Analysis of the Pending Interest Table behavior in the context of a distributed denial of service attack.
Slides presented at:
3rd ACM SIGCOMM Workshop on Information-Centric Networking (ICN 2013) - Hong Kong, China
The paper is available at:
http://conferences.sigcomm.org/sigcomm/2013/papers/icn/p67.pdf
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Analysis of PIT Overload in Content Centric Networks
1. ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
1/16
PIT Overload Analysis in Content
Centric Networks
Matteo Virgilio, Guido Marchetto, Riccardo Sisto
Department of Control and Computer Engineering
Politecnico di Torino
2. ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
2/16
A stateful protocol: the Pending Interest Table
• Used to store all seen Interests
• One entry for each requested piece of content
• Multiple Interests for a single name are merged in a single
entry (Interest merging)
Name Pending
Interfaces
/acm.org/papers/paperA.pdf/1 etho
/acm.org/papers/paperB.pdf/1 eth1
/acm.org/papers/paperA.pdf/2 eth0
/acm.org/papers/paperB.pdf/2 eth1
CCN Router PIT
3. ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
3/16
Problem Description
• Malicious users could craft Interests for non existing
resources: Interest Flooding Attack (IFA)
– Very long random names
– possibly long lifetime values (even hundreads of seconds)
• Why do we have to consider so “long” requests? The
answer is long-polling!
• Supporting publish/subscribe paradigm may require to
store long (potentially unanswered) requests for a long
period of time
• No information about when the response will be generated
(routers cannot make any assumption)
• Simply dropping Interests with high lifetime is too simplistic
4. ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
4/16
What has been done in recent literature?
• A wide part of the research activity focused on privacy and
data integrity issues
• What about the PIT?
– Some architecture proposals
• Bloom filter implementation of the PIT (DiPIT)
• Hash based PIT implementation with some interesting variants
(Name Prefix Tree encoding)
– Reactive algorithms for IFA handling:
• Statistics based reaction to attackers activity;
• Poseidon Framework (very recent)
5. ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
5/16
Our contribution
• Simulation based approach
– we developed a full custom Java ccnSimulator
• Different target: evaluating attack impact on a real
topology
• Evaluate different PIT architectures in various network load
(and attack) scenarios
6. ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
6/16
Simulation scenario
• Reference topology from Telecom Italia (the most prominent
Italian ISP)
• 9 milions of subscribers
• ADSL with 7Mbps/1Mbps
(downlink/uplink)
• Zipf content distribution
• Metrics gathered
– Chunk retransmission rate
at the endpoints
• Fixed PIT size
– 1 GB
7. ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
7/16
Attack model
• Distributed bot net
• Different simulation campaigns
1) Variable lifeTime
2) Variable bandwidth
• Different URI size
≈1000 bytes for the SimplePIT
case
20 bytes for the HashedPIT
case (SHA-1 as hashing
algorithm)
14. ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
14/16
Conclusion
• All the architectures work properly in normal network
conditions and also in presence of low intensity attack
• HashedPIT is the most affected PIT in our context
• Other scenarios could be designed to worsen SimplePIT too
– Distribute more zombies around the network;
– Combine both high bandwidth and high lifetime to maximize
the attack effectiveness;
– …
• Scalable and robust solutions are needed to ensure an
adequate level of confidence to the CCN paradigm.
15. ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
15/16
Future contribution
• Very recent solutions have been proposed to mitigate the
impact of Interest Flooding Attacks
• Our plan for the future is to evaluate them in our scenarios
in terms of:
– Resilience
– CPU usage
– Memory usage
16. ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
16/16
Thank you for the attention!