Keywords

1 Introduction

Internet is being reshaped to handle content production and distribution, as nowadays users desire, for example, to watch movies and use social networking. Moreover, the number of IoT (Internet of Things) devices over the Internet is increasing enormously. However, such activities are not the most appropriate to be done over Internet, because this network was conceived for point-to-point communications. To overcome the problems raised by this communication paradigm, content centric networks (CCNs) have been proposed. According to this new paradigm, replicas of content(s) are generated and cached. The aim of caching is to reduce the latency and data loss, thereby improving the distribution quality of popular content(s). NDN (Named Data Network) is based on cache (buffer-memory) and name-based network that has been presented as a next version of CCN networks, as proposed by [16]. Nevertheless, caching, in spite of its benefits, may threat the privacy of NDN users. An adversary may know which content an user has requested and become motivated to proceed with a timing attack [7] It is based on the time differences between cached and not cached contents, as discussed later in this paper. Any type of cached content may be targeted by an adversary to cause a privacy threat. So, timing attack affecting the user privacy is a major problem in NDN, since blocking such attack is a challenging problem to solve. However, there are a few limited techniques to prevent timing attacks. The proposed countermeasure methods are based on artificial network delay [7, 10], random caching [1], and request name encrypting [5]. Since these countermeasure techniques affect the cache performance, there is a trade-off between efficiency and privacy. For example, one technique is to delay the request content in the node to reduce the network throughput.

In this paper, an implemented attack topology is presented, side-channel timing attack measurements are analyzed and, based on primary findings, and is proposed an algorithm to identify the adversary node.

The rest of this paper is organized as follows. Section 2 summarizes the NDN architecture and its features. Section 3 demonstrates the operation of side-channel timing attack and how it can be used against the user privacy. Section 4 studies current countermeasures to mitigate side-channel timing attack. Section 5 shows the scenario implemented to simulate side-channel timing attacks. Section 6 summarizes attack scenario findings, and countermeasure results. Section 7 shows related researches that have been done so far. Finally, Sect. 8 presents the conclusions.

2 NDN Architecture

NDN is an ongoing project that proposes to transform the existing Internet design into a content-centric architecture, in order to improve the content distribution efficiency. NDN is based on human readable address names and keeps the contents in the cache, thus facilitating content distribution and providing low latency [17]. NDN is based on interest and data packets. Interest packets are produced by the consumers and data packets by the producers. The content name in the interest packet identifies the request of the consumer, for example, /pt/uminho/algoritmi. As shown in Fig. 1, the producer includes a signature in the data packet. Mechanisms for signing and verifying the integrity of the contents have been proposed for NDN, such as the one described in [8].

Fig. 1.
figure 1

(adapted from [8])

Packet types used in NDN

Full size image

2.1 NDN Forwarding Model

In a NDN router, the forwarding of interest and data packets is carried out by three engines: PIT(Pending Interest Table), FIB (Forwarding Information Base) and CS (Content Store) [17].

Fig. 2.
figure 2

NDN forwarding engine model [17].

Full size image

The CS represents a cache for data packets. As illustrated in Fig. 2, the consumer interest first looks for data in the CS and, if there is a matching data, CS replies with a data packet. If the data packet is not in the CS, the router checks the data name in the PIT. If there is a matching name in the PIT, it records the incoming face (interface) of the interest. If not, the PIT forwards to the FIB the interest packet, which is then routed to the producer. For each interest packet that needs to be forwarded, the longest prefix (name) matching is searched in the FIB, which predicts when and where to forward the interest. The list of outgoing faces stored at the matched entry in the FIB is an important reference for routing.

When the data packet comes from the upstream router, the PIT is checked for a matching entry. If a match is found, the data packet is forwarded to the CS and then the entry is removed from the PIT for further incoming interest packets. If the authentication of the data packet fails, this packet is discarded by the PIT.

An NACK object informs consumers of data unavailability at the application level. Similar to NACK object, the Interest NACK is used to inform a router of its upstream router’s inability at the network layer in NDN to forward an Interest packet, as described in [14].

In order to manage the packets in the CS, PIT, and FIB, the NDN developers created an engine called NFD (NDN Forwarding Daemon) [2]. This software tool is open source and keeps on evolving.

3 Side Channel Timing Attack

If a content is already cached in the CS, this replies to the user’s interest with a data packet in a period of time. The RTT (Round Trip Time) is the time difference between sending the interest packet and receiving the data packet. The RTT of a cached content should be smaller than the RTT of a not-cached content. The adversary may take advantage of these RTT differences to know which contents have been or not placed in the CS. This technique is known as side-channel timing attack.

NDN struggles with four important privacy issues: Naming, Content, Cache, and Signature, as pointed out in [16]. This paper focus on the side-channel timing attack against the cached content in CS. Therefore, it mainly addresses privacy issues, but also name, content, and signature. These are an important issue to take into consideration, as it may affect the user privacy in NDN.

3.1 RTT Calculation

As shown in Fig. 3, a timeout occurs if the data packet is not received after a certain time interval. The timeout is related to the RTT estimation by a weight factor \(\upbeta = 2\) (TimeOut = \(\upbeta \times \mathrm{RTT}_{\textit{i}}\)). Indeed, whenever an interest is forwarded to the upstream node, the router starts a timer, which will be used to measure the RTT. If the corresponding data packet arrives before the timer expiration, the router calculates the new RTT in accordance with Eq. 1, with \(0< \upgamma < 1\). If \(\upgamma \) is equal to \(1-\frac{1}{\textit{n}}\) (n is the number of received data packets), then the real average RTT is obtained. If \(\upgamma \) is close to 1, then the weighted average RTT is immune to delay changes for a short time interval. If \(\upgamma \) is close to 0, then the weighted average RTT is very sensible to new delay changes.

If the data packet does not arrive, the router tries alternative routes until reaching the data packet. In case of non-existing data, a timeout is triggered and a NACK is sent. The router gives up of searching the data and the packet becomes an unsatisfied interest. But if a data packet was received, then the packet becomes a satisfied interest.

$$\begin{aligned} \boxed {{{<}\mathrm{RTT}{>}_{\textit{n}}=\upgamma *\,{<}\mathrm{RTT}{>}_{\textit{n-1}}+(1-\upgamma )*\mathrm{RTT}_{\textit{n}}}} \end{aligned}$$
(1)

On the other side, if the downstream search has also exhausted for incoming interest packets, an interest NACK will be sent to identify, through an error code, the cause of the unsatisfied interest (e.g., duplicate, congestion, no route) [3]. Note that the interest NACKs cannot be used on a side-channel timing attack, because this attack requires the contents to be cached and retrieved.

Fig. 3.
figure 3

Illustration of timeout and RTT in NDN

Full size image
Fig. 4.
figure 4

Side-channel timing attack

Full size image

3.2 Privacy in NDN

This sub-section explains how the side-channel timing attack is done and its effects on the CS. In this attack, an adversary node intends to break the cache privacy by requesting the same content from the CS that has been recently requested by a legitimate user.

Besides the cached contents, the adversary may also attack the certificate scheme. In NDN, each interest and data packets are bound with a public signature for integrity. Signatures are used for the authentication of the producer and each content is held in the CS for a time period. The public key of a certificate may also be used for a side-channel timing attack, that may jeopardize the user privacy, especially on real-time conversation applications and, trust-based communications. Next, it is presented the model based on RTTs, which may be used by an adversary to perform a side-channel timing attack in NDN.

Adversary Model. Considering the model illustrated in Fig. 4, let us suppose that the side-channel timing attack RTT measurement for a content is \(\hbox {RTT}_{{2}}\) (retrieve content from NDN producer), \(\hbox {RTT}_{1}\) is the RTT from the closest NDN router, \(\hbox {RTT}_{\hbox {e}}\) is the expected RTT of the intended content lookup, and \(\varepsilon \) is a negligible time difference. After collecting the timing samples, the adversary decides based on the following conditions [4]:

  • If \(|\hbox {RTT}_{\hbox {e}}-{\hbox {RTT}}_{1} | < \varepsilon \), the adversary node concludes that content has been cached by the closest router.

  • If \(|{\hbox {RTT}}_{\hbox {e}}-{\hbox {RTT}}_{2}| < \varepsilon \), the intended content is not held by any router, except the content producer.

  • If \({\hbox {RTT}}_{\hbox {e}}>{\hbox {RTT}}_{2} \) and \(\hbox {RTT}_{\hbox {e}}<\hbox {RTT}_{1} \), the adversary concludes that the lookup content has been fetched by away routers. Note that, the adversary can still predict the content location by relying on \(\hbox {RTT}_{1}\) and \(\hbox {RTT}_{2}\) values.

  • \(|\hbox {RTT}_{2}-\hbox {RTT}_{1}|>> \varepsilon \).

4 Countermeasures

This section presents suitable countermeasure methods to mitigate side-timing actions on the cache. These methods manipulate the RTT of the content replied by the CS. The countermeasure methods are basically classified in three groups: no caching, artificial delay, and random caching. These methods are described next.

4.1 No Caching

In NDN, the CS can be configured for not caching. Since, there is no content held in the cache, the side-channel timing attack cannot be done. However, the cache is important for the NDN, as it is required for content distribution. So, directly giving up of the caching is not a good option in NDN, as described in [1].

4.2 Artificial Delay

Data delivery in the NDN is affected by a certain delay impose by the routers. An additional artificial delay can be used as a solution to prevent side channel timing attack, as explained next. Let us consider \(\Delta \) the default delay value chosen randomly by a router. In side-channel timing attack, the adversary tries to figure out the \(\Delta \) value. To complicate the adversary goal, a delay \(\uptau \) is added to \(\Delta \), in order to increase the router response delay. By measuring an higher RTT value, the adversary supposes that the content is not retrieved from the CS. Nevertheless, this is still a challenging problem, because the adversary may find the delay \(\uptau \) in a period of time and have success in the attack. The value \(\uptau \) can be changed by proposed algorithms, as described in [11]. Instead of using a constant \(\uptau \), Schinzel [11] proposed a \(\uptau \) value based on a cryptographic hash function. Note that the delay methods imply a trade-off between privacy and latency, as a higher \(\uptau \) value affects negatively the latency on NDN.

4.3 Random Cache

A NDN router can cache the contents randomly, in order to mitigate side-channel timing attack. For instance, the CS may cache one data packet and then may not cache the next incoming data packet, based on a random probability number (k), as proposed in [1]. In such a random caching design, the side-channel timing measurement would fail for the contents not cached.

5 Implementation

In order to analyze the side-channel timing attack, a simulation scenarioFootnote 1 was implemented on the simulator ndnSIM v2.4 [9]. We used a part of the ISP (Internet Service Provider) map dataset (SIGCOMM2002) by using rocketfuel mapper [12], which is used to convert and read large data sets for ndnSIM. As shown in Fig. 5, the physical topology is formed by sixteen consumers (called leaf), eight backbones (bb), eight central gateway routers (cgw) and one producer (gw-root). Two adversary nodes (leaf 6 and leaf 13) are located randomly into the topology. The producer payload size was 1024 bytes. The bandwidth of the links were 10 Mbps, 100 Mbps and 1000 Mbps, as indicated in Fig. 5. The minimum and maximum delays of the links are presented in Table 1 and were obtained from the data set of a real topology. NFD was configured for best-route strategy, in order to have the best network paths to the consumer nodes. The contents are created by the producer (gw-root) and the adversary nodes lookup for the intended contents on the gateway CS. Once a legitimate leaf node publishes an interest, the first lookup is done in the gateway router. However, if the data is not cached in the gateway router, then the lookup will be made in the backbone routers. The adversary nodes measure the RTT for the lookup contents that the legitimate nodes have requested. In our design, the attack is targeted to the gateway routers that manage interest packets by PIT and cache contents from the backbone routers.

Fig. 5.
figure 5

Physical tree topology of the simulation scenario

Full size image
Table 1. Delays (min/max) between nodes linked directly
Full size table

The adversary nodes sent interest packets at a rate of 100 packets/s with a malicious interest prefixes, and the legitimate nodes at a rate 100 packets/s sending unique (not requesting same content name again) interest prefixes. The legitimate leaf nodes were configured to generate interest traffic with a randomized uniform (7 leaves) pattern and an exponential pattern (7 leaves). The legitimate nodes sent interest packets (size = \(\sim \)40 kB) with a randomized uniform pattern (0, 1/frequency), and exponential distribution (mean of \(1{\text {/}}frequency\)), as shown in Table 2. Every backbone and central gateway router caches the contents (data packet size = \(\sim \)110kB), and the popular LRU (Least Recent Used), with a capacity of 1000 data packets per node, was chosen for the CS policy.

Table 2. Interest configurations
Full size table

6 Results

The primary results showed that the adversary may retrieve the cached contents that were recently requested by the consumer. The NFD is located on each router to analyze metrics for RTT, and cache hits or misses per node.

6.1 Cache Analysis

If a content has been requested and cached, the next request for the same content causes a cache hit. The cache hit ratio (Eq. 2) is used to indicate a side-channel timing attack, it is calculated by cache hit and misses by a predefined time interval \(\Delta \). The adversarial leaf 6 and leaf 13 sent a lookup interest packet to cgw-3, 7. The lookup is done for cached contents, which are the contents recently requested by neighbor nodes (leaf 5, leaf 14).

The legitimate leaves sent interest packets with unique prefixes. Therefore, the cache hit ratio is not possible to be calculated for the leaves, because these are not re-consuming the content from the cgw CS. As Fig. 6 illustrates, the adversary leaves hit the cache during an attack period, so their cache hit ratios may reach 100%.

$$\begin{aligned} \boxed {\begin{aligned} \mathrm{Cache}\; \mathrm{hit}\; \mathrm{ratio}&= \frac{\sum _{\mathrm{i}=0}^{\mathrm{n}} \mathrm{cache}\_\mathrm{hit}_{\textit{i}}}{\sum _{\mathrm{i}=0}^{\mathrm{n}} \mathrm{cache}\_\mathrm{hit}_{\textit{i}} + \sum _{\mathrm{j}=0}^\mathrm{m} \mathrm{cache}\_\mathrm{miss}_{\textit{j}}}*100 \%&\end{aligned}} \end{aligned}$$
(2)
Fig. 6.
figure 6

Effect of a timing attack on the cache hit ratio

Full size image

6.2 Countermeasure Algorithm

The countermeasure methods affects surely the CS performance. In order to improve the CS performance, we proposed a new countermeasure algorithm (Algorithm 1). The algorithm proposes a method to identify an adversary node and to apply the countermeasure mechanism. It requires that NFD is running in each router. The proposed algorithm examines the RTT and the cache hit ratio metrics to identify the adversary node. The first detection level is done by the RTT threshold. This threshold is calculated and updated for every consumer using Eq. 3, where n is the number of RTT samples obtained periodically during a predefined time interval \((e.g.\ \Delta =0.5\,\text {s})\). The detection decision is based on the RTT threshold that is expected from consumers under no attack condition. In case of a consumer RTT value being much lower than the RTT threshold, the router is set to random caching for that consumer.

The algorithm also provides a second level detection method by using the cache hit ratio, in order to identify adversary node. The cache hit ratio is calculated periodically during the same time intervals used to calculate the RTT threshold. The NFD considers the node as an adversary, if its cache hit ratio is above the cache hit ratio threshold (Eq. 4). If the cache hit ratio of a node is above the cache hit ratio threshold, the NFD sets the node for random caching. If the RTT of a node is above the RTT threshold and the cache hit ratio is considerably lower than the cache hit ratio threshold, then the NFD configures the router with the LRU policy.

$$\begin{aligned} \boxed {\mathrm{RTT}\;\mathrm{threshold}=\dfrac{\sum _{\mathrm{i}=0}^{\mathrm{n}} {\mathrm{RTT}_{\textit{i}}}}{\mathrm{n}}} \end{aligned}$$
(3)
$$\begin{aligned} \boxed {\mathrm{Cache}\; \mathrm{hit} \; \mathrm{ratio}\; \mathrm{threshold}=\dfrac{\sum _{\mathrm{i=0}}^{\mathrm{m}} {\mathrm{CacheHitRatio}}_{\textit{i}}}{\mathrm{m}}} \end{aligned}$$
(4)
figure a

6.3 Timing Measurements

In order to analyze the values of both the RTT samples and the RTT threshold, we ran the scenario considering both the attack and no attack. As shown in Table 3, the RTT threshold values were used to identify the attack of the adversarial node. The attack is detected when the RTT of the sample is below the RTT threshold. Then, we ran the scenario with under attack and collected the first RTT samples. The results between threshold and first samples are showed that RTT values may change, because of real throughput delays and congestions. However, both the expected RTT under no attack and the RTT variation (regarding the RTT threshold) reduced dramatically for leaf 6 and leaf 13. Therefore, these leaves are considered adversarial nodes. The experimental results showed that the RTT of the adversarial leaves are shorter than the RTT of the legitimate leaves. When this occurs, the NFD may engage the random caching against the attack.

Table 3. RTT analysis
Full size table

7 Related Work

The related works considered the side-channel attacks on NDN.

Dogruluk et al. [6] evaluated the privacy attack in NDN, and proposed an adversary detection method controlled by the values of cache and interest hit ratios.

Felten and Schneider [7] evaluated side-channel timing attack measurements on web privacy. They show that the malicious web cookies can be used to acknowledge user’s recent visited web sites. They also concluded that web anonymization tools and turning off the browser’s JavaScripts features do not prevent side-channel timing attack measurements.

Zhang et al. [15] investigated the use of side-channel timing attack on VoIP privacy and how adversary may reveal the call history attacking with legitimate Public Key Infrastructure (PKI).

DiBenetetto and Gast [5] developed (AND\(\bar{a}\)NA) a tool to mitigate timing attacks in NDN. With this tool, the requested names are encrypted and afterwards are verified by the nodes and delivered to the user as data. AND\(\bar{a}\)NA is based on a TOR (The Onion Routing) paradigm [13], an anonymity browsing tool for Internet. AND\(\bar{a}\)NA makes the CS unpractical, because the data packet is only consumable for who requests it.

Mohaisen et al. [10] focused on cache privacy on ICNs (Information-centric networks) and proposed an user driven countermeasure method called Vanilla. For privacy-sensitive contents, an edge router caches the content from the producer and keeps the retrieval times of the first interest and delay the next coming requests. However, the per-client solution will not be feasible, because of the large number of consumers. Acs et al. [1] addressed side-channel timing attacks in NDN and proposed random caching and delay. This user driven method is based on flagging contents by /private and /non-private. Not with standing, we state that all contents have a sense of privacy, even daily visited sites such as google.com. To the best of our knowledge, per-client driven solution may not be the most appropriate approach for CS propose. For instance, the /private content of a user could be stated as a /non-private for other user(s).

8 Conclusions

In order to point out side-channel timing attack in NDN, we developed a scenario and show primary findings. The results show that the adversary may distinguish contents between cached and non-cached, by comparing content RTT differences. An adversary detection method algorithm is presented. The NFD based algorithm, distinguishes adversary and legitimate node by checking RTT and cache hit ratio threshold values.

The side-channel timing attack is easy to be implemented by an adversary, but the detection is a challenging issue to solve. Ideally, the cache hit and RTT metrics can be also used as an indications for side-channel timing attack. In order to keep CS performance, these indication methods can be used to identify adversary node controlled by NFD application. Through this identification method, the countermeasures (delay, random caching, and no cache) can be applied against the adversary nodes, in order to improve the CS performance.