Midterm Update

Introduction


For our Midterm update, we have decided to focus on testing Cache Flushing for all Named Data Networking (NDN) nodes when cache poisoning is detected. Though for our initial project proposal we said that we would like to implement detection and mitigation of cache poisoning attacks in NDN networks, our focus has since narrowed down to just mitigation of Cache poisoning. We will only focus only on NDN nodes cache flushing, not on users who have sent an interest packet, for it reduces the scope and overhead we would have to solve.



Simulation


Using NDNSim we will simulate a routing mechanism to ensure nodes that have a cache poisoned injection cache flush their content store (CS). We initially debated between the merits of simulating both detection and mitigation, before deciding to cut back on our scope and focusing solely on cache poisoning mitigation. So, for our simulated scenarios, we operate with the assumption that our algorithm or solution is able to detect when a cache poisoning attack is taking place in the network.


NDNSim


The team has decided to use NDNSim even though it is only offered in C++, instead of miniNDN which is written mostly in python. We picked NDNSim as it is available on both macOS and Ubuntu, and thus is fairly easily accessible even on Windows through the use of WSL 2. This is ideal for our team as we are working in separate coding environments. Most importantly though, the documentation for NDNSim is leagues apart from miniNDN’s, and will allow us to implement scenarios with much greater complexity. The greater documentation is also extremely helpful as it would allow us to onboard quicker at the start of our project.


Scenarios


Detection of cache poisoning is assumed. The scenarios we will test

  • Immediate

    • Where we know which data packet is ‘poisoned’ and look to solve it.

    • We assume here that we must cache flush the packets and notify other nodes of this poisoning.

    • We also simulate the scenario where we assume all packets from the Producer of a poisoned packet are poisoned and should thus be treated as such

    • 2 ways to cache flush

      • Flush the entire Content Store, or

      • Just the affected packets

  • False positives

    • Tests scenarios where detection fails - where detection is not completely accurate


Solutions


Our cache_flush_packet will only be given n hops to send the aforementioned packet to all the nodes it knows., we will test this to find the most efficient way to let all nodes know.


Brute force

  • Once cache poisoning is detected, the patient-zero node sends a message to all known nodes to cache flush this particular named data packet.

  • Since we don’t know which node carries which named data packet, all nodes receiving this cache_flush_packet will check for the data packet and if it has it, then it will cache flush and send this cache_flush_packet to another node. This is done a maximum of n times, where n is at our discretion.


More efficient solutions

  • Only sends packets to a subset of nodes it knows, and only has ‘n’ hops, even though this might not reach every affected node, it might prevent flooding.



Next Steps


Look into Chronosync[1] which synchronizes a shared dataset fully among a distributed group of users and how our solution has the effect on achieving a stable stage.


Our plan for the next two weeks is to quickly get our team up to speed with NDNsim, ideally before the coming weekend, and then finally move on to actually simulating and testing out the described scenarios. Our focus is on implementing the Cache Flush scenario first and foremost, and then testing its performance against as many variations of the solution, as well as alternate solutions as possible. We plan to start on the final report, based on the findings from our simulations, by Friday November 25th.





Citations:


[1] T. Li, W. Shang, A. Afanasyev, L. Wang and L. Zhang, "A Brief Introduction to NDN Dataset Synchronization (NDN Sync)," MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), 2018, pp. 612-618, doi: 10.1109/MILCOM.2018.8599772.


[2] A. Afanasyev, J. Burke, T. Refaei, L. Wang, B. Zhang and L. Zhang, "A Brief Introduction to Named Data Networking," MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), 2018, pp. 1-6, doi: 10.1109/MILCOM.2018.8599682.


[3] FIU (2019) NDNSIM Archives, Named Data Networking (NDN). Available at: https://named-data.net/tag/ndnsim/ (Accessed: November 7, 2022).


[4] Sphinx (2015) Mini-NDN. Available at: https://minindn.memphis.edu/introduction.html (Accessed: November 7, 2022).



For the contribution, pleas view: Contribution