ACM ICN 2017, Berlin
MENU

4th ACM Conference on Information-Centric Networking (ICN 2017), Sep. 26-28, 2017

Conference Program

 

Keynote: Private Namespaces in ICN

Jon Crowcroft will give the keynote at ACM ICN 2017.

Jon Crowcroft has been the Marconi Professor of Communications Systems in the Computer Laboratory of University of Cambridge since October 2001. He has worked in the area of Internet support for multimedia communications for over 30 years. Three main topics of interest have been scalable multicast routing, practical approaches to traffic management, and the design of deployable end-to-end protocols. Current active research areas are Opportunistic Communications, Social Networks, and techniques and algorithms to scale infrastructure-free mobile systems. He leans towards a "build and learn" paradigm for research.

Abstract

Names contain rich semantics, and so knowing who is interested in which named data can represent an invasion of privacy. At the same time, name structures can help with organising information (ontologies etc) - in this talk I'll discuss some ideas about creation and use of private name spaces.

Schedule

  • Tuesday, September 26, 2017

  • 8:00am - 9:00am Registration

  • 9:00am - 12:30pm Tutorials

  • NDN/CCN-lite/RIOT

    Room: Lecture hall

  • FD.io/cicn

    Room: 049

  • 12:30pm - 1:45pm Lunch

  • 1:45pm - 6:00pm Tutorials

  • NDN/CCN-lite/RIOT (cntd.)

    Room: Lecture hall, 051, 046

  • Umobile

    Room: 49

  • 6:30pm - 11:00pm Welcome Reception

  • Welcome Reception will take place at Museum of European Cultures (or short MEK).

    From 6:30pm - 7:30pm, you can visit the exhibition (no entrance fee).

    Between 7:30pm - 8:00pm we will have a music intermezzo. Maralda Thon, a rising accordion player, will perform very analog sounds from common and uncommon names.

  • Wednesday, September 27, 2017

  • 8:00am - 9:00am Registration

  • 9:00am - 9:20am Opening Session

    Room: Lecture Hall

  • Welcome from General Chairs

    Thomas Schmidt (HAW Hamburg), Jan Seedorf (HFT Stuttgart)

  • Welcome & Logistics from Local Arrangement Chairs

    Matthias Wählisch (Freie Universität Berlin), Mayutan Arumaithurai (University Göttingen)

  • Welcome and Overview of Program from TPC Chairs

    Dave Oran (MIT Media Lab), Christian Tschudin (University of Basel)

  • 9:20am - 10:10am Keynote

    Room: Lecture Hall

  • Keynote: Private Namespaces in ICN

    Jon Crowcroft (Marconi Professor of Communications Systems, University of Cambridge)


    Abstract:

    Names contain rich semantics, and so knowing who is interested in which named data can represent an invasion of privacy. At the same time, name structures can help with organising information (ontologies etc) - in this talk I'll discuss some ideas about creation and use of private name spaces.

     

    Bio:
    Jon Crowcroft has been the Marconi Professor of Communications Systems in the Computer Laboratory of University of Cambridge since October 2001. He has worked in the area of Internet support for multimedia communications for over 30 years. Three main topics of interest have been scalable multicast routing, practical approaches to traffic management, and the design of deployable end-to-end protocols. Current active research areas are Opportunistic Communications, Social Networks, and techniques and algorithms to scale infrastructure-free mobile systems. He leans towards a "build and learn" paradigm for research. Further information is available at https://www.cl.cam.ac.uk/~jac22.

     

  • 10:10am - 10:30am Coffee Break

  • 10:30am - 11:30am Technical Session 1: Security (full papers)

    Session Chair: Dirk Kutscher

    Room: Lecture Hall

  • When Encryption is Not Enough: Privacy Attacks in Content-Centric Networking

    Cesar Ghali (UCI), Gene Tsudik (UCI), Christopher A. Wood (UCI)

    • Abstract:

      Content-Centric Networking (CCN) is a network architecture for transferring named content from producers to consumers upon request. The name-to-content binding is cryptographically enforced with a digital signature generated by the producer. Thus, content integrity and origin authenticity are core features of CCN. In contrast, content confidentiality and privacy are left to the applications. The typically advocated approach for protecting sensitive content is to use encryption, i.e., restrict access to those who have appropriate decryption key(s). Moreover, content is typically encrypted once for identical requests, meaning that many consumers obtain the same encrypted content. From a privacy perspective, this is a step backwards from the ``secure channel'' approach in today's IP-based Internet, e.g., TLS or IPSec.

      In this paper, we assess the privacy pitfalls of this approach, particularly, when the adversary learns some auxiliary information about popularity of certain plaintext content. Merely by observing (or learning) the frequency of requested content, the adversary can learn which encrypted corresponds to which plaintext data. We evaluate this attack using a custom CCN simulator and show that even moderately accurate popularity information suffices for accurate mapping. We also show how the adversary can exploit caches to learn content popularity information. The adversary needs to know the content namespace in order to succeed. Our results show that encryption-based access control is insufficient for privacy in CCN. More extensive counter-measures (such as namespace restrictions and content replication) are needed to mitigate the attack.

       

  • NDN DeLorean: An Authentication System for Data Archives in Named Data Networking

    Yingdi Yu (UCLA), Alexander Afanasyev (UCLA), Jan Seedorf (HFT Stuttgart), Zhiyi Zhang (UCLA), Lixia Zhang (UCLA),

    • Abstract:

      Named Data Networking (NDN) enables data-centric security in network communication by mandating digital signatures on network-layer data packets. Since the lifetime of some data can extend to many years, they outlive the lifetime of their signatures. This paper introduces NDN DeLorean, an authentication framework to ensure the long-term authenticity of long-lived data. The design of DeLorean takes a publicly auditable bookkeeping service approach to keep permanent proofs of data signatures and the times when the signatures were generated. To assess DeLorean's feasibility, the paper presents a set of analytical evaluations on the operational cost as a function of data archive volumes. The paper also identifies several remaining issues that must be addressed in order to make DeLorean a general solution to authenticating long-lived data

       

  • 11:30am - 12:30pm Technical Session 2: Architecture (short papers)

    Session Chair: Alex Afanasyev

    Room: Lecture Hall

  • A Keyword-based ICN-IoT Platform

    Onur Ascigil (University College of London), Sergi Rene (University College of London), George Xylomenos (University College of London), Ioannis Psaras (University College of London), George Pavlou (University College of London)

    • Abstract:

      Information-Centric Networking (ICN) has been proposed as a promising solution for the Internet of Things (IoT), due to its focus on naming data, rather than endpoints, which can greatly simplify applications. The hierarchical naming of the Named-Data Networking (NDN) architecture can be used to name groups of data values, for example, all temperature sensors in a building. However, the use of a single naming hierarchy for all kinds of different applications is inflexible. Moreover, IoT data are typically retrieved from multiple sources at the same time, allowing applications to aggregate similar information items, something not natively supported by NDN. To this end, in this paper we propose (a) locating IoT data using (unordered) keywords combined with NDN names and (b) processing multiple such items at the edge of the network with arbitrary functions. We describe and evaluate three different strategies for retrieving data and placing the calculations in the edge IoT network, thus combining connectivity, storage and computing.

       

  • Improved Content Addressability Through Relational Data Modeling and In-Network Processing Elements

    Claudio Marxer (University of Basel), Christian Tschudin (University of Basel)

    • Abstract:

      Recent realizations of the ICN principle organize content in a hierarchical namespace. We argue that this addressing mode has shortcomings because a single document could be part of several data collections. For instance, Joe's record of his New York Marathon run might be published as a content object with the name /repo/events/NYmarathon/record1234 but would also fit into /repo/users/Joe/record1234. Even further, the content of documents can be very multifaceted such that not all details (e.g. spacial coordinates, timestamps, rankings) can be made available on the name surface.

      In this paper we show that CCN-style networks enriched with active elements, i.e. content processing/producing entities, can overcome these problems. Exemplarily, we adopt relational data modeling concepts to organize named data and deploy Named Function Networking to implement content addressability which goes beyond the scope of pure, i.e. passive, CCN.

       

  • The Need for a Name to MAC Address Mapping in NDN: Towards Quantifying the Resource Gain

    Peter Kietzmann (HAW Hamburg), Cenk Gündogan (HAW Hamburg), Thomas C. Schmidt (HAW Hamburg), Oliver Hahm (RIOT), Matthias Wählisch (Freie Universität Berlin),

    • Abstract:

      In this paper, we start from two observations. First, many application scenarios that benefit from ICN involve battery driven nodes connected via shared media. Second, current link layer technologies are completely ICN agnostic, which prevents filtering of ICN packets at the device driver level. Consequently, any ICN packet, Interest as well as data, is processed by the CPU. This sacrifices local system resources and disregards link layer support functions such as wireless retransmission. We argue for a mapping of names to MAC addresses to efficiently handle ICN packets, and start exploring dynamic face-based mapping schemes. We analyze the impact of this link-layer adaptation in real-world experiments and quantitatively compare to different configurations. Our findings on processing, reliability, and energy consumptions on constrained devices indicate significant gains in larger networks.

       

  • 12:30pm - 1:45pm Lunch

  • 1:45pm - 3:15pm Technical Session 3: Forwarding (full papers)

    Session Chair: Jan Seedorf

    Room: Lecture Hall

  • Toward an Ideal NDN Router on a Commercial Off-the-shelf Computer

    Junji Takemasa (Osaka University), Yuki Koizumi (Osaka University), Toru Hasegawa (Osaka University),

    • Abstract:

      The goal of the paper is to present what the ideal and fastest NDN forwarding engine on a commercial off-the-shelf (COTS) computer is supposed to be. The paper designs a reference forwarding engine by selecting well-established high-speed techniques and then analyzes a prototype implemented according to the design to know its performance bottleneck. The microscopic analysis at the level of CPU pipelines and instructions reveals that dynamic random access memory (DRAM) access latency is one of bottlenecks for high-speed forwarding engines. Finally, the paper designs several prefetch-friendly packet processing techniques to hide DRAM access latency. The prototype according to the prefetch-friendly packet processing techniques achieves more than 40 million packets per second packet forwarding on a COTS computer.

       

  • Request Aggregation, Caching, and Forwarding Strategies for Improving Large Scientific Data Distribution: A Case Study

    Susmit Shannigrahi (Colorado State University), Chengyu Fan (Colorado State University), Christos Papadopoulos (Colorado State University)

    • Abstract:

      Scientific domains such as Climate Science, High Energy Particle Physics (HEP) and others, routinely generate and manage petabytes of data, projected to rise into exabytes. The sheer volume and long life of the data stress IP networking and traditional content distribution networks mechanisms. Thus, each scientific domain typically designs, develops, implements, deploys and maintains its own data management and distribution system, often duplicating functionality. Supporting various incarnations of similar software is wasteful, prone to bugs, and results in an ecosystem of one-off solutions.

      In this paper, we present the first trace-driven study that investigates NDN in the context of a scientific application domain. Our contribution is threefold. First, we analyze a three-year climate data server log and characterize data access patterns to expose important variables such as cache size. Second, using an approximated topology derived from the log, we replay log requests in real-time over an NDN simulator to evaluate how NDN improves traffic flows through aggregation and caching. Finally, we implement a simple, nearest-replica NDN forwarding strategy and evaluate how NDN can improve scientific content delivery.

       

  • Path Switching in Content Centric and Named Data Networks

    Ilya Moiseenko (Cisco Systems), Dave Oran (Network Systems Research and Design),

    • Abstract:

      ICN communication is inherently multipath and potentially multi-destination. Content Centric and Named Data Networks at present do not offer a mechanism to direct traffic onto a specific path in multipath or a specific destination in a multi-destination environment, because the forwarding plane multiplexes packets across nexthops dynamically. This makes it challenging to provide practical multipath traceroute and ping applications, or implement multipath-aware congestion control, traffic engineering or SDN solutions. The symmetry of forward and reverse paths in Content Centric and Named Data Networks allows one to compute an end-to-end path label in a Data message on the reverse path and subsequently use this label to forward an Interest message through a specific nexthop. ICN Path Switching is a method of high-speed Interest forwarding in Content Centric and Named Data networks based on exact matching of a nexthop label retrieved from the Interest's path label against nexthops in the ICN Forwarder's Adjacency database. ICN Path Switching maintains all major characteristics of CCN~/~NDN architectures, such as multicasting, caching, flow balance, etc. Simulations demonstrate that path labels are consistent with ICN control plane routing state in the presence of route updates. Analysis of ICN Path Switching with regards to Multiprotocol Label Switching (MPLS) and Segment Routing architectures suggests that it offers similar advantages at lower complexity with the potential to simplify network operations.

       

  • 3:15pm - 5:00pm Posters and Demos

    Room: Foyer and SR055

  • Includes coffee break from 3:15pm-3:45pm

  • 6:00pm - 7:00pm Guided City Tour to banquet

  • At 5:30pm, we will leave the Best Western to go to the starting point of the tour.


    At 6:00pm, the tour starts from S-Friedrichstr. to the banquet. We will meet in front of the entry of museum "Tränenpalast", which is in front of the S-Friedrichstr.. The tour is organized by professional tour guides.


    More details.

  • 7:00pm - 00:00am Conference Banquet

  • The Conference Banquet will take place in Clärchens Ballhaus.


    Note that we will have an outrage opinion session. If you want to make a statement, contact Dave Oran.

  • Thursday, September 28, 2017

  • 9:00am - 10:30am Technical Session 4: Caching & Mobility (full papers)

    Session Chair: Luca Muscariello

    Room: Lecture Hall

  • Jointly Optimal Routing and Caching for Arbitrary Network Topologies

    Stratis Ioannidis (Northeastern University), Edmund Yeh (Northeastern University)

    • Abstract:

      We study a problem of fundamental importance to ICNs, namely, minimizing routing costs by jointly optimizing caching and routing decisions over an arbitrary network topology. We consider both source routing and hop-by-hop routing settings. The respective offline problems are NP-hard. Nevertheless, we show that there exist polynomial time approximation algorithms producing solutions within a constant approximation from the optimal. We also produce distributed, adaptive algorithms with the same approximation guarantees. We simulate our adaptive algorithms over a broad array of different topologies. Our algorithms reduce routing costs by several orders of magnitude compared to prior art, including algorithms optimizing caching under fixed routing.

       

  • Proactive Caching with Mobility Prediction under Uncertainty in Information-centric Networks

    Noor Abani (University of California), Torsten Braun (University of Bern), Mario Gerla (University of California)

    • Abstract:

      Proactive caching can be a key enabler for reducing the latency of retrieving predictable content requests, alleviating backhaul traffic and mitigating latency caused by handovers. In mobile networks, proactive caching relies on mobility prediction to locate the mobile device's next location and hence the node that must prefetch the content. Previously proposed proactive caching strategies use exclusively edge caching and cache redundant copies on multiple edge nodes to address prediction uncertainty. In this paper, we present a proactive caching strategy that leverages ICN's flexibility of caching data anywhere in the network, rather than just at the edge, like conventional content delivery networks. The main contribution of the paper is to use entropy to measure mobility prediction uncertainty and locate the best prefetching node, thus eliminating redundancy. While prefetching at levels higher in the network hierarchy incurs higher delays than at the edge, our evaluation results show that the increase in latency does not negate the performance gains of proactive caching. Moreover, the gains are amplified by the reduction in server load and cache redundancy achieved.

       

  • Low-power Internet of Things with NDN and Cooperative Caching

    Oliver Hahm (Inria), Emmanuel Baccelli (Inria), Thomas C. Schmidt (HAW Hamburg), Matthias Wählisch (FU Berlin), Cédric Adjih (Inria), Laurent Massoulié (Inria),

    • Abstract:

      Energy efficiency is a major driving factor in the Internet of Things(IoT). In this context, an IoT approach based on Information-Centric Networking (ICN) offers prospects for low energy consumption. Indeed, ICN can provide local in-network content caching so that relevant IoT content remains available at any time while devices are in deep-sleep mode most of the time. In this paper, we evaluate NDN enhanced with CoCa, a simple side protocol we designed to exploit content names together with smart interplay between cooperative caching and power-save sleep capabilities on IoT devices. We perform extensive, large scale experiments on real hardware with IoT networks comprising of up to 240 nodes, and on an emulator with up to 1000 nodes. We show in practice that, with NDN+CoCa, devices can reduce energy consumption by an order of magnitude while maintaining recent IoT content availability above 90 %. We furthermore provide auto-configuration mechanisms enabling practical ICN deployments on IoT networks of arbitrary size with NDN+CoCa. With such mechanisms, each device can autonomously configure names and auto-tune parameters to reduce energy consumption as demonstrated in this paper.

       

  • 10:30am - 10:50am Coffee Break

  • 10:50am - 11:30am Technical Session 5: Infrastructure (short papers)

    Session Chair: Toru Hasegawa

    Room: Lecture Hall

  • Virtualized ICN (vICN): Towards a Unified Network Virtualization Framework for ICN Experimentation

    Mauro Sardara (Cisco Systems), Luca Muscariello (Cisco Systems), Jordan Augé (Cisco Systems), Marcel Enguehard (Cisco Systems), Alberto Compagno (Cisco Systems), Giovanna Carofiglio (Cisco Systems),

    • Abstract:

      To assess the feasibility and potential for deployment of new networking paradigms such as ICN, being able to carry out large scale experimentation and tests in real operational networks is crucial. Various platforms have been developed by the research community to support design and evaluation of specific aspects of ICN architecture. Most of them provide ICN-dedicated, small scale or application-specific environments and ad-hoc testing tools, non reusable in other contexts nor in real-world IP deployments. The goal of this paper is to contribute vICN (virtualized ICN), a unified open-source framework for network configuration and management that uses recent progresses in resource isolation and virtualization techniques. It offers a single, flexible and scalable platform to serve different purposes, ranging from reproducible large-scale research experimentation, to demonstrations with emulated and/or physical devices and network resources and to real deployments of ICN in existing IP networks. In the paper, we describe the rationale for vICN and its components, highlighting programmability, scalability and reliability as its core principles. Illustration of vICN properties is provided through concrete examples.

       

  • NDN-Trace: A Path Tracing Utility for Named Data Networking

    Siham Khoussi (National Institute of Standards and Technology), Davide Pesavento (National Institute of Standards and Technology), Lotfi Benmohamed (National Institute of Standards and Technology), Abdella Battou (National Institute of Standards and Technology),

    • Abstract:

      In this paper we propose NDN-Trace, a path tracing utility to determine the characteristics of the available paths to reach a given name prefix in NDN-based networks. While the traceroute tool in IP networks is based on an iterative process, with each iteration incrementally traversing more hops along the path to the target, we adopt a non-iterative approach, with the tracing process done at the application layer. Our design supports multi-path tracing that can be used to trace paths to NDN forwarding nodes, applications, or content store caches, while providing path information (node identifiers and round-trip times), as well as optional metrics such as those related to content stores. NDN-Trace leverages NDN's native Interest/Data exchange and does not require changes to NDN forwarding. We present a C++ implementation of our design, and show experimental results that demonstrate its capabilities. We also discuss open issues and future work, including an approach to implement path tracing within the NDN forwarder itself.

       

  • 11:30am - 12:30pm Panel: ICN in the OS

    Session Chair: Christian Tschudin

    Room: Lecture Hall

  • 12:30pm - 1:45pm Lunch

  • 1:45pm - 3:15pm Technical Session 6: Potpourri (full papers)

    Session Chair: Mayutan Arumaithurai

    Room: Lecture Hall

  • Facilitating ICN Deployment with an Extended OpenFlow Protocol

    Piotr Zuraniewski (TNO), Niels L. M. van Adrichem (TNO), Daan Ravesteijn (TNO), Wieger IJntema (TNO), Christos Papadopoulos (Colorado State University), Chengyu Fan (Colorado State University),

    • Abstract:

      Leveraging the flexibility of Software-Defined Networking (SDN) can solve aforementioned problems. Due to its dynamic nature, SDN can automatically recognize an NDN service and instruct switches to set up the configuration for actual service deployment. Such a solution significantly eases the deployment of NDN networks.

      In this paper, we propose a hybrid solution where we combine Software-Defined Networking, more specifically OpenFlow, and eBPF to perform control plane configuration and data plane programmability respectively, to realize connectivity within and across NDN domains. To do so, we have designed eBPF filters that match on NDN traffic, extended the OpenFlow protocol to configure switch data planes with these match filters and enhanced an OpenFlow switch to act accordingly. Our OpenFlow controller written for Ryu performs routing on NDN names and configures switches correspondingly. Additionally, our controller detects NDN domains and sets up IP tunnels between them. Our evaluation shows that our proof-of-concept on, among others, the SciNet testbed autoconfigures an NDN network, successfully providing end-to-end NDN network functionality across multiple domains.

       

  • NFaaS: Named Function as a Service

    Michal‚ Krol (University College London), Ioannis Psaras (University College London)

    • Abstract:

      Recent efforts in the general area of Information-Centric Networking have been focusing on several issues that mainly pertain to traditional content delivery (e.g., routing and forwarding scalability, congestion control and in-network caching). However, in order to keep up with trends in the wider area of future Internet paradigms, there is a pressing need to extend current architectural proposals to support edge/fog computing environments. With this goal in mind, we propose Named Function as a Service (NFaaS), a framework that extends the Named Data Networking architecture to support in-network function execution. In contrast to existing works, NFaaS builds on very lightweight VMs and allows for dynamic execution of custom code. Functions can be downloaded and be run by any node in the network. Functions can move between nodes according to user demand, making resolution of moving functions a first-class challenge. NFaaS includes a Kernel Store component, which is responsible for storing functions, but also for making decisions as to which functions to run locally. NFaaS includes a routing protocol and a number of forwarding strategies in order to deploy and dynamically migrate functions within the network. We validate our design through extensive simulations, which show that delay-sensitive functions are deployed closer to the edge, while less delay-sensitive ones closer to the core. We also present a real-world prototype using rumprun unikernels to test the validity of our system design.

       

  • A Native Content Discovery Mechanism for Information-centric Networks

    Onur Ascigil (University College London), Vasilis Sourlas (University College London), Ioannis Psaras (University College London), George Pavlou (University College London),

    • Abstract:

      Recent research has considered various approaches for discovering content in the cache-enabled nodes of an Autonomous System (AS) to reduce the costly inter-AS traffic. Such approaches include i) searching content opportunistically (on-path) along the default intra-AS path towards the content origin for limited gain, and ii) actively coordinate nodes when caching content for significantly higher gains, but also higher overhead. In this paper, we try to combine the merits of both worlds by using traditional opportunistic caching mechanisms enhanced with a lightweight content discovery approach. Particularly, a content retrieved through an inter-AS link is cached only once along the intra-AS delivery path to maximize network storage utilization, and ephemeral forwarding state to locate temporarily stored content is established opportunistically at each node along that path during the processing of Data packets. The ephemeral forwarding state either points to the arriving or the destination face of the Data packet depending on whether the content has already been cached along the path or not. The challenge in such an approach is to appropriately use and maintain the ephemeral forwarding state to minimize inter-AS content retrieval, while keeping retrieval latency and overhead at acceptable levels. We propose several forwarding strategies to use and manage ephemeral state and evaluate our mechanism using an ISP topology for various system parameters. Our results indicate that our opportunistic content discovery mechanism can achieve near-optimal performance and significantly reduce inter-AS traffic.

       

  • 3:15pm - 3:45pm Coffee Break

  • 3:45pm - 4:45pm Technical Session 7: Architecture (short papers)

    Session Chair: Börje Ohlman

    Room: Lecture Hall

  • Realizing a Virtual Private Network using Named Data Networking

    Craig Partridge (Raytheon BBN Technologies), Sam Nelson (Raytheon BBN Technologies), Derrick Kong (Raytheon BBN Technologies),

    • Abstract:

      An approach to creating secure virtual private networks for the Named Data Networking (NDN) protocol suite is described. It encrypts and encapsulates NDN packets from higher security domains and places them as the payload in unencrypted NDN packets, much as IPsec encapsulates encrypted IP datagrams in unencrypted IP datagrams. We then leverage the well-known properties of the IP-in-IP approach, taken by IPsec in tunnel mode, to understand the strengths and weaknesses of the proposed NDN-in-NDN approach.

       

  • Secure Producer Mobility in Information-Centric Network

    Alberto Compagno (Cisco Systems), Xuan Zeng (IRT SystemX - UPMC), Luca Muscariello (Cisco Systems), Giovanna Carofiglio (Cisco Systems), Jordan Augé (Cisco Systems),

    • Abstract:

      One of the fundamental requirements of the next generation 5G networks is to support seamless mobility over an heterogeneous access network by design. The shift from host-based to content-based location-independent communication makes Information-Centric Networking (ICN) an appealing technology to provide not only mobility, but also security and storage as native properties of the network architecture.

      Previous work in ICN literature focused on name-based mobility management solutions and particularly on the challenges of producer mobility, which involves an interaction between forwarding and control plane.

      In this paper, we consider the security implications of producer mobility in ICN and we highlight the importance of securing producer to network interactions. We focus on the problem of prefix hijacking: a class of attacks that can be exploited to threaten both the security of the ICN networks and the privacy of its users. To prevent this class of attacks, we propose a fully distributed and very low-overhead protocol for name prefix attestation based on hash-chaining. First results show order of magnitudes improvement in verification latency with respect to signature verification, the leading alternative approach to thwart prefix hijacking attacks.

       

  • Schematized Access Control for Data Cubes and Trees

    Claudio Marxer (University of Basel), Christian Tschudin (University of Basel),

    • Abstract:

      In classic ICN where delivery of named data cannot be guarded, access control is usually implemented by first encrypting the data and secondly by providing the corresponding data encryption keys (DEKs) to authorized users only: Authorized users will obtain DEKs in encrypted form, wrapped with their public key. This approach has three shortcomings which we address in this paper. (a) Key management is tedious if it has to be done on a per-principle basis, (b) access granularity for single documents should be extended to document collections (e.g. namespace sub-trees) and data cubes (sub-elements within data records), (c) there needs to be support for access right propagation across data aggregation and derivation chains.

       

  • 4:45pm - 5:00pm Closing

    Room: Lecture Hall

List of Accepted Posters

  • IPRES: In-device Proxy Re-Encryption Service for Secure ICN

    Kalika Suksomboon, Atsushi Tagami, and Anirban Basu (KDDI Research, Inc.) and Jun Kurihara (KDDI Corporation)

    • Abstract:

      A key paradigm of Information Centric Networking (ICN) is that the content-based security, privacy and access control are deployed directly in the network layer. However, there is a gap between security in the network and application layers. This creates a vulnerable space for cyber attacks from inside a device. To address this problem, we discuss and present a guideline on ICN access control. Since a semi-trusted proxy has been seen as an advantageous solution for access control and efficiency in content sharing services, we introduce the proxy in a consumer’s device and propose an in-device proxy re-encryption service (IPRES) architecture for efficiency in both access control management and resource usage.

       

  • NDNCERT: Universal Usable Trust Management for NDN

    Zhiyi Zhang (UCLA), Alexander Afanasyev (Florida International University), and Lixia Zhang (UCLA)

    • Abstract:

      The Named Data Networking (NDN) architecture builds the security primitives into the network layer: all retrieved data packets must be signed to ensure their integrity, authenticity, and provenance. To ensure that these primitives are used in a meaningful way without imposing undue burdens on NDN users, the management of cryptographic keys and certificates needs to work in a simple, secure, and user-friendly way. This poster introduces the NDN Trust Management system (NDNCERT) which is designed to fill this need. NDNCERT provides flexible mechanisms to delegate trust between certificates, either within a single device (managing permissions for local applications on a node to operate under a given namespace) or across devices/entities. NDNCERT features a modular design for security challenges that establish trust through out-of-band means for certificate issuing. Once a node or an application obtains a valid certificate for its namespace (or being configured with a self-signed certificate), it automatically becomes a certificate authority for its namespace, and can use the same NDNCERT protocol to produce certificates for the sub-namespaces.

       

  • Adaptive Forwarding of Persistent Interests in Named Data Networking

    Philipp Moll, Julian Janda, and Hermann Hellwagner (Alpen-Adria-Universität Klagenfurt)

    • Abstract:

      *Persistent Interests* (PIs) are a promising approach to introduce push-type traffic in Named Data Networking (NDN), in particular for conversational services such as voice and video calls. Forwarding decisions for PIs are crucial in NDN because they establish a long-lived path for the data flowing back toward the PI issuer. In the course of studying the use of PIs in NDN, we investigate *adaptive* PI forwarding and present a strategy combining regular NDN forwarding information and results from *probing* potential alternative paths through the network. Simulation results indicate that our adaptive PI forwarding approach is superior to the PI-adapted Best Route strategy when network conditions change due to link failures.

       

  • Near Loop-free Routing: Increasing Path Choices with Stateful Forwarding

    Klaus Schneider and Beichuan Zhang (The University of Arizona), Lan Wang (The University of Memphis), and Lixia Zhang (UCLA)

    • Abstract:

      When splitting traffic for one destination among multiple paths, the employed paths should be loop-free, lest they waste network resources, and the involved routers should be given a high path choice, that is, a high number of potential nexthops. In IP networks this requires the use of a loop-free routing protocol, which limits the achievable path choice.

      Here we show that, in NDN, we can increase the path choice by combining a Near Loop-free Routing protocol (NLR) with on-demand loop removal at the forwarding layer. NLR routers 1) exclude the incoming face from forwarding, 2) use certain heuristics to minimize routing loops, and 3) remove any remaining loops at the forwarding plane. NLR achieves a higher path choice and path quality than current alternatives, while keeping computation complexity low.

       

  • Device-to-Device Communication with Named Data Networking

    Wentao Shang (UCLA), Alexander Afanasyev (Florida International University), and Yanbiao Li, Jeff Burke, and Lixia Zhang (UCLA)

    • Abstract:

      Named Data Networking (NDN) architecture uses the data-centric communication primitives that naturally enable direct device-to-device (D2D) communications. To make NDN-enabled D2D communication a reality, this poster aims at two goals. First, we report our recent progress in enabling NDN connectivity over a number of popular D2D networking technologies. Second, we share with the broader community the roadblocks that we discovered in the process. Our experience suggests that bringing a new network protocol stack for D2D communication on common platforms can be a daunting engineering challenge because of the lack of standard cross-platform APIs, limited documentation, and general platform restrictions to use L2 interfaces directly. Moreover, platforms are o en equipped with different D2D networking technologies, forcing one to use multiple different means to interconnect different systems.

       

  • NAC: Name-Based Access Control in Named Data Networking

    Zhiyi Zhang and Yingdi Yu (UCLA), Alexander Afanasyev (Florida International University), and Jeff Burke and Lixia Zhang (UCLA)

    • Abstract:

      As a proposed Internet architecture, Named Data Networking must provide effective security support: data authenticity, confidentiality, and availability. This poster focuses on supporting data confidentiality via encryption. The main challenge is to provide an easy-to-use key management mechanism that ensures only authorized parties are given the access to protected data. We describe the design of name-based access control (NAC) which provides automated key management by developing systematic naming conventions for both data and cryptographic keys. We also discuss an enhanced version of NAC that leverages attribute-based encryption mechanisms (NAC-ABE) to improve the flexibility of data access control and reduce communication, storage, and processing overheads.

       

  • A Unified Data Structure of Name Lookup for NDN Data Plane

    Miaomiao Liu, Tian Song, and Yating Yang (Beijing Institute of Technology) and Beichuan Zhang (The University of Arizona)

    • Abstract:

      NDN data plane relays name-based packets by maintaining three tables: Content Store, Pending Interest Table and Forwarding Information Base. The three tables require similar but different schemes to be matched and updated in a nearly per-packet fashion, thus individual data structure is required for each table. In this work, we propose a unified data structure of name lookup for all three tables, namely CTrie, aiming at reducing the computational cost from three pipelined lookup rounds down to one unified round. CTrie extends the original Patricia trie to a combinational trie structure built from both component-based and byte-based hierarchical names. We compared CTrie with other approaches in speed and memory. The results show that CTrie runs 3.2 times faster and consumes about 38% memory than the current ones in terms of the whole data plane. CTrie fits for all application scenarios of NDN and especially well for IoT like lightweight-deployed scenarios.

       

  • Local Naming Service for Named Data Networking of Things

    Yating Yang and Tian Song (Beijing Institute of Technology)

    • Abstract:

      For those resource-constrained IoT sensors deployed over NDN, they have to carry scalable and thus long names within length-limited packets for global use, which produces additional overhead in fragmentation and network traffic across layers. However, for a local IoT region, sensors normally offer relatively mono-service of sensing therefore the same prefix of names in a periodical manner. Based on this observation, we introduce a Local Naming Service (LNS) to convert name between specific long name and symbolic short one for support of both valid global communication and lightweight local transmission. LNS explores the potential of name conversion on the fly while preserving data authentication in NDN packets.

       

  • VectorSync: Distributed Dataset Synchronization over Named Data Networking

    Wentao Shang (UCLA), Alexander Afanasyev (Florida International University), and Lixia Zhang (UCLA)

    • Abstract:

      Distributed dataset synchronization (sync for short) provides an important abstraction for multi-party data-centric communication in the Named Data Networking (NDN) architecture. Since the beginning of the NDN project, several sync protocols have been developed, each made its own design choices that cause inefficiency under various conditions. Furthermore, none of them provides group membership management, making it difficult to remove departed nodes from the protocol state maintained at each node. This poster presents VectorSync, a new NDN sync protocol that is built upon the lessons learned so far, provides group membership management, and improves the efficiency of dataset synchronization.

       

  • NDN Synchronization: iRoundSync, an Improved RoundSync

    Ayat Zaki Hindi (Inria, Université Paris-Saclay), Michel Kieffer (L2S, CNRS-CentraleSupelec-Univ Paris-Sud), Cedric Adjih (Inria, Université Paris-Saclay), and Claudio Weidmann (ETIS, ENSEA - Université de Cergy-Pontoise - CNRS)

    • Abstract:

      In this work, we focus on the state-of-the-art protocol RoundSync: we study its core features, that permit participating nodes to detect, propagate, and reconcile all changes. Particular attention is given to the case of multiple changes per round. We then propose an improved variant, iRoundSync, that exchanges fewer messages in the multiple-change case and is more resilient to packet losses. To quantify the performance of iRoundSync and illustrate the gains, we evaluate it on simple topologies.

       

  • Now@ - Content Sharing Application over NDN

    Omar Aponte and Paulo Mendes (Copelabs/ULHT)

    • Abstract:

      Sharing content has become part of our lives; Twitter for instance, is one of the most popular application in this area with millions of users in the entire world. At the same time, in the recent years, Named-Data Networking has become a promising network infrastructure, with continuous growth and collaborating teams that are working on it. In this paper we describe Now@, aiming to increase the impact of NDN near the end user with an Android application that allows them to exchange data based on their interests. To achieve this goal, we have developed Now@ based on synchronization of data. Now@ can operate on top of NFD Android allowing data exchange via wireless Internet and on top of NDN-Opp allowing data to be exchanged even in the presence of intermittent connectivity.

       

  • Request Aggregation: The Good, The Bad, and The Ugly

    Gaurav Panwar, Reza Tourani, Satyajayant Misra, and Abderrahmen Mtibaa (New Mexico State University)

    • Abstract:

      Request aggregation is a fundamental feature of named data networking (NDN). This feature aims to improve consumers’ quality of experience and reduce network traffic by reducing content retrieval latency and eliminating redundant communication, respectively. However, the negative aspects of request aggregation have not been studied. In this paper, we inspect different facets of request aggregation and introduce one of its harmful behavior, which can create an implicit Denial of Service (iDoS) vulnerability.

       

  • A Network Measurement Framework for Named Data Networks

    Davide Pesavento, Omar Ilias El Mimouni, Eric Newberry, Lotfi Benmohamed, and Abdella Battou (National Institute of Standards and Technology)

    • Abstract:

      In this poster, we propose a network measurement framework for NDN. We define the goals of network measurement and discuss how these goals can be achieved by identifying the necessary measurement operations that must be built on top of NDN’s primitives. Our main design goal is to empower NDN with a built-in measurement framework that can support multiple use cases and can be used by different applications that need to produce and/or consume network measurements. The framework uses NDN’s native Interest/Data exchange to request and collect both active and passive measurements. Being a work-in-progress, we also discuss open issues and future work.

       

List of Accepted Demos

  • Demo: VR Video Conferencing over Named Data Networks

    Liyang Zhang (Northeastern University, USA) and Syed Obaid Amin and Cedric Westphal (Huawei Research Center, Santa Clara, CA, USA)

    • Abstract:

      This demo shows an implementation of 360/virtual reality video conferencing system implemented over NDN, including producing content, formatting into NDN format, transmitting over NDN network, managing the flow of interest/content requests, and displaying in a web browser so as to show 360 degree rotation and zoom in/out features.

       

  • Demo: Panoramic Streaming using Named Tiles

    Kazuaki Ueda (KDDI Research, Inc.), Yuma Ishigaki (Osaka University), Atsushi Tagami (KDDI Research, Inc.), and Toru Hasegawa (Osaka University)

    • Abstract:

      This demonstration shows an efficient panoramic streaming application with ICN’s efficiency. The camera device splits its field-of-view into multiple named tiles, and clients request bare minimum tiles. This named tiles are cached on the intermediate routers and the video publisher can reduce the amount of traffic on its access network. Utilizing the ICN’s merits, this application is able to work under limited resources, like IoT environment.

       

  • Data Muling in ICN

    Niels van Adrichem, Bastiaan Wissingh, Daan Ravesteijn, and Lucia D'Acunto (TNO)

    • Abstract:

      The end-to-end connection paradigm of TCP/IP does not work well in situations characterized by intermittent (or no) global internet connectivity, as often is the case in offshore Wireless Sensor Networks (WSNs), military networks, rural/remote areas and maritime transport. Delay/Disruption Tolerant Networking (DTN) investigates to address these use cases, often built as an overlay on top of existing network infrastructure.

      ICN is a new internet architecture aiming to replace TCP/IP, whose data-oriented paradigm seems a very good match with the requirements of applications where connectivity is intermittent or absent. Hence, potentially eliminating additional DTN overlays.

      In this demo, we will showcase how ICN can be used for *data muling* between two disconnected “islands”. New data will be generated in real-time on each island, and participants will be given the possibility of muling interactively generated data between the islands via mobile phones and small single-board computers.

       

  • ICN personalized global-scale testbed using GTS

    Jacopo De Benedetto, Mayutan Arumaithurai, and Xiaoming Fu (University of Goettingen)

    • Abstract:

      The demonstration presented in this document aims to show how to use the GÉANT Testbed Service (GTS) to create personalized global-scale ICN testbeds. The demonstration will illustrate to the audience how to easily define network topologies and deploy ICN experiments based on both NDN and CICN implementations. Additionally, it will show how using GTS in combination with vICN, the orchestration and management service from the CICN project, most of the tasks necessary for an ICN deployments can be automatized, speeding up the configuration of ICN experiments. As use-case scenarios, other than sample applications from NDN and CICN, we will deploy an implementation of the SAID protocol developed from CICN code.

       

  • ICN-based Edge Service Deployment in Challenged Networks

    Christos-Alexandros Sarros (Athena Research and Innovation Center), Adisorn Lertsinsrubtavee and Carlos Molina-Jimenez (University of Cambridge), Konstantinos Prasopoulos, Sotiris Diamantopoulos, and Dimitris Vardalis (Democritus University of Thrace), and Arjuna Sathiaseelan (University of Cambridge)

    • Abstract:

      In this demo we present a NDN-based approach to deploy dockerised services closer to end-users when the network is impaired. We further increase resiliency, employing DTN to tunnel traffic between intermittently connected NDN nodes.

       

  • NDN-based IoT Robotics

    Loic Dauphin, Emmanuel Baccelli, and Cedric Adjih (Inria, Université Paris-Saclay) and Hauke Petersen (Freie Universität Berlin)

    • Abstract:

      In this paper, we demonstrate how NDN can be used as network primitive on low-cost robots with the Robot Operating System (ROS). [A demonstration video is available here](https://youtu.be/YvPssYSgLYY).

       

  • Information-Centric Networking for the Industrial IoT

    Cenk Gündogan, Peter Kietzmann, and Thomas C. Schmidt (HAW Hamburg), Martine Lenders, Hauke Petersen, and Matthias Wählisch (Freie Universität Berlin), and Michael Frey and Felix Shzu-Juraschek (MSA Safety)

    • Abstract:

      The wireless Internet of Things interconnects numerous constrained devices such as sensors and actuators not only with each other, but also with cloud services. We demonstrate a low power and lossy Information-Centric Network interworking with a cloud in an industrial application. Our approach includes a lightweight publish-subscribe system for NDN and an ICN-to-MQTT gateway which translates between NDN names and MQTT topics. This demo is based on RIOT and CCN-lite.

       

  • Simple and efficient ICN network virtualization with vICN

    Jordan Augé and Giovanna Carofiglio (Cisco), Marcel Enguehard (Cisco, Telecom ParisTech), Luca Muscariello (Cisco), and Mauro Sardara (Cisco, Telecom ParisTech)

    • Abstract:

      Information-Centric Networking (ICN) has been proposed as an alternative to IP for future networks such as 5G. To speed up its development and adoption, researchers and engineers require testing tools that are both simple and scalable. In particular, it is crucial to be able to quickly deploy ICN-enabled network topologies in a flexible and efficient manner.

      In this demonstration, we showcase vICN (virtualized ICN), a platform that enables easy deployment, orchestration and management of ICN networks. vICN uses standard virtualization technologies such as Linux Containers (LXC) and is fully integrated with the CICN suite to enable flexible testing of ICN technologies on general-purpose hardware. Furthermore, it can perform live monitoring and modification of the network. In particular, we use vICN to deploy a simple topology that consists of 9 nodes. We show that vICN bootstraps the topology in about 60s on commodity hardware. We then demonstrate how vICN interacts with the virtualized network and how it can be used for easy experimentation.

       

  • ICN enabling CoAP Extensions for IP based IoT devices

    Nikos Fotiou, George Xylomenos, and George C. Polyzos (Athens University of Economics and Business), Hasan Islam and Dmitrij Lagutin (Aalto University), and Teemu Hakala and Eero Hakala (Ell-i open source co-operative)

    • Abstract:

      The Constrained Application Protocol (CoAP) and its extensions, such as observe and group communication, offer the potential for developing novel IoT applications. However, a full-fledged CoAP-based application requires delay-tolerant communication and support for multicast: since these properties cannot be easily provided by existing IP networks, developers cannot take full advantage of CoAP, preferring to use HTTP instead. In this demo we show how proxying CoAP traffic over an ICN network can unleash the full potential of CoAP, simultaneously shifting overhead and complexity from the (constrained) endpoints to the network.

       

  • Demo: Named-Data Networking in Opportunistic Networks

    Seweryn Dynerowicz and Paulo Mendes (COPELABS/ULHT)

    • Abstract:

      This document describes the demo of our NDN-Opp framework which brings Named-Data Networking to Opportunistic Networks. Our implementation attempts to leverage all communication opportunities, supports intermittently connected device-to-device communication links and push models. We are also experimenting with acknowledgement mechanisms and connection-less transfer of packets.

       

  • Anonymous Authentication and Pseudonym-Renewal for VANET in NDN}

    Muktadir Chowdhury, Ashlesh Gawande, and Lan Wang (University of Memphis)

    • Abstract:

      Secure deployment of a vehicular network largely depends on the network’s trust establishment and privacy-preserving capability. In this paper, we propose a scheme for anonymous pseudonym-renewal and pseudonymous authentication for vehicular ad-hoc network over a data-centric Internet architecture called Named Data networking (NDN). We incorporated our design in a traffic information sharing demo application and deployed it on Raspberry Pi-based miniature cars for evaluation.

       

  • Integrating IP and NDN through an Extensible IP-NDN Gateway

    Tamer Refaei, Jamie Ma, Sarah Liu, and Sean Ha (MITRE Corporation)

    • Abstract:

      Named Data Networks (NDN) is an emerging data centric networking paradigm that provides an efficient and resilient communication model. To facilitate experimentation and integration of NDN, we introduce a general purpose/extensible IP-to-NDN gateway. The gateway enables applications modeled after the IP client-server model to operate seamlessly through an NDN cloud. These applications can then gain the benefits of NDN without having to be recoded or redesigned. We focus our demonstration on applications operating in challenged network environments (e.g. military tactical networks). We integrate Cursor-on-Target (CoT), a message router used for situational awareness, as well as XMPP Overlay (XOP), a decentralized chat application, into an NDN cloud. We show the ease of integration and the benefits these applications gain from NDN under severely disrupted network conditions.