Detecting and Mitigating Repaying Attack in Expressive Internet Architecture (XIA)

Authors

  • Beny Nugraha Department of Electrical Engineering, Mercu Buana University, Jakarta, Indonesia
  • Rahamatullah Khondoker Fraunhofer SIT, Rheinstr. 75, Darmstadt, Germany
  • Ronald Marx Fraunhofer SIT, Rheinstr. 75, Darmstadt, Germany
  • Kpatcha Bayarou Fraunhofer SIT, Rheinstr. 75, Darmstadt, Germany

DOI:

https://doi.org/10.13052/jicts2245-800X.225

Keywords:

Replaying Attack, Session Key, eXpressive Internet Architecture (XIA), Future Internet (FI), CCN

Abstract

Several Future Internet (FI) architectures have been proposed to address the problems of the Internet including flexibility (so called IP bottleneck), host-based addressing (addressing a host rather than the content itself), and security. In the beginning of this article, we survey the security solutions of seven FI architectures, namely XIA, RINA, NENA, SONATE, Mobility-First, NDN, and SONATE, based on literatures, prototypes, and demonstrations. It has been found that none of the architectures can fulfill all of the security goals: confidentiality, authentication, integrity and availability. Further in this article, we focus on eXpressive Internet Architecture (XIA) as it is the most secure and open-source Content-Centric Network (CCN). CCN is claimed by the Future Content Networks (FCN) Group to be the Future Internet. However, XIA does not have any mechanisms to mitigate the replaying attack, thus, this article proposes and implements a solution to mitigate it. Several existing solutions have been analyzed to derive the requirements for the proposed solution. By implementing the proposed protocol, XIA is now able to mitigate all of the reviewed network attacks. The evaluation shows that the proposed solution is more secure and less complex over the existing solutions.

Downloads

Download data is not yet available.

Author Biographies

Beny Nugraha, Department of Electrical Engineering, Mercu Buana University, Jakarta, Indonesia

Beny Nugraha received his dual masters degree – International Master Degree Program from Bandung Institute of Technology (Indonesia) and Hochschule Darsmtadt (Germany) in 2013. In order to finish his Master Degree in Germany, he received a scholarship from the Indonesian Directorate General of Higher Education. Currently, he is a lecturer at the department of Electrical Engineering in Mercu Buana University located in Jakarta, Indonesia. His research is mainly about network security, currently he is focusing on the security of Future Internet Architectures and cloud computing.

Rahamatullah Khondoker, Fraunhofer SIT, Rheinstr. 75, Darmstadt, Germany

Rahamatullah Khondoker Since 2010, he has been working towards his PhD degree on “Description and Selection of Communication Services for Service Oriented Network Architectures (SONATE)” at the University of Kaiserslautern in Germany. He was awarded from Ericsson, Germany in the year 2008 and from the FIA Research Roadmap group in October 2011. Currently, he is affiliated with the Fraunhofer SIT located in Darmstadt, Germany. He worked with the DFG project (PoSSuM), BMBF projects (G-Lab, G-Lab DEEP, Future-IN), and EU projects (PROMISE, EuroNF). Currently, he is focusing on the security of Future Internet Architectures, Software-Defined Networking (SDN), and Network Function Virtualization (NFV).

Ronald Marx, Fraunhofer SIT, Rheinstr. 75, Darmstadt, Germany

Ronald Marx is the deputy head of the “Mobile Networks” at the Fraunhofer Institute for Secure Information Technology (SIT). He received his diploma in computer science at the Technical University of Darmstadt (TUD). Since 2005, he was involved in numerous projects, as project staff and project manager. His work focuses on the security aspects in next generation networks (NGN), the mobility and identity management and voice over IP communications.

Kpatcha Bayarou, Fraunhofer SIT, Rheinstr. 75, Darmstadt, Germany

DR. KPATCHA BAYAROU received his Diploma in electrical engineering/ automation engineering in 1989, a Diploma in computer science in 1997, and his Doctoral degree in computer science in 2001, all from the University of Bremen in Germany. He joined the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT) in 2001. He is the head of the “Mobile Networks” department that focuses on Cyber Physical Systems and Future Internet including vehicular communication. Dr. Bayarou managed several EU and nationally funded projects and published several conference papers related to security engineering of mobile communication systems, mobile network technology, and NGN (Next Generation Networks).

References

Anja Feldmann, “Internet Clean-Slate Design: What and Why?,” in SIGCOMM Computer Communication Review. 2007, pp. 59–64. Volume 37, Number 3, ACM.

Ashok Anand, Fahad Dogar, Dongsu Han, Boyan Li, Hyeontaek Lim, Michel Machado, Wenfei Wu, Aditya Akella, David Andersen, John Byers, Srinivasan Seshan, and Peter Steenkiste, “XIA: An Architecture for an Evolvable and Trustworthy Internet,” in Proceedings of the tenth ACM Workshop on Hot Topics in Networks (HotNets-X). 2011, pp. 1–32. Article No. 2, ACM.

John Day, Ibrahim Matta, and Karim Mattar, “Networking is IPC: A Guiding Principle to a Better Internet,” in Proceedings of the 2008 ACM CoNEXT Conference. 2008, pp. 1–6. Article Number 67, ACM.

Bernd Reuther and Paul Müller, “Future Internet Architecture - A Service Oriented Approach,” in In IT - Information Technology, Volume 50, Number 6, 2008, pp. 1–7.

Denis Martin, Lars Völker, and Martina Zitterbart, “A flexible framework for Future Internet design, assessment, and operation,” Journal Computer Networks: The International Journal of Computer and Telecommunications Networking, pp. 910–918. Volume 55 Issue 4, March 2011.

Ivan Seskar, Kiran Nagaraja, Sam Nelson, and Dipankar Raychaudhuri, “MobilityFirst Future Internet Architecture Project,” in Proceeding of: AINTEC '11, Asian Internet Engineering Conference, 2011, pp. 1–3.

Robert Broberg, Matthew Caesar, Douglas Comer, Chase Cotton, Michael J. Freedman, Andreas Haeberlen, Zachary G. Ives, Arvind Krishnamurthy, William Lehr, Boon Thau Loo, David Mazires, Antonio Nicolosi, Jonathan M. Smith, Ion Stoica, Robbert van Renesse, Michael Walfish, Hakim Weatherspoon,and Christopher S. Yoo, “The NEBULA Future Internet Architecture,” Lecture Notes in Computer Science, pp. 1–24. Volume 7858, 2013.

Lixia Zhang, Deborah Estrin, Jeffrey Burke, Van Jacobson, James D. Thornton, Diana K. Smetters, Beichuan Zhang, Gene Tsudik, KC Claffy, Dmitri Krioukov, Dan Massey, Christos Papadopoulos, Tarek Abdelzaher, Lan Wang, Patrick Crowley, and Edmund Yeh, “Named Data Networking (NDN) Project,” pp. 1–26, 2010.

Rowan Klöti, “OpenFlow: A Security Analysis,” M.S. thesis, Swiss Federal Institute of Technology Zurich, 2013.

Jie Wang, Computer Network Security: Theory and Practice, Higher Education Press, 2009.

Ltd Hangzhou H3C Technologies Co., “Attack Prevention Technology White Paper,” 2008.

Emmett Dulaney, CompTIA Security+ Study Guide, Wiley, Indianapolis, 4th edition, 2009

Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher, Internet Denial of Service: Attack and Defence Mechanisms, Prentice Hall, 2005

Mark Ciampa, Security Plus Guide to Network Security Fundamentals, Cengage Learning, 3rd edition, 2009.

Ling Dong and Kefei Chen, Cryptographic Protocol: Security Analysis Based on Trusted Freshness, Springer, 2012.

Hamid Jahankhani, David Lilburn Watson, Gianluigi Me, and Frank Leonhardt, Handbook of Electronic Security and Digital Forensics, 2010

Hannes Gredler and Walter Goralski, The Complete IS-IS Routing Protocol, Springer, 2004.

Future Internet Assembly (FIA) Future Content Networks (FCN) Group, “Technical Report. Why do we need a Content Centric Future Internet?,” pp. 1–23, 2009.

M. Rahamatullah Khondoker, Abbas Siddiqui, Bernd Reuther, and Paul Müller, “Service Orientation Paradigm in Future Network Architectures,” in Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS-2012), 2012, pp. 346–351.

Paul Müller, Bernd Reuther, and Markus Hillenbrand, “Future Internet: A Service-Oriented Approach - SONATE,” in Würzburg Workshop on Visions of Future Generation Networks (EuroView2007), 2007, pp. 1–35.

Oliver Hanka and Hans Wippel, “Secure Deployment of Application-Tailored Protocols in Future Networks,” in Proceedings of the Second International Conference on the Network of the Future (NoF 2011), 2011, pp. 10–14.

Thomas Gamer and Hans Wippel, “A Collaborative Attack Detection and its Challenges in the Future Internet,” in Proceedings of the Joint ITG, ITC, and Euro-NF Workshop ”Visions of Future Generation Networks” (EuroView), 2010, pp. 1–2.

Hsu-Chun Hsiao, Tiffany Hyun-Jin Kim, Adrian Perrig, Akira Yamada, Samuel C. Nelson, Marco Gruteser, and Wei Meng, “LAP: Lightweight Anonymity and Privacy,” in Proceedings of the IEEE Symposium on Security and Privacy. 2012, pp. 506–520, IEEE Computer Society.

Hsu-Chun Hsiao, Tiffany Hyun-Jin Kim, Sangjae Yoo, Xin Zhang, Soo Bum Lee, Virgil Gligor, and Adrian Perrig, “STRIDE: Sanctuary Trail Refuge from Internet DDoS Entrapment,” in Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS). 2013, pp. 415–426, ACM.

Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson, and Virgil Gligor, “Accountable Key Infrastructure (AKI): A Proposal for a Public-Key Validation Infrastructure,” in Proceedings of the 22nd international conference on World Wide Web. 2013, pp. 679–690, International World Wide Web Conferences Steering Committee.

Eleni Trouva, Eduard Grasa, John Day, Ibrahim Matta, Lou Chitkushev, Patrick Phelan, and Miguel Ponce de Leon Steve Bunch, “Is the Internet an unfinished demo? Meet RINA!,” in TERENA Networking Conference, 2011, pp. 1–12.

Gowtham Boddapati, John Day, Ibrahim Matta, and Lou Chitkushev, “Assessing the Security of a Clean-Slate Internet Architecture,” in Proceedings of the Seventh Workshop on Secure Network Protocols (NPSec). 2012, pp. 1–6, 20th IEEE International Conference Network Protocols (ICNP).

Jeremiah Small, “Patterns in Network Security: an Analysis of Recursive Inter-Network Architecture Security Module Efficiency,” M.S. thesis, Boston University, 2012.

Feixiong Zhang, Kiran Nagaraja, Yanyong Zhang, and Dipankar Raychaudhuri, “Content Delivery in the MobilityFirst Future Internet Architecture,” in Sarnoff Symposium (SARNOFF), 35th IEEE, 2012, pp. 1–5.

MobilityFirst Project Team, “MobilityFirst: A Robust and Trustworthy Mobility-Centric Architecture for the Future Internet,” Tech. Rep., 2010.

Paolo Gasti, Gene Tsudik, Ersin Uzun, and Lixia Zhang, “DoS and DDoS in Named-Data Networking,” 2012, pp. 1–10. Volume abs/1208.0952.

Jad Naous, Michael Walfish, Antonio Nicolosi, David Mazieres, Michael Miller, and Arun Seehra, “Verifying and Enforcing Network Paths With ICING,” in Proceedings of the Seventh Conference on emerging Networking EXperiments and Technologies. 2011, pp. 1–12. Article No. 30, ACM.

XIA Project Team, “XIA Prototype,” https://github.com/XIA-Project/ xia-core/wiki, 2013, [Online; Accessed on 01-August-2013].

Whitfield Diffie and Martin E. Hellman, “New Directions in Cryptography,” Journal IEEE Transactions on Information Theory, pp. 644–654. Volume 22 Issue 6, 1976.

Leslie Lamport, “Password Authentication With Insecure Communication,” Magazine Communications of the ACM, pp. 770–772. Volume 24 Issue 11, 1981.

Neil Haller, “The S/KEY One-Time Password System,” in Proceedings of the Internet Society Symposium on Network and Distributed Systems, 1994, pp. 151–157.

Stephen Keung and Kai-Yeung Siu, “Efficient Protocols Secure Against Guessing and Replay Attacks,” in Proceedings, Fourth International Conference on Computer Communications and Networks, 1995, pp. 105–112.

Tuomas Aura, “Strategies against Replay Attacks,” in Proceedings of the 10th IEEE workshop on Computer Security Foundations CSFW'97, 1997, pp. 59–68.

Cdric Adjih, Daniele Raffo, and Paul Mhlethaler, “Attacks Against OLSR: Distributed Key Management for Security,” 2nd OLSR Interop/Wksp., pp. 1–7, 2005.

Jia-Ning Luo, Shiuhpyng Shieh, and Ji-Chiang Shen, “Secure Authentication Protocols Resistant to Guessing Attacks,” Journal of Information Science and Engineering, pp. 1125–1143. Volume 22 No. 5, 2006.

Eun-Jun Yoon and Il-Soo Jeon, “An efficient and secure Diffie Hellman key agreement protocol based on Chebyshev chaotic map,” Communications in Nonlinear Science and Numerical Simulation, pp. 23832389. Volume 16, Issue 6, 2010.

Huei-Ru Tseng and Emery Jou, “An Efficient Anonymous Key Agreement Protocol Based on Chaotic Maps,” in IEEE 13th International Conference on High Performance Computing and Communications (HPCC), 2011, pp. 752–757.

Tsuji Takasuke, “A One-Time Password Authentication Method,” M.S. thesis, Graduate School of Engineering, Kochi University of Technology, 2002.

Sung-Ming Yen and Kuo-Hong Liao, “Shared authentication token secure against replay and weak key attacks,” in Information Processing Letters. 1997, pp. 77–80. Volume 62 Issue 2, Elsevier North-Holland, Inc.

Elaine Barker, William Barker, William Burr, William Polk, and Miles Smid, “Recommendation for Key Management Part 1: General (Revision 3),” pp. 1–147, 2012.

Beny Nugraha, Rahamatullah Khondoker, Ronald Marx, and Kpatcha Bayarou, “A Mutual Key Agreement Protocol To Mitigate Replaying Attack In eXpressive Internet Architecture (XIA)”, in ITU Caleidoscope Academic Conference, pp. 233–240. 2014.

“ITU-T SG13: Future networks including cloud computing, mobile and next-generation networks,” http://www.itu.int/en/ITU-T/studygroups/ 2013-2016/13/Pages/default.aspx, Online; accessed 06-Dec-2013.

“ITU-T FG FN: Focus Group on Future Networks (FG FN),” http://www. itu.int/en/ITUT/focusgroups/fn/Pages/Default.aspx, Online; accessed 06-Dec-2013.

Downloads

Published

2014-12-11

How to Cite

Nugraha, B. ., Khondoker, R. ., Marx, R. ., & Bayarou, K. . (2014). Detecting and Mitigating Repaying Attack in Expressive Internet Architecture (XIA). Journal of ICT Standardization, 2(2), 151–186. https://doi.org/10.13052/jicts2245-800X.225

Issue

Section

Articles

Most read articles by the same author(s)