Feature #3161
Updated by Junxiao Shi over 6 years ago
Logically partition the ContentStore by the forwarding hint Link object used to retrieve Data packets. **Necessity** Forwarding following forwarding hints with Link leads to concerns about cache poisoning. For example, Mallory Eve may express an Interest ndn:/alice/index.html ndn:/victim/index.html with forwarding hint [{10,ndn:/mallory}], Link [{10,ndn:/eve2}], and setup a producer at ndn:/mallory ndn:/eve2 network to return fake Data for ndn:/alice/index.html. ndn:/victim/index.html. NFD does not validate signatures on this Data because it lacks the trust model to do so, and will admit this Data into the ContentStore. After that, Interests for ndn:/alice/index.html ndn:/victim/index.html will match the cached Data, even if it has no forwarding hint, Link object, or the forwarding hint Link object points to a different routable prefix. **Solution** The ContentStore should be logically partitioned according to the forwarding hint. Link object. A cached Data is stored along with the forwarding hint Link object used to retrieve it; this applies to consumer region and Internet, but not within producer region where forwarding hint has been stripped. Link delegations are ignored. An incoming Interest with a forwarding hint Link object can be satisfied by a cached Data if the cached Data has no associated forwarding hint Link object or has the same forwarding hint. Link object. This solution reduces cache poisoning to be no worse than a network without forwarding hints, Link objects, because each forwarding hint Link object has its own logical ContentStore, so that Mallory's Eve's fake Data cannot affect Interests without Mallory's forwarding hint. Eve's Link object. The cost of this solution is that the same Data may be stored multiple times with different forwarding hints, Link objects, but this can happen only during an attack with Mallory's forwarding hint, Eve's Link object, or when the producer has published multiple Link objects used to derive forwarding hints. objects. This issue includes: * CS index: logically partition the index by forwarding hint Link object * CS insert: accept "forwarding hint "Link object used for Data retrieval" as a parameter * CS lookup: if Interest has forwarding hint, Link object, match a Data only if it has no associated forwarding hint Link object or has the same forwarding hint; Link object; special case: if Interest name Name ends with an implicit digest, it can match any Data that satisfies the implicit digest NFD Developer Guide should be updated as part of this issue. Changes in forwarding are necessary to pass a forwarding hint Link object to CS insert procedure, but they are not part of this issue.