk assessment consists of the following four basic processes:

1.
Likelihood determination: It defines the likelihood of exploitation of a potential vulnerability by an attacker, and usually, it is described in the form of high, medium and low.
2.
Impact analysis: Defines resulting impact due to the successful exploitation of a vulnerability and it can also be defined in the form of high, medium and low.
3.
Risk determination and: This step identifies risks and opportunities that impact the critical risk areas.
4.
Control recommendations: It recommends process and control that could eliminate or reduce risk associated system.

This study uses two steps process for assessment and mitigation of security risks defined as follows.

•
Determine the level of risk associated with assets in NDN architecture without taking NDN built-in security controls and various proposed enhancements into account.
•
The above process is repeated by taking built-in security controls and proposed enhancements into account, which is subjected to risk treatment. We attempt to reduce the information security risks to an acceptable level.

Quantitative risk assessment includes the assignment of values to the likelihood and impact of the risk. SecRam methodology uses seven risk impact areas, namely personnel, capacity, performance, economic, branding, regulatory and environment. Most of the risk impact areas defined in SecRam are irrelevant (not applicable) to risk assessment of NDN architecture, so we have tailored SecRam and used performance as an only impact area for our research. SecRam also defines two types of impacts, inherited impact, and review impact. The inherited impact is the maximum impact of all CIA (confidentiality, integrity, availability) criteria among all PAs that are targeted by the attacker. The inherited impact is calculated on the basis of threat scenarios (via supporting assets), and reviewed impact calculation is usually performed by technical teams, operational staff, and independent bodies. Reviewed impact (mean to define lower impact) is generally equal to or lower then inherited impact. In our study, we have only used an inherited impact on calculations. Each threat is scaled according to Table 7. The supporting assets inherit the value for C, I, A from their Pas. The impact value is assigned and accessed according to degradation level of C, I and A. In SecRam methodology if one SA enables many PAs then it inherits the highest value among PAs and if several SAs enables same (one) PA then C, I, A criteria associated with the relevant threat that is linked to each SA is evaluated individually. The overall impact is calculated as the highest of the three impact values of C, I, and A.

Table 8
Scale for the impact on C, I, and A of the NDN information and service

Scale Description

Scale 1: No impact/not applicable

Scale 2: Minor-limited impact to the communication, but it still able to function

Scale 3: Severe-performance of PIT, FIB and CS is compromised

Scale 4: Critical performance of the DIF or DAF is compromised

Scale 5: Catastrophic-NDN network or multiple Routers are compromised

Table 9
Scale for estimation thereat scenario can be completed

Scale Description

Scale 1 Very unlikely Practically impossible

Scale 2 Unlikely Conceivable but unlikely

Scale 3 Likely Only somewhat possible

Scale 4 Very likely Quite possible

Scale 5 certain Might well be expected

Table 10
Assessed impact and likelihood of each threat

Threat ID C I A Overall impact Likelihood

A1, A2 0 0 3 3 5

a3 1 0 2 2 3

A4 0 0 3 3 3

A5 0 0 2 2 3

A6 0 0 2 2 2

A7 0 0 3 3 2

A8 0 0 3 3 4

A9 0 0 3 3 4

A10 4 4 3 4 3

A11 0 0 2 2 2

A12 0 0 2 2 1

B1 4 0 0 4 4

B2 3 0 0 3 3

B3 2 0 0 2 3

B4 3 0 0 3 3

B5 2 0 0 2 2

B6 3 0 2 3 3

B7 2 0 1 2 3

B8 2 0 0 2 2

Figure 6.
Network model used for NDN threat analysis.

Table 8 shows the overall impact and likelihood of particular threats. The overall impact and likelihood field in Table 8 is populated using Tables 6 and Table 7. The scoring we have used in the Table is 8, 9, is subjective and depends on several factors like expertise, intuition, best practices, and knowledge. In SecRam methodology, the likelihood is calculated using an average of exposure and potentiality. Exposure defined the frequency of occurrences of particular threat scenarios whereas potentiality defined how many times an attacker can attack successfully for a specific scenario. In Table 10, we have populated overall impact and likelihood of each attack scenario and risk level for each scenarios can be calculated using Table 11. The attacks with the High level of risk should be treated first. The scenarios with Low level of associated can be ignored or treated when user need highest level of security. As mitigation of these attack will reduce performance of the system. We have not considered security controls for scenarios populated in the table in Table 6. In the next section, we analyze these security threats and demonstrate how built-in security controls can reduce these threats to acceptable levels.

Table 11
Risk level definition

Likelihood

Impact 1 2 3 4 5

5 Low High High High High

4 Low Med High High High

3 Low Low Med High High

2 Low Low Low Med High

1 Low Low Low Med Med

Table 12
The risk associated with each threat

Threat (ID) Impact (overall) Likelihood Risk level

A1, A2 3 5 High

A3, A5, B3 2 3 Med

A4, B2, B4, B6 3 3 Med

A6, A11, B5, B8 2 2 Low

A7 3 2 Low

A8, A9 3 4 High

A10 4 3 High

A12 2 1 Low

B1 4 4 High

Table 13
Security objective level

Security objective level Impact area Performance

Low 5 or 4 Major effects and make the system inoperable

Medium 3 Sever effects on system performance and make system partially operable

High 2 or 1 Minor or no effect on system performance

7. NDN security controls

Scale	Description
Scale 1:	No impact/not applicable
Scale 2:	Minor-limited impact to the communication, but it still able to function
Scale 3:	Severe-performance of PIT, FIB and CS is compromised
Scale 4:	Critical performance of the DIF or DAF is compromised
Scale 5:	Catastrophic-NDN network or multiple Routers are compromised

Scale	Description
Scale 1	Very unlikely	Practically impossible
Scale 2	Unlikely	Conceivable but unlikely
Scale 3	Likely	Only somewhat possible
Scale 4	Very likely	Quite possible
Scale 5	certain	Might well be expected

Threat ID	C	I	A	Overall impact	Likelihood
A1, A2	0	0	3	3	5
a3	1	0	2	2	3
A4	0	0	3	3	3
A5	0	0	2	2	3
A6	0	0	2	2	2
A7	0	0	3	3	2
A8	0	0	3	3	4
A9	0	0	3	3	4
A10	4	4	3	4	3
A11	0	0	2	2	2
A12	0	0	2	2	1
B1	4	0	0	4	4
B2	3	0	0	3	3
B3	2	0	0	2	3
B4	3	0	0	3	3
B5	2	0	0	2	2
B6	3	0	2	3	3
B7	2	0	1	2	3
B8	2	0	0	2	2

	Likelihood
5	Low	High	High	High	High
4	Low	Med	High	High	High
3	Low	Low	Med	High	High
2	Low	Low	Low	Med	High
1	Low	Low	Low	Med	Med

Threat (ID)	Impact (overall)	Likelihood	Risk level
A1, A2	3	5	High
A3, A5, B3	2	3	Med
A4, B2, B4, B6	3	3	Med
A6, A11, B5, B8	2	2	Low
A7	3	2	Low
A8, A9	3	4	High
A10	4	3	High
A12	2	1	Low
B1	4	4	High

Security objective level	Impact area	Performance
Low	5 or 4	Major effects and make the system inoperable
Medium	3	Sever effects on system performance and make system partially operable
High	2 or 1	Minor or no effect on system performance

As defined in SecRam methodology, Security controls are countermeasures to detect, evade or depreciate security risk to protect SAs. NIST classified security controls into three categories, operational, technical and management controls. Operational controls are implemented as people, technical controls are implemented as a system, and management control gives oversight of the system. Security controls consist of a measure to achieve objective defined in security risk management policies, which include actions, policies procedures and robust technical solutions. Management security controls determine whether a security risk needs to be treated or not. Action is taken whenever the risk is more than tolerating risk level for SAs defined in security objective. Tolerating risk levels are defined for low-risk levels, and medium and high risk are need to be treated to remove or reduce them to low-risk levels, as explained in step 8 of the security risk assessment process. The best strategy (security controls) for risk treatment is used after deciding whether risk needs to be reduced or removed. It is subjective but the risk with low level can be treated as tolerated and can be remaining untreated while medium and high-risk should be reduced to a tolerated level. Three parameters, i.e. likelihood, risk level, and impact, should be considered for defining security control for NDN. SESAR described two approaches for combined security controls: “Strength of control (SoC) and Defense in depth (DiD) (Fig. 7). SoC works on strengthening one type of control, whereas DiD relies on multiple control (multilayer controls) so that if one control (layer) is not able to treat the risk, then another layer start working to reduce the risk to an acceptable level. SoC is usually used in low to medium risk, and DiD is used for treating high-risk threats. Both mechanisms can be used in the system to thwart the attacker according to the severity of the attack.

Figure 7.

Protection strategies; (a) DiD (b) SoC.

Table 14

Security control for threats with high risk

Threat Id	Security control	Major challenges	Inbuilt NDN security control
A1	Authenticate users before accepting interests. I_Packts should be watched to identify I_Pckts and interface responsible for the attacks. The interface should be banned, and consecutive I_Pckts should be dropped.	To identify the attacking interface and attack packets. False-positive will have severe effects on network performance.	The user authentication procedure is included.
A2	Authenticating the user before making a connection. Identify existing content and banned interface requesting for the content.	Identify requests for non-existing content is difficult as it needs to check for every new request. It is even more complicated if the system is attacked in a slow pace manner.	User authentication system.
A8	Authenticate users and Ban interface that responsible for the attack. requesting content, Remove entries from PIT and FIB.	User authentication is a resource-consuming task. Attack identification is also tricky at wrong identification will result in the degradation of system performance.	User authentication.
A9	User Authentication and ban interface, sending a repeated request for the same content.	Difficult to identify the attacker.	User authentication.
B1	User authentication and encrypted I_Pckts.	Encrypting interests result in decryption and authentication at every router, and it is resource consuming.	Interest encryption is an option.

Table 15

Security control for threats with medium risk

Threat Id	Security control	Major challenges	Inbuilt security control
A3	Content provider authentication, ban attacker interface, remove cached data from CS and remove entries from PIT and FIB.	Finding the interface is controlled by the attacker, removing entries may result in degraded performance.	Content provider authentication.
A4	Content source authentication, banning of the content provider, revoking session key, removing malicious entries from FIB.	It’s hard to find Malicious entries and remove from all routers. A content provider is user-controlled it may be hard to detect.	Source authentication, key revocation.
A5	User authentication, resource allocation, limit parallel processing.	Hard to detect and resource allocation is difficult without proper detection.	User authentication.
B3	Encrypting publisher info, encoded key ID.	Content provider information encryption will reduce networking performance due to its resource-intensive calculation.	Encryption publisher inform option is available for applications.
B4	Encrypted content names, interest padding.	The encrypted and encoded name again results in degradation of system performance.	Encoded names option available for applications.
B6	User authentication, probe speed limit, banning interface.	Difficult to detect slow speed attack, user authentication is resource consuming.	User authentication.

We have identified and considered the security controls needed for threats with High Risk (Table 14) and Medium Risk (Table 15). The identified security controls reduce the high and medium risk to an acceptable level to respective associated SAs. The High-level risk should be treated with high priority. Both protection strategies, DiD and SoC (Fig. 7) is used to determine security controls. From Tables 14 and 15, it is explicitly clear that most of the security threats are mitigated or reduced to an acceptable level after using this mechanism (or security controls) that are provisioned by NDN and considered built-in security enablers in NDN, which satisfy security requirement. Some of the security threats can be identified by using just an effective monitoring system. As for attacks mentioned as ID A1 and A2 can only be determined by monitoring the systems. Come attacks can also be easily reduced to an acceptable level by effective monitoring of FIB and PIT (A4, A8, A11). Finally, the NDN security controls can be summarized as follow:

•

Authentication of content provider and content requester (user).

•

Authenticating users of NDN API, that also can be implemented in system OS.

•

Access control mechanism should be used.

•

For an application that critically requires privacy the content names, I_Pckts, Key information, signatures should be made cryptographically secure.

•

Resource allocators should be enabled in a restricted or average level according to the attack.

•

The mechanism for detection attacks should be implemented in the system according to the application.

8. Conclusion and future work

In this paper, we have attempted to provide a security risk assessment of NDN and verified the role of security enablers in reducing the security threats on network performance and user’s privacy. NDN uses the content-centric and “security by designs” approach and breaks the incompatibility between the user’s needs and Internet architecture. NDN architecture is able to avoid most of the security threats that users are facing in TCP/IP Internet but also give rise to new types of security threats. We have discussed various threats scenarios and their Impact on the security of the system.

Researchers now consider NDN as the future of the Internet, and it is necessary to evaluate the impact of security threats. NDN architecture includes various security enablers that can be used according to the need of users. Security risk assessment is a crucial management function that plays an essential role in protecting the organization’s assets and helps in achieving the goal of information security. In this paper, we have primarily focused on using SecRam for NDN. We have performed our study to identify run-time threats in NDN. Using the SecRam, we have step by step identified the threats to NDN components, the risk level associated with each threat, and identified the security controls that can be used to minimize the threats to the accepted security level. We have also identified threats that are not needed to be treated in normal circumstances. We have established that some threats only required monitoring on interests and PIT and FIB. We have studied how security enablers and built-in security control reduces the risk level. This study lacks the formal analysis of NDN security controls with logical verification tools and Simulations. Our future work will include analysis of security control using NDN simulation as proof of work. From this study, it can be concluded that NDN is susceptible to security attacks, but most of the security attacks can be mitigated or reduced to an acceptable level by enabling the inbuilt security controls and also NDN required to be researched more to make it more secure and standardized the system.

References

Zhang

Estrin

Burke

Jacobson

Thornton

J.D.

Smetters

D.K.

Zhang

Tsudik

Massey

and Papadopoulos

, Named data networking (ndn) project, Relatório Técnico NDN-0001, Xerox Palo Alto Research Center-PARC 157 (2010), 158.

SESAR

A.T.M.

, SecRAM implementation guidance material, Project Deliverable 16 03–D03.

Liu

Wang

and Liu

, A case study of detecting and characterizing large-scale prefix hijackings in the internet, in: Proceedings of the 2017 VI International Conference on Network, Communication and Computing, (2017).

Singh

V.P.

and Ujjwal

R.L.

, Privacy attack modeling and risk assessment method for name data networking, Springer, (2019), 109–119.

Rao

R.V.

, Introduction to multiple attribute decision-making (MADM) methods, Decision Making in the Manufacturing Environment: Using Graph Theory and Fuzzy Multiple Attribute Decision Making Methods, (2007), 27–41.

Salah

and Strufe

, Evaluating and mitigating a collusive version of the interest flooding attack in ndn, (2016).

Xie

Widjaja

and Wang

, Enhancing cache robustness for content-centric networking, (2012).

Ghali

Tsudik

and Uzun

, Needle in a haystack: Mitigating content poisoning in named-data networking, (2014).

Chatterjee

Ruj

and Bit

S.D.

, Security issues in named data networks, Computer 51(1) (2018), 66–75.

10.

Dogruluk

Costa

and Macedo

, Evaluating privacy attacks in named data network, (2016).

11.

Djapić

and Lukić

, ISO/IEC 27000 series standards the best business practice for information security, (2000).

12.

Tejay

, Making sense of information systems security standards, AMCIS 2005 Proceedings, (2005), 450.

13.

Sarma

, Cyber security mechanism in European Union, (2016).

14.

Yazar

, A qualitative risk analysis and management tool-CRAMM, SANS Info Sec Reading Room White Paper 11 (2002), 12–32.

15.

Alberts

C.J.

and Dorofee

, Managing information security risks: The OCTAVE approach, Addison-Wesley Longman Publishing Co, Inc, (2002).

16.

Ekelhart

Fenz

and Neubauer

, Aurum: A framework for information security risk management, (2009).

17.

Saripalli

and Walters

, Quirc: A quantitative impact and risk assessment framework for cloud security, (2010).

18.

Syalim

Hori

and Sakurai

, Comparison of risk analysis methods: Mehari, magerit, NIST800-30 and microsoft’s security management guide, (2009).

19.

Lund

M.S.

Solhaug

and Stølen

, Model-driven risk analysis: The CORAS approach, Springer Science & Business Media, (2010).

20.

Shawly

Liu

Burow

Bagchi

Berthier

and Bobba

R.B.

, A risk assessment tool for advanced metering infrastructures, (2014).

21.

Saxena

Raychoudhury

Suri

Becker

and Cao

, Named data networking: A survey, Computer Science Review 19 (2016), 15–55.

22.

Zhang

Newberry

Mastorakis

Afanasyev

and Zhang

, An overview of security support in named data networking, IEEE Communications Magazine 56 (2018), 62–68.

23.

Shi

Ren

and Jiang

, ATSRA: An accelerated transmission strategy based on request aggregation in NDN, in: IEEE INFOCOM 2019 – IEEE Conference on Computer Communications Workshops (Infocom Wkshps), 29.

24.

Harada

Yan

Park

Nisar

and Ibrahim

A.A.A.

, Data aggregation in named data networking, in: Tencon 2017 – 2017 IEEE Region 10 Conference, 5–8.

25.

Shannigrahi

Fan

and Papadopoulos

, Request aggregation, caching, and forwarding strategies for improving large climate data distribution with NDN: A case study, in: (Proceedings) of the 4th ACM Conference on Information-Centric Networking, (2017).

26.

Panwar

Tourani

Misra

and Mtibaa

, Request aggregation: The good, the bad, and the ugly, in: Proceedings of the 4th ACM Conference on Information-Centric Networking, (2017).

27.

Wang

Hoque

A.K.M.M.

Alyyan

and Zhang

, OSPFN: An OSPF based routing protocol for named data networking, Technical Report NDN-0003, (2012).

28.

Hoque

A.K.M.

Amin

S.O.

Alyyan

Zhang

and Wang

, NLSR: Named-data link state routing protocol, (2013).

29.

Dai

Wang

and Liu

, A two-layer intra-domain routing scheme for named data networking, (2012).

30.

Liu

and Wadekar

, SDAR: Software defined intra-domain routing in named data networks, (2016).

31.

Lehman

Gawande

Zhang

Aldecoa

Krioukov

and Wang

, An experimental investigation of hyperbolic routing with a smart forwarding plane in NDN, (2016).

32.

Afanasyev

Shi

Zhang

Moiseenko

Shang

Huang

Abraham

J.P.

and DiBenedetto

, NFD developer’s guide, Dept Comput Sci, Univ California, Los Angeles, Los Angeles, CA, USA, Tech Rep NDN-0021, (2014).

33.

Tortelli

Grieco

L.A.

Boggia

and Pentikousisy

, Cobra: Lean intra-domain routing in ndn, (2014).

34.

Raffaele Chiocchetti

D.P.D.R.G.R.

, INFORM: A dynamic interest forwarding mechanism for information centric networking, in: ACM, Hongkong, (2013).

35.

Lei

Wang

and Yuan

, An entropy-based probabilistic forwarding strategy in named data networking, (2015).

36.

, A dominating-set-based collaborative caching with request routing in content centric networking, in: ICC, (2013).

37.

Wong

Wang

and Kangasharju

, Neighborhood search and admission control in cooperative caching networks, (2012).

38.

Kaynar

, A taxonomy for attack graph generation and usage in network security, Journal of Information Security and Applications 29 (2016), 27–56.

39.

Ravindran

Wang

and Nichols

, Method and apparatus for content identifier based radius constrained cache flooding to enable efficient content routing, Google Patents, (2014).

40.

Mohaisen

Mekky

Zhang

Xie

and Kim

, Timing attacks on access privacy in information centric networks and countermeasures, IEEE Transactions on Dependable and Secure Computing 12 (2014), 675–687.

41.

Rathi

Ghosh

Iyengar

and Naeimi

, Data privacy in non-volatile cache: Challenges, attack models and solutions, (2016).

42.

Wählisch

Schmidt

T.C.

and Vahlenkamp

, Backscatter from the data plane-threats to stability and security in information-centric network infrastructure, Computer Networks 57 (2013), 3192–3206.

43.

Von Solms

, Information security management (2): Guidelines to the management of information technology security (GMITS), Information Management & Computer Security 6 (1998), 221–223.

44.

Suarez

, Challenges affecting a defense-in-depth security architected network by allowing operations of wireless access points (WAPs), (2003).

45.

Song

Yuan

Crowley

and Zhang

, Scalable name-based packet forwarding: From millions to billions, (2015).

46.

Silungwe

C.T.

Chiponde

and Michello

L.M.N.

, Risk reduction on infrastructure projects in the Zambian construction industry through integrated risk management (IRM) approach.

47.

Ndikumana

Ullah

and Hong

C.S.

, Scalable aggregation-based packet forwarding in content centric networking, in: 2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS), 5–7.

48.

Mousa

and Zhao

, Application aware digital objects access and distribution using Named Data Networking (NDN).

49.

Misra

Tourani

and Majd

N.E.

, Secure content delivery in information-centric networks: Design, implementation, and analyses, (2013).

50.

Lauinger

Laoutaris

Rodriguez

Strufe

Biersack

and Kirda

, Privacy implications of ubiquitous caching in named data networking architectures, Technical Report TR-iSecLab-0812-001, ISecLab, Tech Rep, 2012.

51.

Kumar

Aleem

Singh

A.K.

and Srivastava

, NBP: Namespace-based privacy to counter timing-based attack in named data networking, Journal of Network and Computer Applications 144 (2019), 155–170.

52.

Dong

and Wang

, INADS: In-network aggregation and distribution of IoT data subscription in ICN, in: 2017 IEEE International Conference on Multimedia & Expo Workshops (ICMEW), 10–11.

53.

Dai

Wang

Fan

and Liu

, Mitigate ddos attacks in ndn by interest traceback, (2013).

54.

Banerjee

, Detection/removal of cooperative black and gray hole attack in mobile ad-hoc networks, (2008).

55.

Amadeo

Campolo

Iera

and Molinaro

, Named data networking for IoT: An architectural perspective, (2014).

56.

Ahlgren

Dannewitz

Imbrenda

Kutscher

and Ohlman

, A survey of information-centric networking, IEEE Communications Magazine 50 (2012), 26–36.

57.

Adrichem

N.L.M.

and Kuipers

F.A.

, Globally accessible names in named data networking, in: 2013 IEEE Conference on Computer Communications Workshops (Infocom Wkshps), 14–11.

	Likelihood
Impact	1	2	3	4	5
5	Low	High	High	High	High
4	Low	Med	High	High	High
3	Low	Low	Med	High	High
2	Low	Low	Low	Med	High
1	Low	Low	Low	Med	Med

Threat identification and risk assessments for named data networking architecture using SecRam

Abstract

Keywords

Table 1 Abbreviations used in this paper

2. Related work

4.1 Context

5. Threat scenarios

Table 5 NDN secondary assets

References

Table 1
Abbreviations used in this paper

Table 5
NDN secondary assets