Secure Fragmentation for Content-Centric Networks (extended version)

TL;DR

This paper demonstrates that secure, efficient content fragmentation in Named-Data Networking (NDN) is feasible, providing a new method that enhances performance and security in content-centric networks.

Contribution

The paper introduces a novel technique for secure content fragmentation in NDN, overcoming previous limitations related to content authentication and reassembly delays.

Findings

Secure fragmentation is feasible and advantageous in NDN.

The proposed method improves performance over hop-by-hop reassembly.

Prototype implementation shows practical benefits of the approach.

Abstract

Content-Centric Networking (CCN) is a communication paradigm that emphasizes content distribution. Named-Data Networking (NDN) is an instantiation of CCN, a candidate Future Internet Architecture. NDN supports human-readable content naming and router-based content caching which lends itself to efficient, secure, and scalable content distribution. Because of NDN's fundamental requirement that each content object must be signed by its producer, fragmentation has been considered incompatible with NDN since it precludes authentication of individual content fragments by routers. The alternative is to perform hop-by-hop reassembly, which incurs prohibitive delays. In this paper, we show that secure and efficient content fragmentation is both possible and even advantageous in NDN and similar content-centric network architectures that involve signed content. We design a concrete technique that facilitates efficient and secure content fragmentation in NDN, discuss its security guarantees and assess performance. We also describe a prototype implementation and compare performance of cut-through with hop-by-hop fragmentation and reassembly.