The origin of today’s Internet can be traced back to the 1960s. From that time on the Internet has evolved to a global infrastructure for communication. It continuously distributes large amounts of information across the globe and it has become an essential part of our way of living. However, our demands on the Internet are continually growing and the things we actually want to achieve with it are changing. The initial concept of the Internet was simple and tailored to the problem of resource sharing. Of course, the use of the Internet has changed during the last 40 years, but its core architecture still is the same. Changing requirements lead to limitations and therefore the current Internet is facing a lot of them. They often can be circumvented, but the solutions are neither efficient nor cost-effective. In this thesis we discuss a new concept for a Future Internet architecture. It is called Content-Centric Networking (CCN) and is an approach to change the Internet’s communication model. Its objective is to get rid of today’s host-centric view and change it to a content-centric one. The reason for that is that people usually know what information they want to access, but do not care at which location they find it. A content-centric network could improve the Internet’s efficiency, mobility, scalability and security. Particularly, the latter will be surveyed in detail. This thesis shows how the notion of security in CCN has changed from a connection-based to a content-based one. The advantage that CCN couples security with content tightly will be emphasized. We will illustrate how packets are forged into self-authenticating units enabling users to consume cached data from arbitrary sources without having security concerns. Furthermore, today’s state-of-the-art security technologies are compared to the newly proposed ideas, which are also presented in detail. We discuss the current Internet’s abilities to withstand Denial-of-Service attacks in contrast to the capabilities of a content-centric network. Results look promising, however, new attack forms are emerging and we have analysed their threats. CCN’s ability to cache data inherently in the network is favourable, but also offers new points of vantage. We show how an adversary could make caches ineffective or even exploit them to violate user privacy or throttle data distribution. Of course, countermeasures against these attacks will be provided. This work also looks out for new ideas from which the concept of CCN could benefit. One of those is Broadcast Encryption (BE). We show how to build applications combining BE with the idea of CCN in a beneficial manner. Therefore, we have designed, developed and evaluated a prototype that provides video streaming with simple Digital Rights Management features over CCN. The evaluations indicate that these technologies fit together well. It is essential to search for a variety of technologies that could amplify the benefits of CCN ...

1. SECURITY ASPECTS OF CONTENT-
CENTRIC NETWORKING
Posch et al. 1Security Aspects of CCN
Daniel Posch1, Hermann Hellwagner1 and Peter Schartner2
Alpen-Adria University Klagenfurt (AAU) ♦ Faculty of Technical Sciences (TEWI)
1Institute of Information Technology (ITEC) ♦ Multimedia Communication (MMC)
2Institute of Applied Informatics ♦ System Security Group
e-mail: Firstname.Lastname@aau.at
For content-centric networking,
a guy on a bicycle with a phone
in his pocket is a networking
element. He's doing a great job
of moving bits. --- Van Jacobson

2. WIESO CONTENT-CENTRIC NETWORKING?
 Ursprung des Internets liegt in den 1960-1970 Jahren
 Ressourcenteilung
 Host-basierte Kommunikation (IP)
 Anforderungen haben sich geändert Limitierungen:
 Verfügbarkeit: hohe Bandbreite, CDNs, P2P-Overlays
 Effizienz: kein Caching, Kommunikation zwischen 2 Hosts
 Mobilität: TCP/IP ist statisch, Identität  Standort
 Skalierbarkeit: IPv4 Adressraum, Routing-Tabellen
 Sicherheit: abhängig von Verbindungsinformationen und
Hilfsmaßnahmen z.B. SSL/TLS, VPNs, etc..
Posch et al. Security Aspects of CCN 2
The Internet only just works. -- Handley M.

3. CCN – KOMMUNIKATIONSMODEL
Posch et al. Security Aspects of CCN 3
[1] Ahlgren B., et al.
A
B
C
get object B
A
C
BB
D
C
D
B
untrusted
connection
trustable
copy of B
untrusted host
D
Ahlgren, B. et al. "A Survey of Information-centric Networking."

4. ZIELE DIESER MASTERARBEIT
 Analyse des Sicherheitskonzeptes von CCN
 Sicherheitsanforderungen
 Inhaltsbasierte Sicherheit
 Architektur-/Netzwerkbasierte Sicherheit
 Caching versus Privatsphäre
 Vielversprechende Technologien
 Identity-based Cryptography
 Broadcast Encryption
 Evaluierung: Broadcast Encryption in CCN
 Multimedia Streaming Szenario
 Implementierung eines Prototypen
Posch et al. Security Aspects of CCN 4
Literatur-
Recherche
Entwicklung
von Ideen
Praktische
Umsetzung

5. INHALTSBASIERTE SICHERHEIT
Posch et al. Security Aspects of CCN 5
Content Name
Data Area
Content Object
Signature
DigestAlgorithm,Witness,
SignatureBits
Signed Info
PublisherPublicKeyDigest,
KeyLocator, TimeStamp,
FreshnessSeconds, Type ...
Trust
Reliability
Availability
Authenticity
Integrity
Privacy
Confidentiality
Anonymity
Sicherheit := Safety + Security

6. BROADCAST ENCRYPTION UND
MULTIMEDIA STREAMING IN CCN
Posch et al. Security Aspects of CCN 6
Datentransport
Sender
{Geheimnis_1}
{Geheimnis_2}
{Geheimnis_3}
{ }
{Geheimnis_n}
...
MSB
Widerrufen:
{Geheimnis_2}

7. EVALUIERUNG
Posch et al. Security Aspects of CCN 7
DRM Server
DRM Client 1
6 Mbit/s
RTT 30 ms
DRM Client 2
CCN Router
(Cache)
LAN
Startet 15s
verzögert

8. RESULTATE
Posch et al. Security Aspects of CCN 8

9. DANKE
 Univ. Prof. Hermann Hellwagner
 Assoc. Prof. Peter Schartner
 Alpen-Adria Universität Klagenfurt
 Fakultät für Technische Wissenschaften (TeWi)
 Förderverein Technische Fakultät
 Kirandeep Kaur
 Familie und Freunden
Posch et al. Security Aspects of CCN 9