Project

General

Profile

Actions

Feature #3161

open

CS: partition by forwarding hint

Added by Junxiao Shi about 9 years ago. Updated over 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Tables
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
9.00 h

Description

Logically partition the ContentStore by the forwarding hint used to retrieve Data packets.

Necessity
Forwarding following forwarding hints leads to concerns about cache poisoning.

For example, Mallory may express an Interest ndn:/alice/index.html with forwarding hint [{10,ndn:/mallory}], and setup a producer at ndn:/mallory network to return fake Data for ndn:/alice/index.html.
NFD does not validate signatures on this Data because it lacks the trust model to do so, and will admit this Data into the ContentStore. After that, Interests for ndn:/alice/index.html will match the cached Data, even if it has no forwarding hint, or the forwarding hint points to a different routable prefix.

Solution
The ContentStore should be logically partitioned according to the forwarding hint.
A cached Data is stored along with the forwarding hint used to retrieve it; this applies to consumer region and Internet, but not within producer region where forwarding hint has been stripped. An incoming Interest with a forwarding hint can be satisfied by a cached Data if the cached Data has no associated forwarding hint or has the same forwarding hint.
This solution reduces cache poisoning to be no worse than a network without forwarding hints, because each forwarding hint has its own logical ContentStore, so that Mallory's fake Data cannot affect Interests without Mallory's forwarding hint. The cost of this solution is that the same Data may be stored multiple times with different forwarding hints, but this can happen only during an attack with Mallory's forwarding hint, or when the producer has published multiple Link objects used to derive forwarding hints.

This issue includes:

  • CS index: logically partition the index by forwarding hint
  • CS insert: accept "forwarding hint used for Data retrieval" as a parameter
  • CS lookup: if Interest has forwarding hint, match a Data only if it has no associated forwarding hint or has the same forwarding hint;
    special case: if Interest name ends with an implicit digest, it can match any Data that satisfies the implicit digest

NFD Developer Guide should be updated as part of this issue.

Changes in forwarding are necessary to pass a forwarding hint to CS insert procedure, but they are not part of this issue.


Related issues 2 (2 open0 closed)

Related to NFD - Feature #3000: Design mobility with forwarding hintFeedback

Actions
Blocks NFD - Feature #3163: Insert to CS with forwarding hintNew

Actions
Actions

Also available in: Atom PDF