Privacy in content-oriented networking: threats and countermeasures

Abdelberi Chaabane, Emiliano De Cristofaro, Mohamed Ali Kaafar, Ersin Uzun
Appears in: 
CCR July 2013

As the Internet struggles to cope with scalability, mobility, and security issues, new network architectures are being proposed to better accommodate the needs of modern systems and applications. In particular, Content-Oriented Networking (CON) has emerged as a promising next-generation Internet architecture: it sets to decouple content from hosts, at the network layer, by naming data rather than hosts. CON comes with a potential for a wide range of benefits, including reduced congestion and improved delivery speed by means of content caching, simpler configuration of network devices, and security at the data level. However, it remains an interesting open question whether or not, and to what extent, this emerging networking paradigm bears new privacy challenges. In this paper, we provide a systematic privacy analysis of CON and the common building blocks among its various architectural instances in order to highlight emerging privacy threats, and analyze a few potential countermeasures. Finally, we present a comparison between CON and today's Internet in the context of a few privacy concepts, such as, anonymity, censoring, traceability, and confidentiality.

Public Review By: 
Augustin Chaintreau

Does privacy require that the content you want is accessed with a specific physical location of reference? Or, to put it more concretely, is networking using a content centric approach -- or a content oriented one, or named data, or content-based, or information centric ... well you got the idea -- particularly privacy-averse? Or, to narrow it down, are today’s propositions such as CCNx raising additional privacy issues, and what can we do about them? I am going to spoil the surprise: this paper does not really answer most of these questions (for two reasons that I explain below). But, wait! There is more: it does present new attacks and counteractions and, whereas experts will debate whether some of these are known, it is the first time that they are comprehensively described and explained as a whole. Realizing such an exercise was unanimously judged very valuable. In fact one of the reviewers highlighted that, provided such evidence, the paper raises such important concerns “that one should reconsider if the CON architecture is a good idea in the first place.” Neither us nor the authors will attempt to answer that other questions, but it seems without any doubt useful to quickly circulate such study within our community.While reviewers had many comments, the authors did a thorough revision addressing most local comments and criticism, so what you are seeing is a real dense 8 page paper full of insightful observations. I should point out two reasons why, partly independently of the authors's effort, the questions mentioned above can't be answered yet. Firstly, as Steve’s statement above indicates, privacy is generally at odds with networking. Most of the time, our confidence in a system derives from having another one that is currently implemented and relatively “hard” or “unprofitable” to crack. All these architectures, without a real implementation used (and actual private data from or about users) may be victim of a vacuous truth: of course CON is secure, since noone uses it yet, of course it's unsecure, since you can point out one way to use it that leaks important information. However, all reviewers agreed that despite the fact that none of these systems are deployed, proactively anticipating this risk is very important research. Secondly, the limit of CCR page length (and our general editorial policy) emphasizes quick dissemination of ideas, not quantitative tests. A majority of reviewers felt that many of the points highlighted in this paper deserves more time and space to be ultimately decided. Meanwhile, let our review welcome a study that makes us more pragmatic when judging what all these new acronyms do to our networked life, and let us hope that it will lead on a better understanding of privacy beyond today’s Internet.