Among all the proposals, Named Data Networking (NDN) is one of the most popular and promising because of its simple design and broad support from the NDN community. The aim of the thesis is therefore to examine the impact of PIT on network performance from three aspects: QoS, security and congestion control.
Motivation for the Thesis
It degrades the quality customers' QoS (pays an additional cost for better service). In both of the above circumstances (in the presence of explosive traffic or attackers), the network can become overloaded, causing the PIT to fill up.
Contributions
Attackers can also aim to degrade the QoS of legitimate consumers by exploiting PIT from the routers en route to the manufacturers. Therefore, in our second contribution, we propose a smart, collaborative attack model that uses the PIT of the routers on their way to the manufacturers.
Organization
Attackers aim to degrade the QoS of targeted legitimate consumers. Next, we give an inside look at the Pending Interest Table (PIT) and review some of the work related to PIT.
A brief introduction to NDN
If this field is provided, the Name element in the Interest is a prefix, exact or full name of the requested Data packet. The delay value is taken from the "Interest Lifetime field" of the Interest packet.
Inside view of PIT
If there is a match, it sends the data packet to all incoming faces listed in the PIT entry. After that, data packets are cached in CS, subject to a predetermined caching policy, and the PIT entry is removed.
PIT related works
Another data structure named Pending Hash Table is maintained to store all nonce fields of the packets of interest stored in the PIT. The main disadvantage of the hash table implementations is an unbalanced load among its buckets.
Definition of some terms related to NDN
Section: 2.4 Definition of Certain Terms Related to NDN. iv) Third Party Placement: Unlike above mentioned, in this placement, on arrival of interest, PIT entry is not generated as per incoming or outgoing interface. The rest of this chapter is organized as follows: Section 3.1 covers the motivation behind our proposed work, Section 3.2 presents related works, Section 3.3 presents the network model.
Motivation
We present analytical models of both the proposed schemes using a two-dimensional Continuous Time Markov Chain (CTMC). In that case, packet dropout occurs, resulting in a reduction in the consumer's ISR and degrading the consumer's QoS.
Related Works
4] propose an RTT estimation approach where each node measures RTT for each producer after each time interval (Tmsr). If it is 1, it matches the node ID in the data packet with its ID.
Network Model
When a node receives an interest, it checks whether the RTT measurement stored in the FIB is fresh or not. We add a field called "priority" to the interest package to simplify the marking process.
Proposed Schemes
The reason for this is that the forwarding of data packets depends on the information stored in the PIT. If yes, then it sends a data packet including the estimated RTT for that prefix. Otherwise, it is a normal interest delay RT T measuringDF. A data packet with this field (set to 1) is used for RTT.
If it is not NULL, it means that we can use the RTT calculation from other intermediate users (refer to line number 19 of Algorithm 5).
Analytical modeling of PRWR and PRR scheme
The probability of prioritized and non-prioritized interests for which data packets arrive is calculated as below. This is the probability that an incoming non-prioritized interest arrives and finds the PIT full and is discarded. This is the probability of removing non-prioritized PIT entries due to the arrival of a new prioritized Interest and PIT is full.
The system states are denoted by (i, j), where i and j represent the number of priority and non-priority PIT inputs, respectively.
Performance Evaluation
Data packets received by all consumers correspond to non-priority interest packets sent and N P I is the total number of non-priority interest packets sent by all consumers. There are no reservations in the PRWR scheme, resulting in multiple non-priority entries being replaced. A comparison of non-priority interest blocking probability (Pblock,np) for PRWR and PPR scheme with respect to interest arrival rate in bottleneck, ndn network and rocket fuel topology is shown in Figures and 3.23.
The value of the allowable probability of forced interruption without priority is statically set to 0.01 in the simulation.
Summary
However, in a real scenario, attackers can exploit the presence of a PIT and make the PIT full. In the next section, we propose one attack model designed to degrade the QoS of legitimate consumers. In such a scenario, existing countermeasures can identify the source of the attack or mitigate the impact of the attack.
We implemented our proposed attack model called SCAN in the ndnSIM simulator [7] and the results confirm the effectiveness of the attack.
Motivation
Furthermore, due to the high-interest sending rate of the attacker, a router may experience high packet loss, making it easier to detect the potential attack. To the best of our knowledge, no one has discovered that an attacker's attacking characteristics can change over time. In light of this, we propose a new attacker model in which the attacker dynamically adjusts the interest transmission rate to succeed in the attack while remaining undetected.
The rest of this chapter is organized as follows: Section 4.1 describes the motivation behind our proposed attack model.
Related works
Routers announce this limit to downstream neighbors so that they can limit malicious interest from the attacker. Because of this, malicious content consumes a large portion of caches of intermediate routers. 29] present a detection and mitigation framework for a hidden interest flooding attack where malicious consumers derive interests that can only be served by the malicious producer.
Satisfaction based on the ISR interface chokes the traffic of malicious this approach fails in the case of a collaborative attack.
System Model and assumptions
Satisfaction per interface ISR forward Interests based on ISR Consumer ISR decreases because each router is independent. Poseidon [28] Per Interface ISR and PIT Usage Limit PIT size and Legitimate consumer sharing same interface, alarm is sent downstream with Malicious consumer affected. As we can see in Table 4.1, most attack detection schemes are based on two parameters: ISR and PIT usage.
So if we use "PIT usage" as an indicator for an attack, it would not be appropriate.
Description of SCAN Attack
Pre-attack phase: In this phase, the attacker calculates the total number of unique contents to be stored in the malicious producer (Nmp). So, at this stage, the attacker tries to estimate the number of contents to be stored in the MP. After a certain time interval (say 10 seconds), the attacker increases the frequency to twice the previous value.
In addition, the attacker changes the name prefix periodically to raise the attack detection bar.
Performance Analysis
Average Interest Satisfaction Ratio (ISR) of legitimate consumers: It is the ratio of the total number of data packets received to the total number of interest packets sent. In the attack phase, we use the data/information gathered during the pre-attack phase. To validate the effectiveness of the attack, we calculate performance metrics (discussed in 4.5.2) for both the baseline (no attack) and attack scenarios.
This occurs due to the dynamic setting of the Interest Arrival Rate for malicious consumers.
Summary
We propose a congestion control scheme named LPECN that uses PIT per outgoing face location to limit interests based on available bandwidth. Moreover, we have observed that none of the existing congestion control schemes took into account the presence of non-responsive consumers. We use the CUBIC [32] congestion control scheme at consumers for scalability and stability in long-haul and fast-haul networks.
After describing related work in Section 5.2, we explain the rationale behind considering PIT per outbound face placement in Section 5.3.
Motivation
We are introducing PIT on the outbound face setup to regulate interest based on the capacity of the outbound link. The rest of this chapter is organized as follows: Section 5.1 presents the motivation behind our work. As a result, the sending rate of the consumer's interest decreases, resulting in a sharp decrease in throughput.
This chapter addresses this problem and exploits PIT to lay out the outgoing plane and the architectural features of NDN: the stateful forwarding plane and symmetric forwarding.
Related Works
The authors calculate the available capacity of each NDN router and use Interest shaping to dynamically update their data rate and transmission buffer occupancy. When the expected data buffer occupancy is greater than a certain threshold, the data packets are marked. After receiving a marked data packet, the consumer adjusts the size of the window of interest using the AIMD approach.
To our knowledge, most of the existing work except [39, 40] have not considered the existence of PIT.
Rationale behind considering PIT per outgoing face placement
On the other hand, due to PIT per outgoing face placement, C2's Interests may pre-. Another benefit of considering PIT per outbound face placement is that it also helps estimate PIT size compared to a single PIT. Since we consider PIT per outbound placement, one PIT is placed at each outbound interface of the router.
M ap A map list of output face IDs and their corresponding PIT table pointers.
Proposed Scheme: LPECN
If the value of the flag is 1 for predefined congestion mark interval (default: 100msec), then the outgoing data packet is marked. If so, it further extracts the name prefix from the Data packet using getNamePrefix() function. Then CE router extracts ISR value from isrPrefix's field of the Data packet using getISR() function.
In addition, a list named N is maintained on responsive list to keep track of the interest name prefix and its corresponding incoming interface IDs.
Performance Analysis
The average Goodput, Response Time and ISR of consumer C2 in the PCON and LPECN scheme is shown in figure 5.9. Due to congestion in the PCON scheme, the response time increases due to increased queuing delay. The average Goodput, Response time and ISR of consumer C1 for both schemes are shown in figure 5.10.
The total turnover of all consumers for PCON and LPECN scheme is shown in Figure 5.11.
Summary
Therefore, due to this limitation, LPECN has a lower value in goodput and ISR compared to PCON. On the other hand, PCON applies no limit to C1, which increases the number of packets in the outgoing queue and increases the queuing delay. As we can see in the figure, LPECN has a significantly larger turnover than the PCON.
Conclusion
We also show that the design features of NDNs: state mediation plane and symmetric mediation help to detect and limit the interests of non-responsive consumers.
Future Directions
On pending interest table in named data networks”.in:2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS). Information Centric Networks (ICN): Content Centric Networks (CCNx) and Named Data Networks (NDN) Terminology.” in:RFC pages1–17. ICP: Design and Evaluation of a Stake Control Protocol for Content-Centric Networks".in:2012 Proceedings IEEE INFOCOM Workshops.
MIRCC: Multipath-aware ICN rate-based congestion control".i: Proceedings of the 3rd ACM Conference on Information-Cenric Networking.
CBF, 18, 19
EWMA, 30 FIA, 1
ICN, 1
RED, 94 RTO, 91
SBP, 69 SLA, 26, 119
