Secure Fragmentation for Content-Centric Networks (extended version)
This addresses a bottleneck in content-centric networks like NDN, enabling more efficient and secure content distribution, though it is incremental as it builds on existing architectures.
The paper tackled the problem of secure content fragmentation in Named-Data Networking (NDN), which was previously considered incompatible due to authentication issues, and showed it is possible and advantageous by designing a technique that improves performance compared to hop-by-hop reassembly.
Content-Centric Networking (CCN) is a communication paradigm that emphasizes content distribution. Named-Data Networking (NDN) is an instantiation of CCN, a candidate Future Internet Architecture. NDN supports human-readable content naming and router-based content caching which lends itself to efficient, secure, and scalable content distribution. Because of NDN's fundamental requirement that each content object must be signed by its producer, fragmentation has been considered incompatible with NDN since it precludes authentication of individual content fragments by routers. The alternative is to perform hop-by-hop reassembly, which incurs prohibitive delays. In this paper, we show that secure and efficient content fragmentation is both possible and even advantageous in NDN and similar content-centric network architectures that involve signed content. We design a concrete technique that facilitates efficient and secure content fragmentation in NDN, discuss its security guarantees and assess performance. We also describe a prototype implementation and compare performance of cut-through with hop-by-hop fragmentation and reassembly.