Embed Size (px)
Citation preview
4/27/16
1
AnOverviewofSecurity&PrivacyinContent-CentricNetworking
(NDNandCCN)
1
§ Security of Embedded Devices (IoT?) § Private Set Operations
§ Cloud/DB apps § Genomic S&P § Input size-hiding
§ Privacy in Social Networks § Usable Security § Weird Biometrics § S&P in CCN/NDN
For more info see: sprout.ics.uci.edu
4/27/16
2
OUTLINE• Internet• NDN/CCNOverview• NDNSecurity&Privacy• AnonymousRetrieval• CachePrivacy• DenialofService• TrustManagement• OpGonalTopics,e.g.,
– AccessControl,AccounGng,FragmentaGon,NACKs
3
NEEDTOKNOW
• Basicnetworking&Internetconcepts
• Networksecurityprinciples– Protocols
• Basicknowledgeofappliedcryptography– BasiccryptoprimiGves
4
4/27/16
3
5
• Tremendous,unexpectedandlong-lasGngglobalsuccessstory
• 35-year-olddesign:architecturedefinedinRFC791/793(1981andearlier)
• Enablesanyhosttotalktoanyotherhosto Namesboxesandinterfaceso Supportsend-to-endconversaGonso ProvidesunreliablepacketdeliveryviaIPdatagramso CompensatesforsimplicityofIPviacomplexityofTCP
6
• Helpedfacilitatetoday’srichglobal-scalecommunicaGon
• But,wasnotdesignedforit
• FundamentalcommunicaGonmodel:point-to-pointconversaGonbetweentwohosts(IPinterfaces)
• ThecentralabstracGonisahostidenGfiercorrespondingtoanIPaddress
4/27/16
4
7
• Last20years–profoundchangeinnatureofInternetcommunicaGono Fromemail/ap/telnettowhat?o Fromafewthousandsofuserstothat?o FromstaGcwirednodes(computers,terminals)towhat?o Fromfriendly,clubby,trusGngambience,towhat?
• Massiveamountsofdataconstantlyproducedandconsumed• Web(esp.mediasharingandsocialnetworking),• Audio-/video-conferencing• Email,etc.
KeyAspectsofInternetChange
• MulGmedia• Mobility/Wireless-ness
– DelaysandDisrupGons• DistribuGonScale• Cloud
8
4/27/16
5
9
• S&PinthecurrentInternetarecertainlyNOTasuccessstory
• Retroficed,incremental,band-aid-stylesoluGons,e.g.:• SSH,• SSL/TLS,• IPSec+IKE,• DNSSec,• sBGP,• AAA,etc.
• TargetedNSF-fundedprogram,2-GeredcompeGGon• Majorgoals:
• Designcomprehensivenext-generaGonInternetarchitectures• Accommodatecurrentandemergingcomm-nparadigms• Securityandprivacyfromtheoutset(bydesign)
• Startedin2010• PhaseI:2010-2014• PhaseII:2014-2018
• Projects:• Nebula(PhaseI)• MobilityFirst(PhasesIanII)• XIA:eXpressiveInternetArchitecture(PhasesIandII)• NDN:Named-DataNetworking(PhasesIandII)• ChoiceNet(startedin2012,notstrictlyspeakingFIA) 10
4/27/16
6
CaveatEmptor
• IwaspartoftheNDNFIAproject2010-2014• WorkedonS&PinNDN(andCCN)• WasfundedbytheNSF(‘Gll09/15)• Thus…takeeverythingwithagrainofsalt,drawyourownconclusions,andexplorefurther
Also:• IfocusonNDNandCCN• ThereareotherICNefforts
11
NDN&CCNx
12
• “Nameddatanetworkingproject(NDN)”,hLp://named-data.org• “Contentcentricnetworking(CCNx)project”,hLp://www.ccnx.org• “Networkingnamedcontent”,ACMCoNEXT,2009.
4/27/16
7
13
• Foralmost150years,communicaGonmeant:AwireconnecUngtwodevices
• TheWebforeverchangedthat:WhatmaLersiscontent,notthehostitcamefrom
14
Today’sInternet:acommunicaGonnetwork,usedasadistribuGonnetwork
Communication Distribution
Naming Endpoints Content
Memory Invisible, LimitedExplicit;
Storage = Wires
SecurityCommunication
processContent
4/27/16
8
15
16
4/27/16
9
17
ISP
ISP
18
ISP
ISP
4/27/16
10
19
• NameØ Human-readable,path/url-like
• Roles:Ø Consumer
Ø ProducerØ Router
• Objects:Ø ContentØ Interest
20
• Host• Interfaceaddress(IPaddress)• Datagram/Packet
• Router
4/27/16
11
21
Implicit Hash!
22
Consumer Producer Interest Interest Interest Interest
• Carries content name • No source/destination
address
• Named data (content) • Routed using state
4/27/16
12
23
Interest Incoming face
/ndn/uci/content face0, face3
Interest: /ndn/uci/content Interest: /ndn/uci/content
face0
face1
face2
face3
/ndn/uci/content
Interest: /ndn/uci/content Every router has a: • PIT: Pending Interest Table • CS: Content Store (Cache) • FIB: Forwarding Information Base
24
• MainoperaGonisprefix-basedlongestmatchlookup,likeIP
• InterestsforwardedaccordingtorouGngtable,butmulGpointforwarding,broadcast,localfloodingareallokay
• Datafollowsinterestpathinreverse
4/27/16
13
25
• RouGngbasedonnameprefixes+reachability,likeIP• CanreuseIProuGngprotocols,e.g.,IS-IS,BGP
26
Livedemo:www.arl.wustl.edu/~pcrowley/NDN_GEC13_demo.mp4
4/27/16
14
Security
• Now: secure the pipe • Data is authentic because it emanates from the right box
(which is an end-point of the right secure pipe)
• NDN: Integrity and trust as properties of content • Should be inferred from content itself
27
Securing Content: how?
Current SSL/TLS 3-way handshake model is not a good fit for NDN: – Secures channel, not data – Authentic content can come from anywhere – But, access control (and accounting) is difficult – After content retrieved from origin, it’s served by the
network (from caches)
28
4/27/16
15
Authenticity of Content
Content can be retrieved from anywhere by any consumer • How can it be trusted? • How do we know who produced it? • How do we know it is the right content?
29
Securing Content
• Integrity: is data intact and complete?
• Origin: who asserts this data is an answer?
• Correctness: is this (content) an answer to my question (interest)?
• Bonus feature: routers can choose to verify content (with caveats)
NDN Content object:
30
4/27/16
16
Private Content
Access to content can be restricted, e.g.: • Encrypt once with a symmetric key • Symmetric key distributed using “standard”
techniques (pigeons?) • Access control on key rather than content
• This can make long-term secrecy problematic
31
Trust Model?
• All content is signed • Interests are not… • NDN is PKI-agnostic • Application-specific vs network-layer trust
32
4/27/16
17
NDN: Privacy Benefits
• Interest has no source address/identifier • Content can be routed without knowing
consumer identity and/or location • One observed interest may correspond to
multiple consumers at various locations • Router caches reduce effectiveness of
observers close to producers
33
NDN: Privacy Challenges • Name privacy in interests
/ndn/us/wikipedia/STDs/herpes
• Name privacy in content
/ndn/zimbabwe/piratebay/XSOQW(#E@UED$%.mp3
• Signature privacy
• Leaks content publisher identity
• Classical privacy vs. security conflict
• Cache privacy
• Detectable hits/misses 34
4/27/16
18
NDN: Security Benefits
• Simplicity • All content is signed • No need for security handshakes in real time • A producer’s public key is a type of content
– Pull PKC first, then request content
35
NDN: Security Challenges
• State in routers is both a blessing and a curse • Any such state can be abused • DoS attacks:
– Interest Flooding – Content Poisoning: proactive & reactive
• Covert Channels & Geo-location • Content Access Control • Trust management at the network layer
36
4/27/16
19
NDN:quickrecapPRODUCER• Announcesnameprefixes• Namesandsignscontentpackets• Injectscontentbyansweringinterests
CONSUMER• Generatesinterestpacketsreferringtocontentbyname• Receivescontent,verifiessignature,decryptsifnecessaryROUTER• Routesinterestsbasedon(hierarchical)nameprefixes–inherentlymulGcast• RememberswhereInterestscamefrom(PIT),returnscontentalongsamepath• OpGonallycachescontent(inCS)• Mayverifycontentsignatures
37
Some Recent & Ongoing Work
• Anonymouscontentretrieval• DoS/DDoSdefense:
• Contentpoisoningcountermeasures
• InterestfloodingmiGgaGon
• PrivacyinRouterCaching• CovertchannelsandGeolocaGon• SecurecontentfragmentaGon• NDNsecurityinnon-distribuGvesepngs
• InstrumentedEnvironments(actuaGon/control)
• SensorNetworks
• BidirecGonallow-latencycommunicaGon
38
• TrustManagement• FragmentaGon• AccounGng• ContentDeleGon• NegaGveAcknowledgments• AccessControl• KeyNameService(PKDiscovery)• PrivateContentRetrieval
4/27/16
20
Why Name Privacy? NDN names are expressive and meaningful, but…• Leak information about requested content• Easy to filter/censor content, e.g., block everything like:
/ndn/cnn/world-news/russia
However:
• NDN names are opaque to the network
• Routers only need to know name component boundaries – “/”
• Names can carry binary data
39
ANDaNA: Anonymous Named Data
Networking Application
• Observers close to consumer should not learn what content is being requested
• Target: low-to-medium-volume interactive communication
• Producers might not be aware of ANDaNA
[DGTU-NDSS2012]40
4/27/16
21
/OR1 /OR2
?/nytimes.com/today
ANDaNA
41
/OR1 /OR2
ANDaNA
42
4/27/16
22
/OR1 /OR2
?/nytimes.com/today
ANDaNA
43
/OR1 /OR2
?/nytimes.com/today
ANDaNA
44
4/27/16
23
/OR1 /OR2
?/nytimes.com/today
ANDaNA
45
/OR1 /OR2
ANDaNA
46
4/27/16
24
/OR1 /OR2
ANDaNA
47
/OR1 /OR2
ANDaNA
48
4/27/16
25
ANDaNA
Privacy with 2 hops comparable to Tor with 3 – Why? Lack of source address in interests – Anonymizing routers do not learn origin of traffic (only the
previous hop) – Lower overhead
49
NDN Cache Privacy
• Router Caching is good for performance • Better bandwidth utilization • Lower latency
• But… bad for privacy – Timing attacks – Cache harvesting attacks
50
4/27/16
26
• Who could the adversary be?
• Another host or router
• A malicious application on victim’s device
• Where could the adversary be?
• Near consumer, e.g., on the same LAN/WLAN segment
• Near producer (opposite sides of first hop router)
• In both places at once
Cache Privacy
51
Scenario 1: Victim=Consumer
Consumer Producer Interest Interest Interest Interest
Adversary
/ndn/org/wikileaks/2012/july/31
52
4/27/16
27
Scenario 2: Victim=Producer
Consumer Producer Interest Interest Interest Interest
Adversary
/ndn/org/wikileaks/2012/july/31
53
Scenario 3: Victims=Both
Alice Bob
Adversary Adversary
Are Alice and Bob talking?
54
4/27/16
28
Countermeasures
• Do not cache content at all • Bad idea…
• Cache and delay • Which content? Who decides? • How long to delay?
55
Countermeasures
• Two types of traffic:!• Private!• Non-private!
• Two communication types:!• Low-latency (interactive) traffic!
• Use unpredictable content names!• Content distribution traffic; details in paper, IEEE ICDCS’13!
• Random delay!• Content-specific delay!
• Introduce a privacy bit in interests and/or content?!56
4/27/16
29
DoS/DDoS in NDN
57
DoD/DDoS Resistance?
Some current DoS + DDoS attacks become irrelevant in the NDN architecture
• Content caching mitigates targeted DoS • Content is not forwarded without prior state set up by interest(s) • Multiple interests for same content are collapsed • Only one copy of content per “interested” interface is returned • Consumer can’t be “hosed” with unsolicited content
58
4/27/16
30
DoS/DDoS • Attacks on infrastructure
• Loop-holing/black-holing
• Interest flooding
• Router resource exhaustion
• Attacks on Consumers + router caches
• Content flooding
• Cache pollution
• Content/cache poisoning 59
Interest Flooding
Adversarygeneratesnumerousnon-sensicalinterests,e.g.:
/ndn/us/ca/uc/uci/cs/gene.tsudik/random-string
• Guaranteedtoreachtheproducer
• Consumespreciousrouterresources(PITentries)
• IFacackaffectsbothroutersandproducers60
AnylegiUmateproducerprefix
4/27/16
31
Interest Flooding
PotenGalcountermeasures:
1. UnilateralratelimiGng/throcling
• ResourceallocaGondeterminedbyrouterstate
2. CollaboraGveratelimiGng/throcling
• RouterspushbackacacksbyinteracGngwithneighbors
61
Content Poisoning
1. Adversaryisonthepathtoproducer(e.g.,arouter)– Interceptsgenuineinterest,replieswithfakecontent
– Contentseclesinrouters
2. AdversaryisNOTonthepathtoproducer– AnGcipatesdemandforcontent
– Issuesowninterest(s),replieswithfakecontent
– Contentseclesinrouters62
4/27/16
32
Content Poisoning PotenGalcountermeasures:
• SignatureverificaGoninrouters?
• Consumerfeedback?
• ASegressrouterverificaGononly?
BTW:whatis“fake”content?
• Badsignature(failsverificaGon),
• Badsigningkey63
64
• NDNobjecGveiscontentdistribuGon• Facilitatedbycaches+PITsinrouters
• Consumermustverifycontentsignatures• But…howtoflushfakecontentfromroutercaches?• NDNallowsexclusionfiltersininterests(byhash)
o Canbeused,withverylimitedefficacyo Immediateflush:DoSo Verifyingsignatures:expensive+anotherDoStype
• ConsumerauthenGcaGoncontradictsinterestopacity
4/27/16
33
65
• Apublickeyisatypeofcontent,i.e.,acerGficate
• Containsauthorizednameprefixe(s):
• For example: /cnn/usa/web/key
OR /verisign/europe/key
66
Tworeasons:• Ambiguousinterests• Nounifiedtrustmodel:applicaGonsarediverseand
dynamic
AXIOM:Network-layertrustandcontentpoisoningareinseparableRoutersshoulddominimalwork:
• Notverify/fetchpublickeys(exceptforrouGng)• Dobounded,fixedamountofworkpercontent
• e.g.,verifyatmostonesignature
4/27/16
34
67
IKB(general):Aninterestmustreflectthetrustcontextoftheconsumer’sapplicaUon,thusmakingit(easily)enforceableatthenetworklayer
IKB(NDN/CCN):Aninterestmustreflectthepublickeyofthecontentproducer
68
• MakePublisherPublicKeyDigest(PPKD)fieldmandatoryineveryinterest
• Consumersobtainandvalidatekeys,using• Pre-installedrootkeys• KeyNameService(KNS)• Globalsearch-basedservice
IKB(NDN/CCN):Aninterestmustreflectthepublickeyofthecontentproducer
4/27/16
35
69
• Producer:o Includespublickeyineachcontent’s
KeyLocator field
• Router:o MatchesKeyLocatordigesttoPPKDinPITo VerifiessignatureusingKeyLocator o Nofetching,storing,parsingofpublickeysàNote:PITentrycollapsingtakesPPKDintoaccount
70
CLAIM:AdherencetoIKBèsecurityagainstcontentpoisoning
• Assume:o AllnodesabidebyIKBo Consumernotmaliciouso Consumer-facingrouters–notmaliciouso Consumerßàfirst-hoprouterlinknotcompromised
4/27/16
36
71
• ConsumersendsinterestcontainingPPKD• Routerensuresthat:
o ValidcontentsignatureusingkeyinKeyLocatoro DigestofKeyLocatormatchesPPKDinPIT
• Consumer-facingrouternotmaliciousèonlypossibilityofpoisonedcontentishashcollision
• Ifupstreammaliciousrouterssendfakecontent:• Consumer-facingrouterdetectsanddropsit
72
• Includekeysininterest:ü Savestoragex Requireschangestointerest&contentstructure
• OnlyASborderroutersimplementIKB
ü Becerperformancex PossibleacackswithinAS
But…detectablebyborderroutersNOTE:eachroutermustatleastdoaPPKDmatch
4/27/16
37
73
• Self-CerGfyingName(SCN)o Hashofcontent(includingname)aslastcomponentof
name
• BenignconsumersuseSCNènetworkdelivers“valid”content
• NosignatureverificaGonbyrouters:o Onlyonehashre-computaGon
• Howtogetcontenthashinthefirstplace?
74
Acatalog:o AnauthenGcated(signed)datastructureo ContainsoneormoreSCN-s,nesGngarbitraryo AnyauthenGcateddatastructure
o Hashchains,MHTs,skip-lists,etc.o StructureisapplicaGon-specifico UseIKBtobootstrap(fetchcatalogs)
• SCNobtainedfromacatalog:ü NosignatureverificaGonbyrouters/consumersü Noneedtosigncontentbyproducers
4/27/16
38
75
1. ContentDistribuGon,e.g.:
o Videostreaming:o OnebigcatalogcontainingSCNsofallsegmentso Or,hashchains(withdata),orMHT,etc.
o Foreexample,Webbrowsing:- HTMLfileasacatalog- ContainsSCNofsub-pages/components- WorksonlyforstaGccontent
76
2. InteracGveTraffic
o Contentgeneratedondemand(real-Gme),e.g.,audio/videoconferencing,
o Catalogsnotviable
o ContentmustberequestedbysepngPPKDininterest
4/27/16
39
77
• ConsumerobtainshashHofcontentCfromP’scatalog• ConsumergeneratesinterestforCreferringtoH• But,CisnolongeravailableatP• Preceivesinterestand???
• Dropsit–badforConsumerOr:• NACK-sit–routerswilldroptheNACKsinceaNACK’s
hashdoesn’tmatchHBocom-line:needtoaugmentiKBandinterestformattoallowforSCN-carryingintereststosGllrefertoP’spublickey.
78
FragmentaGon
• Internetconnectsheterogeneousdevicesoverheterogeneouslinks,withdifferent:
o Physicallayers(copper,fiber,radio,laser)o MAClayerso MaximumTransmissionUnit(MTUs)
Ø DeterminedbyMAClayer
4/27/16
40
79
FragmentaGon
• FragmentaGon:splipngapacketintofragmentsthatfitintooutgoinglinkMTU
o Fragmentheaderencodesorderingofrelated
fragmentso Re-fragmentaGoncanoccurifsmallerMTUis
encountered
80
FragmentaGon–IPv4
SrcIP DstIP Len=4000 ID=x MF=0 Offset=0 Data
SrcIP DstIP Len=1500 ID=x MF=1 Offset=0 Data
SrcIP DstIP Len=1500 ID=x MF=1 Offset=185 Data
SrcIP DstIP Len=1040 ID=x MF=0 Offset=370 Data
4/27/16
41
81
• Issues:o Severalacacks
Ø PingofdeathØ Tinyfragment
o Routeroverheadandcodecomplexity• Results:
o DeprecatedinIPv6andlimitedtosource-basedfragmentaGon
FragmentaGon–IPv4
C.KentandJ.Mogul,FragmentaGonconsideredharmful,SIGCOMM1987.
82
• Twomessagestypes:o Interestmessageo Contentobject
FragmentaGon–NDN/CCN
Name
Payload(CCN)
Otherfields
Name
Data
Signature
SignatureInfo
Interest Content
4/27/16
42
83
• RecallthatNDNinterestsareprocessedusingreferencedcontentnameo Namescanbeofarbitrarysizeo Longest-prefixmatchonanamerequirestheenGre
namebeforeperformingasearch
• IntermediatefragmentaGon&reassemblyforinterestsisunavoidable
InterestFragmentaGon
84
• SegmentaGon(atsource)canavoidfragmentaGono DatasegmentedbyapplicaGono Signaturecomputedpersegment
• Segmentsarenumberedo /youtube/dancingcats/s0o /youtube/dancingcats/s1
ContentSegmentaGon
4/27/16
43
85
• UsepathMTUdiscoveryo MarkinterestswithsmallesttransmitMTUinapath
ContentSegmentaGon
86
• UsepathMTUdiscoveryo MarkinterestswithsmallesttransmitMTUinapath
ContentSegmentaGon
4/27/16
44
87
• UsepathMTUdiscoveryo MarkinterestswithsmallesttransmitMTUinapath
ContentSegmentaGon
88
• UsepathMTUdiscoveryo MarkinterestswithsmallesttransmitMTUinapath
ContentSegmentaGon
4/27/16
45
89
• UsepathMTUdiscoveryo MarkinterestswithsmallesttransmitMTUinapath
ContentSegmentaGon
90
• UsepathMTUdiscoveryo MarkinterestswithsmallesttransmitMTUinapath
ContentSegmentaGon
4/27/16
46
91
• Problem
o ProducercannotsegmentforallMTUs
ContentSegmentaGon
92
• Problem
o ProducercannotsegmentforallMTUs
ContentSegmentaGon
ContentIntermediatere-fragmentaGonisunavoidable
4/27/16
47
93
• InCCN/NDN:
o Routersarenotrequiredtoverifysignatureso But…theymight
ContentSegmentaGon
94
• InCCN/NDN:
o Routersarenotrequiredtoverifysignatureso But…theymight
ContentSegmentaGon
ProvidecontentauthenGcaGonwithoutintermediatereassembly
4/27/16
48
95
• Intoday’sInterneto Packetfragmentsmightnotfollowsamepath
• InCCN/NDN:o Allcontentfragmentsfollowthesamepatho But…outoforderdeliveryispossible,even
betweenadjacentroutersØ Parallellinkswithdifferentspeedsand/orloss/error
ContentFragmentaGon
96
FIGOA:FragmentaGonwith
IntegrityGuaranteesandOpGonal
AuthenGcaGon
ContentFragmentaGon
4/27/16
49
97
• FIGOAsupports:o Cut-throughswitching&opGonalintermediate
reassemblyo SecurityviaDelayedAuthen-ca-ono AlsosupportsintegritywithopGonalauthenGcity
ContentFragmentaGon
98
• FIGOAsupports:o Cut-throughswitching&opGonalintermediate
reassemblyo SecurityviaDelayedAuthen-ca-ono AlsosupportsintegritywithopGonalauthenGcity
• NotCCN/NDN-specific• Workswithanynetworkarchitecturewithpath
consistencyguarantees
ContentFragmentaGon
4/27/16
50
99
• Hash-and-sign
ContentFragmentaGon
SignatureAlgorithm(e.g.,RSA)
Signature
ContentObject
100
• Merkle-DamgardconstrucGon
ContentFragmentaGon
f f f f f
m1 m2 m3 m4 mk pad
H1 H2
H3 H4
HHashDigest
H0
4/27/16
51
101
• Merkle-DamgardconstrucGon
ContentFragmentaGon
f f f f f
m1 m2 m3 m4 mk pad
H1 H2
H3 H4
HHashValue
H0
102
ContentFragmentaGon
ContentObjectSize
FragmentOffset
FragmentSize
SignatureInfo
Signature
Signature(onH)
Name
Signed-Info
Data
F1Fragment-Info
…Data…
IntState=H0
F2Fragment-Info
…Data…
IntState=H1
F3Fragment-Info
…Data…
IntState=H2
4/27/16
52
103
ContentFragmentaGon
F1H0
104
ContentFragmentaGon
F1
H1
F1H0
m1
H0
f
4/27/16
53
105
ContentFragmentaGon
F1
H1
F2H1
106
ContentFragmentaGon
F1
H2
F2H1
F2
m2
H1
f
4/27/16
54
107
ContentFragmentaGon
H2
F3H2
F1 F2
108
ContentFragmentaGon
F1
H3
F2 F3
m3
H2
f
Verifysignature(containedinF3)usingH3
4/27/16
55
109
ContentFragmentaGon
F1 F2 F3
F3H2
Success
110
ContentFragmentaGon
Fail
F1 F2 F3
4/27/16
56
111
• Hashiscomputedgradually
• FIGOAworkswithout-of-orderfragments
o F1isreceivedàcalculateH1
o F3isreceivedàcalculateH3
o F2isreceivedàcalculateH2
o EnsurecalculatedIntState=receivedoneso Verifysignature
ContentFragmentaGon
112
• Ifcontentiscached:o Routersstorefragmentinfo,includingdatao Contentcanbecachedfragmentedorassembled
• Ifcontentisnotcached,routersstore:o Fragmentsoffsetso Intermediatestate
ContentFragmentaGon
4/27/16
57
113
• FragmentaGonisamustinCCN/NDNo Interesto Content
• SegmentaGondoesnotavoidfragmentaGon• NeitherdoesMTUdiscovery
FIGOA:FragmentaGonwithIntegrityGuaranteesandOpGonalAuthenGcaGon
Conclusion
NDN S&P References S.DiBenedeLo,P.GasU,G.TsudikandE.Uzun,ANDaNA:AnonymousNamedDataNetworkingApplicaUon,NDSS2012.J.Burke,P.GasU,N.NathanandG.Tsudik,SecuringInstrumentedEnvironmentsoverContent-CentricNetworking:theCaseofLighUngControlviaNamed-DataNetworking,IEEENOMEN2013.G.Acs,M.ConU,C.Ghali,P.GasUandG.Tsudik,CachePrivacyinName-DataNetworking,IEEEICDCS2013.P.GasU,G.Tsudik,E.Uzun,andL.Zhang,DoS&DDoSinNamed-DataNetworking,IEEEICCCN2013.A.Afanasyev,P.Mahadevan,I.Moiseenko,E.UzunandL.Zhang,InterestFloodingALackandCountermeasuresinNamedDataNetworking,IFIPNetworking2013.A.Compagno,M.ConU,P.GasUandG.TsudikPoseidon:MiUgaUngInterestFloodingDDoSALacksinNamedDataNetworking,IEEELCN2013.C.Ghali,G.TsudikandE.Uzun,ElementsofTrustinNamed-DataNetworking,ACMSIGCOMMCCR,October2014.M.ConU,P.GasUandG.Tsudik,ExploringCovertChannelsinNamedDataNetworking,AsiaCCS2014.A.Compagno,M.ConU,P.GasU,L.ManciniandG.Tsudik"ViolaUngConsumerAnonymity:Geo-locaUngNodesinNamedDataNetworking”,ACNS2015.A.Compagno,M.ConU,C.GhaliandG.Tsudik,ToNACKornottoNACK?NegaUveAcknowledgmentsinInformaUon-CentricNetworking,IEEEICCCN2015.
114
