Ertugrul Dogruluk finalizou o seu Doutoramento

Tema da Tese: Side-Channel Timing Attack on Content Privacy of Named Data Networking

Autor: Ertugrul Dogruluk

Programa Doutoral: Programa Doutoral em Engenharia Eletrónica e de Computadores

Orientadores: Joaquim Melo Henriques Macedo; António Costa

Data: 30/10/2020

ABSTRACT :  A diversity of current applications, such as Netflix, YouTube, and social media, have used the Internet mainly as a content distribution network. Named Data Networking (NDN) is a network paradigm that attempts to answer today’s applications need by naming the content. NDN promises an optimized content distribution through a named content-centric design. One of the NDN key features is the use of in-network caching to improve network efficiency in terms of content distribution. However, the cached contents may put the consumer privacy at risk. Since the time response of cached contents is different from un-cached contents, the adversary may distinguish the cached contents (targets) from un-cached ones, through the side-channel timing responses. The scope of attack can be towards the content, the name, or the signature. For instance, the adversary may obtain the call history, the callee or caller location on a trusted Voice over NDN (VoNDN) and the popularity of contents in streaming applications (e.g. NDNtube, NDNlive) through side-channel timing responses of the cache.

The side-channel timing attack can be mitigated by manipulating the time of the router responses. The countermeasures proposed by other researches, such as additional delay, random/probabilistic caching, group signatures, and no-caching can effectively be used to mitigate the attack. However, the content distribution may be affected by pre-configured countermeasures which may go against the goal of the original NDN paradigm. In this work, the detection and defense (DaD) approach is proposed to mitigate the attack efficiently and effectively. With the DaD usage, an attack can be detected by a multi-level detection mechanism, in order to apply the countermeasures against the adversarial faces. Also, the detections can be used to determine the severity of the attack. In order to detect the behavior of an adversary, a brute-force timing attack was implemented and simulated with the following applications and testbeds: i. a trusted application that mimics the VoNDN and identifies the cached certificate on a worldwide NDN testbed, and ii. a streaming-like NDNtube application to identify the popularity of videos on the NDN testbed and AT&T company. In simulation primary results showed that the multi-level detection based on DaD mitigated the attack about 39.1% in best-route, and 36.6% in multicast communications. Additionally, the results showed that DaD preserves privacy without compromising the efficiency benefits of in-network caching in NDNtube and VoNDN applications.