Check before storing: what is the performance price of content integrity verification in LRU caching?

Giuseppe Bianchi, Andrea Detti, Alberto Caponi, Nicola Blefari Melazzi
Appears in: 
CCR July 2013

In some network and application scenarios, it is useful to cache content in network nodes on the fly, at line rate. Resilience of in-network caches can be improved by guaranteeing that all content therein stored is valid. Digital signatures could be indeed used to verify content integrity and provenance. However, their operation may be much slower than the line rate, thus limiting caching of cryptographically verified objects to a small subset of the forwarded ones. How this affects caching performance? To answer such a question, we devise a simple analytical approach which permits to assess performance of an LRU caching strategy storing a randomly sampled subset of requests. A key feature of our model is the ability to handle traffic beyond the traditional Independent Reference Model, thus permitting us to understand how performance vary in different temporal locality conditions. Results, also verified on real world traces, show that content integrity verification does not necessarily bring about a performance penalty; rather, in some specific (but practical) conditions, performance may even improve.

Public Review By: 
Sharad Agarwal

LRU caching is a widely-known and widely-used technique to improve network performance. This paper has a counter-intuitive and interesting conclusion -- if you do not cache a random fraction of network objects, your cache locality may improve. In hindsight, this conclusion is not terribly surprising. Objects that are requested less frequently are more likely to not be cached under such a scheme. However, as the analytic evaluation demonstrates, the improvements depend on the temporal locality of object requests. This paper presents a scenario under which such a scheme would be considered. In Information Centric Networking (ICN), intermediate network nodes may wish to cache network objects. To avoid previously demonstrated attacks where poisoned content is cached, the authors want to use digital signatures to verify content integrity. However, the authors do not wish to add the cost of using hardware that can do RSA signature verification at line-rate. Hence, if only a fraction of network objects can be verified, how is cache performance impacted when only the verified objects are considered? The authors have worked diligently with reviewers to improve their paper. The reviewers were concerned by the low overall cache hit rate in the paper (under 20%), and limited validation of the analytical model with real world data. Nonetheless, this is an interesting paper for the CCR community to mull over and discuss.