The meeting #13 took place in LORIA, Nancy. We have one long paper and one short paper accepted for NOMS 2018, and one submitted to IEEE Comm. Mag journal on ICN security, all collaborate works.
Next publication targets include ICIN 2018, Netsoft.
UTT and Loria will present the project's results at the next IETF meeting (ICNRG and NFVRG) in London (17-23 March).
Regarding Task 3, partners brought presentations of an orchestrator's demo, the firewall NDN's first performance evaluation and synthetic results based on an implementation of the Bayesian network for attack detection.
On Task 4, besides exchanging for deliverable D4.2 and D4.3, the consortium also discussed the launch of the project's testbed to the public, regarding intended tests, implemented topologies, privacy requirements. It is planned to open the testbed early February.
The meeting took place in Thales, Palaiseau. The consortium was informed that the DOCTOR project had been accepted for presentation in ANR day, October 5th. The deliverable was completed with all the necessary contributions. To make progress on the development and integration between partners' components for the deliverable D3.1, there will be a dedicated meeting for involved partners. Following in task 3 are presentations on the certification of virtual functions, the implementation of orchestrater with Tosca, the demo for NDN firewall and the correlation engine for anomaly detection. For task 4, several tests for the HTTP/NDN is demonstrated. The consortium also continues the discussion on the scenarios for use-case attacks.
The meeting #11 was organized at Orange labs in Lanion. The consortium reported on the progress of the deliverable D2.2. Also in task 2, the main topic is the IFA and CPA detection, with collaboration between partners from UTT and Montimage. This work aims at a publication in NOMS. Next, the content and the primary objectives for deliverable D3.1 was identified and planned for the first version in mid-September. Partners from UTT introduced to the consortium Tosca, a language for describing NFV service that facilitates the service deployment for orchestrater. Regarding task 4, the objective is to brainstorm a scenario for each attack identified: IFA, CPA, mixed. For each attack, the consortium also defines possible countermeasures in different levels.
The meeting #10 took place in Montimage - Paris. Regarding task 2, the deliverable D2.2 writing is discussed and distributed to partners. Afterwards are the presentations of ongoing works from Ph.D. students, including privacy in NDN, breaking up NDN node into elemental modules, detecting IFA and CPA with MMT. For task 3, after a presentation on the control plane distribution, we initiated a discussion on the cooperation of CyberCAPTOR, the orchestrater and MMT Operator. A dedicated meeting on this topic will be organized shortly with partners from UTT, Thales, and Montimage. Concerning task 4, recent improvement for HTTP/NDN Gateway was presented. The consortium also talks about a document of tests to evaluate the implementation.
The meeting #9 was organized at Troyes University of Technology - Troyes. The meeting started with a debrief on the mid-term evaluation from ANR, which are very positive. Colleagues were informed about the submission of 2 journal papers to IEEE Communications Magazine and a book chapter to GSSNOA and planned for other upcoming dissemination chances. A public server GitHub Doctor was created . The code CyberCapter is now available in this GitHub, other source code will be updated soon. To maintain up-to-date, the consortium also arranged partners to participate in important international conferences, including IETF/ICNRG, ETSI NFV. For task 2, the deliverable D2.1 was finished (see Deliverables and reports). Content for D2.2 was defined. Two presentations - "The MulVAL rules adopted in the NDN domain" and "Demonstration of a new architecture Monitoring by coupling MMT and TaaS" - were presented. In task 3, the content for two sub-tasks T3.1 and T3.2 were defined planned and distributed to each partner. The new post-doctor of the project presented his PhD project to colleagues. Regarding task 4, the deliverable D4.1 was finished and available online (see Deliverables and reports). A presentation "How to cache HTTP content in NDN?" was presented.
Meeting #8 was organized at Thales - Palaiseau. The consortium started by discussing the preparation for ANR's mid-term evaluation, which will occur in two weeks (October 3rd, 2016). In addition, partners considered and distributed the work for publication chances, regarding a journal paper for IEEE Communications Magazine and a book chapter proposition for GSSNOA 2016. In task 2, the workflow of communication between CyberCapter and MMT was defined. Colleagues were informed about the status of deliverable D2.1. In task 3, an intern from Thales presented his work during the internship, especially the analyze of Tosca and Tacker - an orchestrater Open Source. Regarding task 4, the consortium was presented two demonstration videos and decided to put them online (see in Demonstration).
Meeting #7 was organized in Orange labs in Lannion.
Partners was informed that DOCTOR project will be disseminated in the meeting of ICNRG (ICN Research group), co-organized with
conference ACM ICN 2016 in Kyoto, Japan. Concerning task 2, many attack types and scenarios have been presented to the consortium and discussed, such as cache poisoning, malicious Docker container, attacks in mixing context of NFV/NDN. The latest functions of mornitoring tool MMT is demonstrated, including measuring, analyzing, classifying the traffic in NDN (with or without HTTP). It now also integrated the algorithm to detect Interest flooding attack.
Task 3 was decided to be commenced right after the publication of D2.1 in 12/2016.
Regarding task 4, a topology traslation tool was presented and anticipated to be useful when emulating existent operateurs' topology. First evaluation results on the HTTP/NDN gatewat performance were shown and a complete evaluation campaign were discussed, aming to a research paper when finished. Besides, other advancement in naming scheme for the gateway and in integrating routers NDN containers with OpenVswitch were demonstrated.
Meeting #6 took place in Montimage company, Paris.
The consortium suggested opportunities to disseminate the project in workshop STAM, RESSI,
conference AIMS and planed papers submission in near future.
On task 2, a study on FIB's attacks and possible attack scenarios were brought to the consortium and receive an agreement to be further studied.
The deliverable D2.1 was scheduled for 12/2016 and was distribued to each of the partners involved.
On task 3, an Interest filter based on name composition as well as
a proposal for a "green" deployment of NDN and SRSC - SDN-based Routing Scheme for CCN are exhibited.
Regarding task 4, the testbed integration now allows having many of the developed components installed.
The MTT tool which integrates the analysis of NDN packages has been deployed.
First test series on the top 1000 sites was also carried out with the new version of the gateway.
Another test series on functional and performance will be conducted when the V2 corrected the gateway is operational.
The meeting was organised at LORIA/CNRS in Nancy. The consortium planned future publication opportunities,
and discussed the half-time project evaluation. The work on task 1 was discussed to finalize
D1.2 and especially the detailled architecture. Regardting task 2, partners presented achieved results
respectively on NFV/SDN security, NDN security and key management. Task 3 was launched with a presentation and refinement of the contribution for each partner, while task 4 was discussed
with a focus on next experimentations that can be conducted on both testbeds in Troyes and Nancy .
A joint workshop between Doctor and Reflection projects was held on September 24th in Orange Labs in Issy les Moulineaux.
The objective of this workshop was to enable partners from two projects to better understand the projects' current and future studies,
as well as identify relations between each project's activities.
The meeting #4 was organised at Orange Labs, Issy Les Moulineaux, France.
The consortium announces disseminations of DOCTOR project in workshop STAM and WIFS, and decided to target a paper for NetSoft 2016.
The work on node architecture has been presented by partners from Orange.
Many on-going work on aspects of security have been presented by other partners from UTT, Montimage, Thales and Loria.
The second deliverable was also discussed and distributed to the consortium.
The meeting #3 took place at Troyes University of Technology - Troyes, France on June 10th-11th, 2015.
In the meeting, the consortium presented the progress in the architecture design: analyse aspects of Docker, OpenStack on Ethernet; introduce the very first thought for NDN router.
The planning for task 2 and task 3 was initiated.
Partners from UTT also demonstrated some tests with HTTP/NDN gateway installed in Troyes's testbed.
The meeting #2 took place at Thales - Palaiseau, France on February 24th, 2015. During the meeting, partners discussed the following points: the current status of DOCTOR dissemination; the project website design as well as its due day; define partners' responsible for the first deliverable D1.1 and propose a timeline to finish; a gateway HTTP/NDN for task 4.
The kickoff meeting was held in Orange Labs - Issy Les Moulineaux, France on Dec 10th, 2014, with the participation of partners from Orange, ICD-UTT, Montimage, CNRS-Loria and Thales. An overview of the project, as well as four main tasks of the project and the roles of each involved partners, have been presented in the first session. Other concerns, such as communication tools for the project, schedule for a periodic meeting and the testbed, are discussed in the second session of the meeting.
Deliverables and reports
Security monitoring of NDN through virtualized components
After having fully designed the DOCTOR architecture in WP1, and after having identified
and characterized the main security issues affecting NDN in the task 2.1, this deliverable
describes how the global monitoring architecture of the DOCTOR project can be used to
secure the operation of a virtualized NDN infrastructure. First, we describe our monitor-
ing architecture, its components and their roles. Second, we add new rules about the
NDN and NFV environments to Muval, to make it be able to perform a proactive security
analysis based on attack graphs evaluation. Then, we define and evaluate specialized
detection algorithms that can detect the main attack scenario we consider against NDN,
as described in T2.1 (interest flooding attack, content poisoning attack, mixed NDN/NFV
attack, information leakage). The ability of our architecture to detect all the considered
attacks now opens the way to the definition of remediation activities to be developed in
Network operators are often very cautious before deploying any novel networking service. This is done only if the new networking solution is fully monitored, secured and can provide rapid return on investments. By adopting the emerging Network Functions Virtualization (NFV) concept, network operators will be able to overcome this constraint by allowing them to deploy solutions at lower costs and risks. Indeed, NFV involves implementing network functions in software that can rely on virtualization techniques to run on standard server hardware, and that can then be deployed in, or moved to, various network location as required.
This document presents the deployment of the two DOCTOR NDN/NFV testbeds accessing Web content in both UTT and University of Lorraine/TELECOM Nancy. Details about the incremental deployment of the project outcomes are provided. It includes the basic deployment of docker as a container-based virtualization framework and the instantiation of several NDN nodes in a functional topology. Integrating security components like monitoring probes (MMT) for network monitoring and CyberCAPTOR for vulnerability assessment is also described. Details about NDNPerf tool for NDN performance evaluation are also presented.
Security analysis of the virtualized NDN architecture
This document surveys the security issues that can affect the virtualized Named Data Networking architecture which proper deployment and management constitutes the main goal of the DOCTOR project. From the state of the art, we first describe the most critical attacks on the disruptive networking technologies used in the project, namely NDN to transport the data and SDN/NFV to build the virtual infrastructure. In a second time, we identify four critical attack scenarios that will guide the security monitoring and orchestration of the upcoming DOCTOR architecture.
In line with network softwarisation that relies on the NFV and SDN principles, the document describes the design of the virtualized network infrastructure we propose in the DOCTOR project for securely deploying network services, with a focus on Naming Data Networking as the main use case. The DOCTOR virtualized node supports the Virtualized Network Functions we target in the project while adopting the recommendations by the ETSI NFV group. This means that we also propose a Control and Management plane for the virtualized node, which integrates the DOCTOR Security Orchestration for configuring and monitoring VNFs. The DOCTOR Security Orchestration then cooperates in the southbound face with a SDN control- ler so as to secure and apply network policies for the overall virtualized network.
Network operators are often very cautious before deploying any novel networking service. This is done only if the new networking solution is fully monitored, secured and can provide rapid return on investments. By adopting the emerging Network Functions Virtualization (NFV) concept, network operators will be able to overcome this constraint by allowing them to deploy solutions at lower costs and risks. Indeed, NFV involves implementing network functions in software that can rely on virtualization techniques to run on standard server hardware, and that can then be deployed in, or moved to, various network location as required. This document analyzes and assesses how to leverage IT virtualization and determine which solutions are the most appropriate in the DOCTOR project to design a flexible NFV-based architecture that can host new networking services, such as the NDN content delivery service, in virtualized environments. We also present the different requirements and challenges for the monitoring and security issues, making it possible to efficiently secure the overall virtualized architecture.
Hoang Long Mai, Tan Nguyen, Guillaume Doyen, Rémi Cogranne, Wissam Mallouli, Edgardo Montes de Oca, and Olivier Festor
"Towards a Security Monitoring Plane for Named Data Networking and its Application against Content Poisoning Attack."
In IEEE/IFIP Network Operations and Management Symposium (NOMS), 2018
Xavier Marchal, Moustapha El Aoun, Bertrand Mathieu, Thibault Cholez, Guillaume Doyen, Wissam Mallouli, Olivier Festor.
"Leveraging NFV for the Deployment of NDN: Application to HTTP Traffic Transport."
In the IEEE/IFIP Network Operations and Management Symposium (NOMS), Taipei, Taiwan, 23-27 April 2018.
Hoang Long Mai, Messaoud Aouadj, Guillaume Doyen, Daishi Kondo, Xavier Marchal, Thibault Cholez, Edgardo Montes de Oca, and Wissam Mallouli
"Implementation of Content Poisoning Attack Detection and Reaction in Virtualized NDN Networks."
In 21st Conference on Innovation in Clouds, Internet and Networks (ICIN), 2018
Theo Combe, Wissam Mallouli, Thibault Cholez, Guillaume Doyen, Bertrand Mathieu, Edgardo Montes de Oca
“An SDN and NFV Use Case: NDN Implementation and Security Monitoring,”
in "Guide to Security in SDN and NFV - Challenges, Opportunities, and Applications", pages 299-321, Springer, 2017.
Daishi Kondo, Thomas Silverston, Hideki Tode, Tohru Asami, and Olivier Perrin.
"Risk analysis of information-leakage through interest packets in NDN."
In Computer Communications Workshops (INFOCOM WKSHPS), 2017 IEEE Conference on, pp. 360-365. IEEE, 2017.
Tan Nguyen, Xavier Marchal, Guillaume Doyen, Thibault Cholez and Rémi Cogranne,
“Content Poisoning in Named Data Networking: Comprehensive Characterization of real Deployment”
In Proceedings of the 2017 IFIP/IEEE International Symposium on Integrated Network Management (IM), IEEE, 2017.
Xavier Marchal, Thibault Cholez, and Olivier Festor,
“Server-side performance evaluation of NDN,”
in Proceedings of the 2016 conference on 3rd ACM Conference on Information-Centric Networking, pp. 148–153, ACM, 2016.
Xavier Marchal, Thibault Cholez, and Olivier Festor,
“PIT matching from unregistered remote faces: a critical NDN vulnerability,”
in Proceedings of the 2016 conference on 3rd ACM Conference on Information-Centric Networking, pp. 211–212, ACM, 2016.
Xavier Marchal, Moustapha El Aoun, Bertrand Mathieu, Wissam Mallouli, Thibault Cholez, Guillaume Doyen, Patrick Truong, Alain Ploix, and Edgardo Montes de Oca,
“A virtualized and monitored NDN infrastructure featuring a NDN/HTTP gateway,”
in Proceedings of the 2016 conference on 3rd ACM Conference on Information-Centric Networking, pp. 225–226, ACM, 2016.
Daishi Kondo, Thomas Silverston, Hideki Tode, Tohru Asami, and Olivier Perrin.
“Name Anomaly Detection for ICN“,
The 22nd IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN 2016), IEEE, June2016.
François Reynaud, François-Xavier Aguessy, Olivier Bettan, Mathieu Bouet, and Vania Conan,
“Attacks against network functions virtualization and software-defined networking: State-of-the-art,”
in 2016 IEEE NetSoft Conference and Workshops (NetSoft), pp. 471–476, IEEE, 2016.
Hoang Long Mai, Ngoc Tan Nguyen, Guillaume Doyen, Alain Ploix, and Rémi Cogranne,
“On the readiness of ndn for a secure deployment: The case of pending interest table,”
in IFIP International Conference on Autonomous Infrastructure, Management and Security, pp. 98–110, Springer, 2016.
Elian Aubry, Thomas Silverston, and Isabelle Chrisment,
“SRSC: SDN-based routing scheme for CCN,”
in Network Softwarization (NetSoft), 2015 1st IEEE Conference on, pp. 1–5, IEEE, 2015.
Tan Nguyen, Rémi Cogranne, Guillaume Doyen, and Florent Retraint,
“Detection of interest flooding attacks in named data networking using hypothesis testing,”
in Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, pp. 1–6, IEEE, 2015.
Edgardo Montes de Oca and Wissam Mallouli, “Security aspects of SDMN,”
Book chapter in "Software Defined Mobile Networks (SDMN): Beyond LTE Network Architecture",
edited by M. Liyanage, A. Gurtov and M. Yliantilla. Published on August 17, 2015
Tan Nguyen, Rémi Cogranne, and Guillaume Doyen,
“An optimal statistical test for robust detection against interest flooding attacks in CCN,”
in 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 252–260, IEEE, 2015.
Bertrand Mathieu, Guillaume Doyen, Wissam Mallouli, Thomas Silverston, Olivier Bettan, François-Xavier Aguessy, Thibault Cholez, Abdelkader Lahmadi, Patrick Truong, and Edgardo Montes de Oca,
“Monitoring and securing new functions deployed in a virtualized networking environment,”
in Availability, Reliability and Security (ARES), 2015 10th International Conference on, pp. 741–748, IEEE, 2015.
presented at Information-Centric Networking Research Group (ICNRG)
meeting session at Internet Engineering Task Force (IETF) 101 meeting in London, United Kingdom
presented at Computer & Electronics Security Applications Rendez-vous (C&ESAR) in Rennes, France
presented at Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information RESSI 2015 in Troyes, France.
paper An optimal statistical test for robust detection against interest flooding attacks in CCN
presented at 14th IFIP/IEEE Symposium on Integrated Network and Service Management 2015
IM 2015 in Ottawa, Canada.
Two videos was presented to the consortium in the DOCTOR Meeting #8 at Thales, Palaiseau. The first video illustrates the principle of network node virtualization where multiple
protocol stacks can be deployed and function independently.
The second video demonstrates current functionalities of mornitoring tool MMT, such as analyzing, classifying traffic by name and face, adjusting the threshold to detect Interest flooding attack