A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures

A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures

One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Electronics (Basel) 2022-04, Vol.11 (8), p.1-20
Hauptverfasser: Dogruluk, Ertugrul, Macedo, Joaquim, Costa, António
Format: Artikel
Sprache:eng
Schlagworte:
Access control
Cache privacy
Caching
Communication
Communications networks
Consumers
Internet Protocol
Named data networks
Names
Network topologies
Privacy
Science & Technology
Semantics
Social networks
Time measurement
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 20
container_issue 8
container_start_page 1
container_title Electronics (Basel)
container_volume 11
creator Dogruluk, Ertugrul
Macedo, Joaquim
Costa, António
description One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests. This work has been supported by FCT - Fundação para a Ciência e Tecnologia within the R&D Units Project Scope: UIDB/00319/2020.
doi_str_mv 10.3390/electronics11081265
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2652970372</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2652970372</sourcerecordid><originalsourceid>FETCH-LOGICAL-c2625-5a3253fffa56b1ee17e1a0a70f5bc6a139c28a2c0566f135a385f018a456e62c3</originalsourceid><addsrcrecordid>eNptULtOAzEQPCGQiEK-gMYS9YEfse9cRhEvKRIN1NbGWZPLwz5sX1D-HkMoKNhmp5iZ3Zmqumb0VghN73CHNsfgO5sYoy3jSp5VI04bXWuu-fkffFlNUtrQMpqJVtBR1c-IDYPPGPcIaYhIoO9jALsmLkSyjEPGuiCLJHf7zr8TyBnsNpHgiS00JH3sDmCPpPPEwx5XZAUZiMf8GeL2RxHtusvlyWKfrqoLB7uEk989rt4e7l_nT_Xi5fF5PlvUlisuawmCS-GcA6mWDJE1yIBCQ51cWgVMaMtb4JZKpRwThd5KR1kLU6lQcSvG1c3Jt6T5GDBlswlD9OWkKQVx3VDR8MISJ5aNIaWIzpQ0e4hHw6j5btf8025RkZMqWoDeRDx0KUMyrOXcNLqlU_EFnpl8jQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2652970372</pqid></control><display><type>article</type><title>A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures</title><source>MDPI - Multidisciplinary Digital Publishing Institute</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Dogruluk, Ertugrul ; Macedo, Joaquim ; Costa, António</creator><creatorcontrib>Dogruluk, Ertugrul ; Macedo, Joaquim ; Costa, António</creatorcontrib><description>One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&amp;T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests. This work has been supported by FCT - Fundação para a Ciência e Tecnologia within the R&amp;D Units Project Scope: UIDB/00319/2020.</description><identifier>ISSN: 2079-9292</identifier><identifier>EISSN: 2079-9292</identifier><identifier>DOI: 10.3390/electronics11081265</identifier><language>eng</language><publisher>Basel: Multidisciplinary Digital Publishing Institute (MDPI)</publisher><subject>Access control ; Cache privacy ; Caching ; Communication ; Communications networks ; Consumers ; Internet Protocol ; Named data networks ; Names ; Network topologies ; Privacy ; Science &amp; Technology ; Semantics ; Social networks ; Time measurement</subject><ispartof>Electronics (Basel), 2022-04, Vol.11 (8), p.1-20</ispartof><rights>2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c2625-5a3253fffa56b1ee17e1a0a70f5bc6a139c28a2c0566f135a385f018a456e62c3</citedby><cites>FETCH-LOGICAL-c2625-5a3253fffa56b1ee17e1a0a70f5bc6a139c28a2c0566f135a385f018a456e62c3</cites><orcidid>0000-0002-7285-414X ; 0000-0003-0691-1377 ; 0000-0002-5892-1289</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Dogruluk, Ertugrul</creatorcontrib><creatorcontrib>Macedo, Joaquim</creatorcontrib><creatorcontrib>Costa, António</creatorcontrib><title>A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures</title><title>Electronics (Basel)</title><description>One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&amp;T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests. This work has been supported by FCT - Fundação para a Ciência e Tecnologia within the R&amp;D Units Project Scope: UIDB/00319/2020.</description><subject>Access control</subject><subject>Cache privacy</subject><subject>Caching</subject><subject>Communication</subject><subject>Communications networks</subject><subject>Consumers</subject><subject>Internet Protocol</subject><subject>Named data networks</subject><subject>Names</subject><subject>Network topologies</subject><subject>Privacy</subject><subject>Science &amp; Technology</subject><subject>Semantics</subject><subject>Social networks</subject><subject>Time measurement</subject><issn>2079-9292</issn><issn>2079-9292</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNptULtOAzEQPCGQiEK-gMYS9YEfse9cRhEvKRIN1NbGWZPLwz5sX1D-HkMoKNhmp5iZ3Zmqumb0VghN73CHNsfgO5sYoy3jSp5VI04bXWuu-fkffFlNUtrQMpqJVtBR1c-IDYPPGPcIaYhIoO9jALsmLkSyjEPGuiCLJHf7zr8TyBnsNpHgiS00JH3sDmCPpPPEwx5XZAUZiMf8GeL2RxHtusvlyWKfrqoLB7uEk989rt4e7l_nT_Xi5fF5PlvUlisuawmCS-GcA6mWDJE1yIBCQ51cWgVMaMtb4JZKpRwThd5KR1kLU6lQcSvG1c3Jt6T5GDBlswlD9OWkKQVx3VDR8MISJ5aNIaWIzpQ0e4hHw6j5btf8025RkZMqWoDeRDx0KUMyrOXcNLqlU_EFnpl8jQ</recordid><startdate>20220416</startdate><enddate>20220416</enddate><creator>Dogruluk, Ertugrul</creator><creator>Macedo, Joaquim</creator><creator>Costa, António</creator><general>Multidisciplinary Digital Publishing Institute (MDPI)</general><general>MDPI AG</general><scope>RCLKO</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L7M</scope><scope>P5Z</scope><scope>P62</scope><scope>PHGZM</scope><scope>PHGZT</scope><scope>PIMPY</scope><scope>PKEHL</scope><scope>PQEST</scope><scope>PQGLB</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0002-7285-414X</orcidid><orcidid>https://orcid.org/0000-0003-0691-1377</orcidid><orcidid>https://orcid.org/0000-0002-5892-1289</orcidid></search><sort><creationdate>20220416</creationdate><title>A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures</title><author>Dogruluk, Ertugrul ; Macedo, Joaquim ; Costa, António</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c2625-5a3253fffa56b1ee17e1a0a70f5bc6a139c28a2c0566f135a385f018a456e62c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Access control</topic><topic>Cache privacy</topic><topic>Caching</topic><topic>Communication</topic><topic>Communications networks</topic><topic>Consumers</topic><topic>Internet Protocol</topic><topic>Named data networks</topic><topic>Names</topic><topic>Network topologies</topic><topic>Privacy</topic><topic>Science &amp; Technology</topic><topic>Semantics</topic><topic>Social networks</topic><topic>Time measurement</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Dogruluk, Ertugrul</creatorcontrib><creatorcontrib>Macedo, Joaquim</creatorcontrib><creatorcontrib>Costa, António</creatorcontrib><collection>RCAAP open access repository</collection><collection>CrossRef</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection (ProQuest)</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central (New)</collection><collection>ProQuest One Academic (New)</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Middle East (New)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Applied &amp; Life Sciences</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Electronics (Basel)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Dogruluk, Ertugrul</au><au>Macedo, Joaquim</au><au>Costa, António</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures</atitle><jtitle>Electronics (Basel)</jtitle><date>2022-04-16</date><risdate>2022</risdate><volume>11</volume><issue>8</issue><spage>1</spage><epage>20</epage><pages>1-20</pages><issn>2079-9292</issn><eissn>2079-9292</eissn><abstract>One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&amp;T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests. This work has been supported by FCT - Fundação para a Ciência e Tecnologia within the R&amp;D Units Project Scope: UIDB/00319/2020.</abstract><cop>Basel</cop><pub>Multidisciplinary Digital Publishing Institute (MDPI)</pub><doi>10.3390/electronics11081265</doi><tpages>20</tpages><orcidid>https://orcid.org/0000-0002-7285-414X</orcidid><orcidid>https://orcid.org/0000-0003-0691-1377</orcidid><orcidid>https://orcid.org/0000-0002-5892-1289</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2079-9292
ispartof Electronics (Basel), 2022-04, Vol.11 (8), p.1-20
issn 2079-9292
2079-9292
language eng
recordid cdi_proquest_journals_2652970372
source MDPI - Multidisciplinary Digital Publishing Institute; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects Access control
Cache privacy
Caching
Communication
Communications networks
Consumers
Internet Protocol
Named data networks
Names
Network topologies
Privacy
Science & Technology
Semantics
Social networks
Time measurement
title A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-19T01%3A01%3A52IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20countermeasure%20approach%20for%20brute-force%20timing%20attacks%20on%20cache%20privacy%20in%20named%20data%20networking%20architectures&rft.jtitle=Electronics%20(Basel)&rft.au=Dogruluk,%20Ertugrul&rft.date=2022-04-16&rft.volume=11&rft.issue=8&rft.spage=1&rft.epage=20&rft.pages=1-20&rft.issn=2079-9292&rft.eissn=2079-9292&rft_id=info:doi/10.3390/electronics11081265&rft_dat=%3Cproquest_cross%3E2652970372%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2652970372&rft_id=info:pmid/&rfr_iscdi=true