Namespace Tunnels in Content-Centric...
Transcript of Namespace Tunnels in Content-Centric...
![Page 1: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/1.jpg)
Namespace Tunnels in Content-Centric Networks
Ivan O. Nunes, Gene Tsudik and Christopher WoodUniversity of California, Irvine
{ivanoliv, gene.tsudik, woodc1}@uci.edu
IEEE LCN 2017 1
![Page 2: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/2.jpg)
Agenda
IEEE LCN 2017 2
• CCN Overview• VPNs• CCVPN: VPNs for CCNs
– Design– Security– Implementation & Evaluation
• Final Remarks
![Page 3: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/3.jpg)
CCN Overview
IEEE LCN 2017 3
![Page 4: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/4.jpg)
Content-Centric Networking:
IEEE LCN 2017 4
• Named data, instead of host addresses
• Decouples Content from its location
• Optional in-network caching: potentially
better networks utilization, lower latency...
![Page 5: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/5.jpg)
Content-Centric Networking:
IEEE LCN 2017 5
• Network entities:– Producers: generate and publish contents
under unique names (owns a prefix)– Consumers: issue “interests” for contents
containing such contents names– Routers: forward interests and contents
• May cache content
![Page 6: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/6.jpg)
Content-Centric Networking:
IEEE LCN 2017 6
![Page 7: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/7.jpg)
Content-Centric Networking:
IEEE LCN 2017 7
![Page 8: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/8.jpg)
Content-Centric Networking:
IEEE LCN 2017 8
![Page 9: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/9.jpg)
Content-Centric Networking:
IEEE LCN 2017 9
![Page 10: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/10.jpg)
Content-Centric Networking:
IEEE LCN 2017 10
![Page 11: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/11.jpg)
Content-Centric Networking:
IEEE LCN 2017 11
![Page 12: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/12.jpg)
Content-Centric Networking:
IEEE LCN 2017 12
![Page 13: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/13.jpg)
Content-Centric Networking:Overview
IEEE LCN 2017 13
Routing:– Pending Interest Table (PIT):
• Table of pending interests and corresponding incoming interfaces
• Used to route the content back to the requesting consumer
– Forwarding Interest Base (FIB):• Table of name prefixes and corresponding
outgoing interfaces• Used to route interests towards content producers
(Longest Prefix Match of names)
![Page 14: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/14.jpg)
Virtual Private Networks (VPNs)
IEEE LCN 2017 14
![Page 15: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/15.jpg)
IEEE LCN 2017 15
![Page 16: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/16.jpg)
IEEE LCN 2017 16
![Page 17: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/17.jpg)
IEEE LCN 2017 17
“Trusted” Private Network
UntrustedWorld
![Page 18: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/18.jpg)
Virtual Private Network
IEEE LCN 2017 18
• Support secure communication across the Internet
• Allows end-points to send/receive data as if they were connected within the same physical private network.
![Page 19: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/19.jpg)
CCVPN
IEEE LCN 2017 19
![Page 20: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/20.jpg)
IEEE LCN 2017 20
Big Picture
![Page 21: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/21.jpg)
Design
IEEE LCN 2017 21
• Parties:– Consumer Side GW (Gc):
• Encapsulates outgoing consumer-issued interests• Decapsulates incoming content
– Producer Side GW (Gp):• Decapsulates incoming encapsulated interests• Encapsulates outgoing content replies.
![Page 22: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/22.jpg)
The Big Picture
IEEE LCN 2017 22
Encrypted Interests and Contents
![Page 23: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/23.jpg)
Design: Gc Interest Encapsulation
IEEE LCN 2017 23
Assumed to i) know Gp’s public-key or ii) share a symm. key with Gp
![Page 24: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/24.jpg)
Design: Gc Interest Encapsulation
IEEE LCN 2017 24
Assumed to i) know Gp’s public-key or ii) share a symm. key with Gp
1. Generates a fresh Symm. Key K (used later on) and encrypts both the Consumer-issued Interest (Ip) and K with Gp’s key
![Page 25: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/25.jpg)
Design: Gc Interest Encapsulation
IEEE LCN 2017 25
Assumed to i) know Gp’s public-key or ii) share a symm. key with Gp
1. Generates a fresh Symm. Key K (used later on) and encrypts both the Consumer-issued Interest (Ip) and K with Gp’s key
2. Issues a new Interest (Ie) with Gp’s namespace as prefix and encrypted Enc(Ip||K) as payload
![Page 26: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/26.jpg)
Design: Gc Interest Encapsulation
IEEE LCN 2017 26
Assumed to i) know Gp’s public-key or ii) share a symm. key with Gp
1. Generates a fresh Symm. Key K (used later on) and encrypts both the Consumer-issued Interest (Ip) and K with Gp’s key
2. Issues a new Interest (Ie) with Gp’s namespace as prefix and encrypted Enc(Ip||K) as payload
3. Store K in its PIT entry for Ie
![Page 27: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/27.jpg)
Design: Gp Interest Decapsulation
IEEE LCN 2017 27
Upon receiving the encapsulated interest Ie, Gp then:
![Page 28: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/28.jpg)
Design: Gp Interest Decapsulation
IEEE LCN 2017 28
Upon receiving the encapsulated interest Ie, Gp then:
1. Decrypts (using the shared key or it’s secret key) Ie payload retrieving Ip and K
![Page 29: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/29.jpg)
Design: Gp Interest Decapsulation
IEEE LCN 2017 29
Upon receiving the encapsulated interest Ie, Gp then:
1. Decrypts (using the shared key or it’s secret key) Ie payload retrieving Ip and K
2. Store K in its PIT entry for Ip
![Page 30: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/30.jpg)
Design: Gp Interest Decapsulation
IEEE LCN 2017 30
Upon receiving the encapsulated interest Ie, Gp then:
1. Decrypts (using the shared key or it’s secret key) Ie payload retrieving Ip and K
2. Store K in its PIT entry for Ip3. Forwards Ip towards the
Producer
![Page 31: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/31.jpg)
Design: Gp Interest Decapsulation
IEEE LCN 2017 31
Upon receiving the encapsulated interest Ie, Gp then:
1. Decrypts (using the shared key or it’s secret key) Ie payload retrieving Ip and K
2. Store K in its PIT entry for Ip3. Forwards Ip towards the
Producer
Notice that now both gateways store the fresh key K in their PITs.
![Page 32: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/32.jpg)
Design: Content Encapsulation and Decapsulation
IEEE LCN 2017 32
• Interest forwarding (w/ encapsulation and decapsulation algorithms) causes Gc and Gp share the symmetric key K
![Page 33: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/33.jpg)
Design: Content Encapsulation and Decapsulation
IEEE LCN 2017 33
• Interest forwarding (w/ encapsulation and decapsulation algorithms) causes Gc and Gp share the symmetric key K
• K is associated to the corresponding Interest names in the Gc and Gp PITs
![Page 34: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/34.jpg)
Design: Content Encapsulation and Decapsulation
IEEE LCN 2017 34
• Interest forwarding (w/ encapsulation and decapsulation algorithms) causes Gc and Gp share the symmetric key K
• K is associated to the corresponding Interest names in the Gc and Gp PITs
• Upon the arrival of the corresponding Content the gateways fetch K in their PITs and use it to Encrypt/Decrypt, respectively
![Page 35: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/35.jpg)
The Big Picture
IEEE LCN 2017 35
Encrypted Interests and Contents
![Page 36: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/36.jpg)
CCVPN: Security
IEEE LCN 2017 36
• As long as Encryption schemes are secure and network messages are padded, one can not distinguish between different encapsulated contents/interests.
![Page 37: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/37.jpg)
CCVPN: Security
IEEE LCN 2017 37
• As long as Encryption schemes are secure and network messages are padded, one can not distinguish between different encapsulated contents/interests.
• Authenticated (Non-Deterministic) Encryption is used to ensure confidentiality and integrity (CCA-Security).
![Page 38: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/38.jpg)
CCVPN: Security
IEEE LCN 2017 38
• As long as Encryption schemes are secure and network messages are padded, one can not distinguish between different encapsulated contents/interests.
• Authenticated (Non-Deterministic) Encryption is used to ensure confidentiality and integrity (CCA-Security).
• The actual Interests and contents are only visible inside the VPN
![Page 39: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/39.jpg)
CCVPN: Implementation & Evaluation
IEEE LCN 2017 39
![Page 40: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/40.jpg)
CCVPN: Implementation & Evaluation
IEEE LCN 2017 40
• Network service running on the gateways
![Page 41: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/41.jpg)
CCVPN: Implementation & Evaluation
IEEE LCN 2017 41
• Network service running on the gateways• CCNx software stack (C)• Libsodium Crypto Library (C)
![Page 42: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/42.jpg)
CCVPN: Implementation & Evaluation
IEEE LCN 2017 42
• Network service running on the gateways• CCNx software stack (C)• Libsodium Crypto Library (C)• Intel Core i7-3770 octacore CPU @3.40GHz, with 16GB
of RAM, running Linux (Ubuntu 14.04LTS).• Gateways as high priority processes running in a single
core
![Page 43: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/43.jpg)
CCVPN: Implementation & Evaluation
IEEE LCN 2017 43
• Network service running on the gateways• CCNx software stack (C)• Libsodium Crypto Library (C)• Intel Core i7-3770 octacore CPU @3.40GHz, with 16GB
of RAM, running Linux (Ubuntu 14.04LTS).• Gateways as high priority processes running in a single
core• Content payload sizes set to 10 kilobytes.• Interests always different => worst case performance
![Page 44: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/44.jpg)
CCVPN: Evaluation
IEEE LCN 2017 44
Testbed Network:
![Page 45: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/45.jpg)
CCVPN: Evaluation
IEEE LCN 2017 45
• Metrics:– Throughput (Mbps)– Avg. RTT (seconds)
![Page 46: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/46.jpg)
CCVPN: Evaluation
IEEE LCN 2017 46
• Metrics:– Throughput (Mbps)– Avg. RTT (seconds)
• Experiments:– 1 consumer vs. 1 producer (w/ increasing
Interest issuance rate)– Multiple consumers vs. 1 producer– Multiple consumers and producers
![Page 47: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/47.jpg)
CCVPN: Evaluation
IEEE LCN 2017 47
• Metrics:– Throughput (Mbps)– Avg. RTT (seconds)
• Experiments:– 1 consumer vs. 1 producer (w/ increasing
Interest issuance rate)– Multiple consumers vs. 1 producer– Multiple consumers and producers
• 2 Versions: PKE and Symm Key
![Page 48: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/48.jpg)
CCVPN: Evaluation
IEEE LCN 2017 48
1 consumer x 1 producer:
![Page 49: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/49.jpg)
CCVPN: Evaluation
IEEE LCN 2017 49
N consumers vs. 1 producer:
![Page 50: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/50.jpg)
CCVPN: Evaluation
IEEE LCN 2017 50
N consumers vs. N producers:
![Page 51: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/51.jpg)
Discussion
• Modest processing and storage (20 MB for 100k entries) overhead in the gateways
IEEE LCN 2017 51
![Page 52: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/52.jpg)
Discussion
• Modest processing and storage (20 MB for 100k entries) overhead in the gateways
• Better performance possible with:– Implementation optimization (CCNx)– Distributed load and parallel processing
• Multiple gateways (and multiple cores) in a single domain
– Caching
IEEE LCN 2017 52
![Page 53: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/53.jpg)
Conclusion
• CCVPN enables VPN funtionality in ICNs• Unlike Point-to-Point tunnels, multiple Consumers share the same namespace tunnel between physically separated private networks.– Enables Content-Caching inside the VPNs
IEEE LCN 2017 53
![Page 54: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/54.jpg)
Future Work
• CCNxKE to bootstrap shared keys between gateways
• Gateway-to-Gateway Authentication• DoS countermeasures• Performance analysis with real-world
applications (e.g., file sharing, video streaming)
IEEE LCN 2017 54
![Page 55: Namespace Tunnels in Content-Centric Networkssprout.ics.uci.edu/people/ivan/pubs/slides/LCN2017.pdf · Namespace Tunnels in Content-Centric Networks Ivan O. Nunes, Gene Tsudik and](https://reader034.fdocuments.in/reader034/viewer/2022051916/60077574ad3f0b718e475aeb/html5/thumbnails/55.jpg)
55IEEE LCN 2017
Questions?