DoS and DDoS in Named-Data Networking
This addresses security vulnerabilities in a potential future Internet architecture, but it is incremental as it applies existing DoS concepts to a new context.
The paper tackles the problem of Denial-of-Service (DoS) attacks in Named-Data Networking (NDN), a candidate next-generation Internet architecture, by identifying and analyzing new attack types, their effects, and counter-measures, representing the first assessment of NDN's resilience to such attacks.
With the growing realization that current Internet protocols are reaching the limits of their senescence, a number of on-going research efforts aim to design potential next-generation Internet architectures. Although they vary in maturity and scope, in order to avoid past pitfalls, these efforts seek to treat security and privacy as fundamental requirements. Resilience to Denial-of-Service (DoS) attacks that plague today's Internet is a major issue for any new architecture and deserves full attention. In this paper, we focus on DoS in a specific candidate next-generation Internet architecture called Named-Data Networking (NDN) -- an instantiation of Information-Centric Networking approach. By stressing content dissemination, NDN appears to be attractive and viable approach to many types of current and emerging communication models. It also incorporates some basic security features that mitigate certain attacks. However, NDN's resilience to DoS attacks has not been analyzed to-date. This paper represents the first step towards assessment and possible mitigation of DoS in NDN. After identifying and analyzing several new types of attacks, it investigates their variations, effects and counter-measures. This paper also sheds some light on the long-standing debate about relative virtues of self-certifying, as opposed to human-readable, names.