1. Field
This disclosure is generally related to content-centric networks (CCNs). More specifically, this disclosure is related to a method and a system that can be used to mitigate Distributed Denial of Service (DDoS) attacks in content-centric networks.
2. Related Art
The proliferation of the Internet and e-commerce continues to fuel revolutionary changes in the network industry. Today, a significant number of information exchanges, from online movie viewing to daily news delivery, retail sales, and instant messaging, are conducted online. An increasing number of Internet applications are also becoming mobile. However, the current Internet operates on a largely location-based addressing scheme. That is, a consumer of data can only receive the data by explicitly requesting the data from an address (e.g., IP address) closely associated with a physical object or location. This restrictive addressing scheme is becoming progressively more inadequate for meeting the ever-changing network demands.
The current architecture of the Internet revolves around a conversation model, which was created in the 1970s for the ARPAnet to allow geographically distributed users to use a few big, immobile computers. This architecture was designed under the influence of the telephone network, where a telephone number is essentially a program that configures the switches along a path from the source to the destination. Not surprisingly, the designers of the ARPAnet never expected it to evolve into today'subiquitous, relentlessly growing Internet. People now expect a lot more from the Internet than the ARPAnet was designed to provide. Ideally, an Internet user should have access to any content, anywhere, at any time—a task that is difficult to perform with the current location/device-binding TCP/IP (transmission control protocol/Internet protocol) networks.
Content-centric networks (CCNs), also referred to as “content-based networks,” bring a new approach to data transport in a network. Instead of naming and addressing end-hosts in the network as in traditional networks today, CCN emphasizes naming and addressing content directly. Examples of content include a picture, an audio file, a movie, a document, status update in a social network such as Facebook® (registered trademark of Facebook, Inc. of Menlo Park, Calif.) etc. In CCN, content is requested by name directly by the consumer. The network is responsible for routing the consumer's request to the appropriate content producer or provider and for transferring the content or data object from the content producer or provider to the consumer. In contrast to today's Internet, a key goal of the CCN is “security by design.” In fact, it guarantees the integrity and provenance of every Data packet with digital signatures and protects user privacy with no source addresses carried in packets. However, current efforts in CCN architecture designs have not considered Distributed Denial of Service (DDoS) attacks, which pose a significant threat to the existing Internet infrastructure. The CCN architecture is also not immune from DDoS attacks and strategies to mitigate such attacks are not well studied yet.