Improved Merkle Hash Tree-Based One-Time Signature Scheme for Capability-Enhanced Security Enforcing Architecture for Na

  • PDF / 1,066,297 Bytes
  • 18 Pages / 439.37 x 666.142 pts Page_size
  • 88 Downloads / 177 Views

DOWNLOAD

REPORT


Improved Merkle Hash Tree‑Based One‑Time Signature Scheme for Capability‑Enhanced Security Enforcing Architecture for Named Data Networking Varghese Jensy Babu1 · M. Victor Jose2

© Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract The concept of network caching is determined to be the potential requirement of named data networks (NDN) for enhancing the capabilities of the traditional IP networking. It is responsible for location independent data accesses and optimal bandwidth utilization in multi-path data dissemination. However, the network caching process in NDN introduces security challenges such as content cache poisoning, malicious injection or flooding of the packets and violation in accessing content packets. In this paper, an Improved Merkle Hash Tree-based one-time signature scheme for capability-enhanced security enforcing architecture (IMHT-OTSS-CSEA) is proposed for provisioning data authenticity in a distributed manner for leveraging the capabilities to inform the access privileges of the packets during the process of data dissemination. It is proposed for permitting the routers to verify the forwarded packets’ authenticity in NDN. It is capable in handling the issues that emerge from unsolicited packets during a flooding-based denial of service attacks by supporting the indispensable verification process in routers that confirms the timeliness of packets. The simulation experiments conducted using the open source CCNs platform and Planetlab confirmed a significant mean reduction in delay of 14.61%, superior to the benchmarked schemes. It is identified to minimize the delay incurred in generating bit vectors by a average margin of 13.06%, excellent to the baseline approaches. It also confirmed a mean increase in the true positive rate of 5.42%, a mean increase in the precision rate of 6.04%, decrease in false positive rate of 6.82% and increase in F-measure of 5.62% compared to the baseline approaches in the context of detecting content cache pollution attack respectively. Keywords  Named data networks (NDN) · Networking caching · Improved Merkle Hash Tree · One-time signature · Capability-enhanced security enforcing architecture (CSEA) * Varghese Jensy Babu [email protected] M. Victor Jose [email protected] 1

Department of Computer Science and Engineering, Royal College of Engineering, Akkikkavu, Thrissur, Kerala 680519, India

2

Computer Science and Engineering, Department of Computer Applications, Noorul Islam Centre For Higher Education, Kumaracoil, Thuckalay, Kanyakumari District, Tamil Nadu 629 180, India



13

Vol.:(0123456789)



V. J. Babu, M. V. Jose

1 Introduction In general, named data networking (NDN) refers to the content-oriented network architecture that forwards and delivers packets based on location independent content names rather than IP addresses in traditional networks [1]. NDN is responsible for interconnecting users and content providers based on the utilization of the collection of content routers [2]. It incorporates network caching for