Evolution of Internet Architecture: Challenges and Solutions

Slide Note
Embed
Share

The evolution of internet architecture from the 70s to the present day has led to new communication paradigms such as content-intensive communications, content lookup, caching, mobility, and cloud computing. While the traditional TCP/IP model focused on end-to-end communication, the current internet faces efficiency and security challenges. Named-Data Networking presents a potential solution for the future internet architecture, addressing these evolving needs and ensuring better security and efficiency.

katherin
katherin Follow

Uploaded on Dec 15, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Content may be borrowed from other resources. See the last slide for acknowledgements! Security and Privacy of Future Internet Architectures: Named-Data Networking Amir Houmansadr CS660: Advanced Information Assurance Spring 2015

  2. The Internet of today Design dates back to the 70 s Inspired by telephony systems TCP/IP Main principle: end-to-end communication Look up the endpoints of interest CS660 - Advanced Information Assurance - UMassAmherst 2

  3. Routing in the Internet Transit AS Transit AS User s AS CNN s AS CS660 - Advanced Information Assurance - UMassAmherst 3

  4. The Internet of today Design dates back to the 70 s TCP/IP Main principle: end-to-end communication Look up the endpoints of interest Build applications on the top of TCP/IP CS660 - Advanced Information Assurance - UMassAmherst 4

  5. CS660 - Advanced Information Assurance - UMassAmherst 5

  6. But things have changed a lot since the 70s! Back then, communications were mostly end-to- end, so it was efficient Security is not built into the TCP/IP Internet, but was added as an add-on CS660 - Advanced Information Assurance - UMassAmherst 6

  7. Today New communication paradigms: Content-intensive communications Content lookup Content caching Mobility Cloud computing The current Internet is not efficient anymore Also, suffers from security challenges CS660 - Advanced Information Assurance - UMassAmherst 7

  8. Not efficient! ISP ISP CS660 - Advanced Information Assurance - UMassAmherst 8

  9. Goal: Look Like This ISP ISP CS660 - Advanced Information Assurance - UMassAmherst 9

  10. Next-Generation Internet Architectures Design the Internet of the future! More efficient More scalable Less overhead Less expensive More secure CS660 - Advanced Information Assurance - UMassAmherst 10

  11. Next-Generation Internet Architectures Various proposals: Content-centric networking (CCN) NSF s FIA program NDN MobilityFirst NEBULA XIA ChoiceNet Many more CS660 - Advanced Information Assurance - UMassAmherst 11

  12. Next-Generation Internet Architectures Main principles: Built-in security Content is the first-class citizen Cache content Name content Look for content Mobility is pervasive Cloud computing is ubiquitous CS660 - Advanced Information Assurance - UMassAmherst 12

  13. Content-Centric Designs: Narrow Waist is the Content! TCP/IP CCN CS660 - Advanced Information Assurance - UMassAmherst 13

  14. Named-Data Networking (NDN) Name the content instead of the end-hosts A content-centric architecture NSF FIA and FIA-NP programs Consumers: send interest packets Producers: return pulled content packets CS660 - Advanced Information Assurance - UMassAmherst 14

  15. Routing in the TCP/IP Internet Transit AS Transit AS User s AS CNN s AS CS660 - Advanced Information Assurance - UMassAmherst 15

  16. Routing in NDN Interest Interest Interest Content Content Content Content Interest CS660 - Advanced Information Assurance - UMassAmherst 16

  17. TCP/IP NDN Name end-hosts (e.g., IP addresses) Name content Communication Content distribution Mobility is difficult Mobility-friendly Make processes secure Make content secure CS660 - Advanced Information Assurance - UMassAmherst 17

  18. NDN Security All content objects are signed by the publishers Authenticity Integrity Content objects are encrypted Confidentiality of content How about privacy? CS660 - Advanced Information Assurance - UMassAmherst 18

  19. NDN: Privacy Benefits No source address in content interests Not needed for routing Traffic monitoring less effective for non-global adversaries Interest Interest Interest Content Content Content Content Interest Does not see the interest CS660 - Advanced Information Assurance - UMassAmherst 19

  20. NDN: Privacy Challenges Name privacy /CNN/Video/03-24-15/protest Content privacy Public content Cache privacy Detect hit/miss Signature privacy Reveal publisher identity CS660 - Advanced Information Assurance - UMassAmherst 20

  21. Privacy in NDN Privacy is not built-in Need to protect privacy 1. Design PET tools 2. Integrate with the architecture CS660 - Advanced Information Assurance - UMassAmherst 21

  22. ANDaNA An anonymous communication network for the NDN architecture Tor s counterpart Based on onion routing Any router/host can be an anonymizing relay Ephemeral circuits Non-global adversary assumption CS660 - Advanced Information Assurance - UMassAmherst 22

  23. ANDaNA design A circuit is composed of two routers (relays): Entry router Exit router Comparable to Tor s three-hop circuits Why two routers: NDN itself provides some notion of anonymity because of no source address in interests CS660 - Advanced Information Assurance - UMassAmherst 23

  24. Onion Routing in NDN I: /OR-1 D: /omh/blood-pressure/steve Loc: /fitbit/key { mmHg: 100 } I: /omh/blood-pressure/steve Nonce: <rand-int> Loc: /fitbit/key I: /omh/blood-pressure/steve Nonce: <rand-int> Loc: /fitbit/key I: /OR-2 I: /OR-2 D: /OR-2 D: /omh/blood-pressure/steve Loc: /fitbit/key { mmHg: 100 } I: /omh/blood-pressure/steve Nonce: <rand-int> Loc: /fitbit/key I: /omh/blood-pressure/steve Nonce: <rand-int> Loc: /fitbit/key D: /OR-1 /OR-1 D: /OR-2 D: /omh/blood-pressure/steve Loc: /fitbit/key { mmHg: 100 } /OR-2 24

  25. Performance compared to Tor CS660 - Advanced Information Assurance - UMassAmherst 25

  26. Performance compared to Tor CS660 - Advanced Information Assurance - UMassAmherst 26

  27. Discussion So, is NDN (or other next-generation archs) more/less secure? More/less private? Is building PET tools easier or harder in NDN? Tradeoffs between security/privacy and performance? Do we still benefit from caching? How is censorship circumvention different? Easier? Harder? How can we design next-generation Internet architectures with built-in privacy? Is it practical? What are the tradeoffs? CS660 - Advanced Information Assurance - UMassAmherst 27

  28. Acknowledgement Some of the slides, content, or pictures are borrowed from the following resources, and some pictures are obtained through Google search without being referenced below: NDSS 12 presentation of the ANDaNA paper provided by the authors Steve DiBenedetto s slides: ANDaNA: Onion Routing for NDN CS660 - Advanced Information Assurance - UMassAmherst 28

Related


PEEK: Proactive Producer Mobility Management Scheme for ICN

PEEK: Proactive Producer Mobility Management Scheme for ICN

kamahr
Evolution of Peer-to-Peer File Sharing Technologies

Evolution of Peer-to-Peer File Sharing Technologies

tyl_fi
ChronoChat: A Serverless Multi-User Chat System Based on ChronoSync Over NDN

ChronoChat: A Serverless Multi-User Chat System Based on ChronoSync Over NDN

veenstra_h

More Related Content