In the Intersection of Current and Future Internet Security and Privacy

Enkeleda Bardhi

Get to know me better

2

Why Security is important?

• The Internet was designed for simplicity
• The Internet lacks security-by-design
• Attacks are everywhere and sometimes they look like normal traffic
• The Internet has a huge federated-like operation, therefore detection, mitigation and prevention becomes challenging

​

​

3

What history taught us? BGP is vulnerable

Attacks:

• Routing

Incident: of February 2008 Pakistan ISP made YouTube disappearing from the Internet

​

The incident began when Pakistani authorities demanded YouTube to be censored within Pakistan

​

AS17557 launched subprefix hijack by originating the subprefix 208.65.153.0/24 of YouTube’s prefix 208.65.153.0/22 to its customer ASes in Pakistan

4

What history taught us? BGP is vulnerable

Attacks:

• Routing

Incident of 2022 due to Russia-Ukraine war telecoms in each of these countries attempted to block access to Twitter using a BGP hijack to black hole traffic.

​

From 12:05-12:50 UTC, Russian telecom RTComm (AS8342) hijacked 104.244.42.0/24 belonging to Twitter

​

Good news: It fared much better this time due to an Route Origin Authentication which enabled other networks to simply drop the erroneous Russian announcement.

5

What history taught us? SYN Flood

6

What History Taught Us? Mirai Botnet

7

What History Taught Us? Mirai Botnet

8

Security Risks from “Smart” Devices

9

• Devices may be difficult (or impossible!) to patch
• Not isolated from one another (can attack one another)
• Not isolated from the Internet (can attack other devices on the Internet)

​

Motivation for Revolutionary Paradigms (½)

• Internet has changed: more users, more data, more devices/user, connections everywhere and at every time
• The current Internet must cope with:
• ever-increasing performance requirements
• several security and privacy issues
• Substitute the Internet hourglass model -> changing communication paradigm for better performance---i.e., fast, efficient, and secure data delivery, improved reliability

10

Motivation for Revolutionary Paradigms (½)

Information-Centric Networking (ICN), the most promising substitute for Internet

​

• Naming hosts in IP -> Naming data in ICN
• Name-based routing and forwarding
• Security by design
• Routers equipped with caches

11

ICN Security and Privacy Implications

The new features can present vulnerabilities:

• Naming - content is referred by name which might lead to privacy implications [1, 2]
• Routing - content delivery depends on the consistency of some distributed data structures (FIB, PIT) [3, 4]
• Caching - in-network caches improve the throughput and latency, but introduce cache/content pollution attacks [5, 6]

12

[1] S. Arianfar, T. Koponen, B. Raghavan, and S. Shenker, “On preserving privacy in content-oriented networks,” in Proc. ACM SIGCOMM Workshop ICN, Aug. 2011, pp. 19–24

[2] Bardhi, E., Conti, M., Lazzeretti, R., & Losiouk, E. (2021, October). ICN PATTA: ICN privacy attack through traffic analysis. In 2021 IEEE 46th Conference on Local Computer Networks (LCN) (pp. 443-446). IEEE.

[3] A. Compagno, M. Conti, P. Gasti, and G. Tsudik, “Poseidon: Mitigating interest flooding DDoS attacks in named data networking,” in Proc. IEEE 38th Conf. Local Comput. Netw., Oct. 2013, pp. 630–638

[4] Agiollo, A., Bardhi, E., Conti, M., Lazzeretti, R., Losiouk, E., & Omicini, A. (2023, July). GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks. In 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P) (pp. 615-630). IEEE.

[5] C. Ghali, G. Tsudik, and E. Uzun, “Needle in a haystack: Mitigating content poisoning in named-data networking,” in Proc. SENT, San Diego, CA, USA, 2014, pp. 1–10

[6] L. Yao, Z. Chen, H. Dai and G. Wu, "Exploiting Non-Cooperative Game Against Cache Pollution Attack in Vehicular Content Centric Network," in IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 6, pp. 3873-3886, 1 Nov.-Dec. 2022, doi: 10.1109/TDSC.2021.3109046.

​

​

​

​

​

​

ICN PATTA* Overview

13

• Attacker intercepts the victims outgoing traffic
• Attacker extracts the content names on Interest packets
• Those names are processed with NLP techniques
• Attacker uses ML classifiers to identify content's category

​

*Bardhi, E., Conti, M., Lazzeretti, R., & Losiouk, E. (2021, October). ICN PATTA: ICN privacy attack through traffic analysis. In 2021 IEEE 46th Conference on Local Computer Networks (LCN) (pp. 443-446). IEEE.

GNN4IFA*: IFA Detection via GNN

Interest Flooding Attacks are a sort of DDoS in ICN/NDN networks

​

• Two detection approaches:
• Threshold-based
• ML-based

​

• Limitations of SOTA approaches:
• locality issue
• solutions are designed and implemented in small network topologies
• missing datasets for designing data-driven solutions

​

14

*Agiollo, A., Bardhi, E., Conti, M., Lazzeretti, R., Losiouk, E., & Omicini, A. (2023, July). GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks. In 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P) (pp. 615-630). IEEE.

GNN4IFA: IFA Detection via GNN

Design Criteria

15

C1: Global IFA Detection Mechanism

C2: Adaptable to heterogeneous topologies

C3: Large and representative network traffic

C4: Robust and efficient detection

GNNs enable information extraction from the whole NDN network graph

GNNs are proven to generalize well between different graph structures

SPOTIFAI is the first comprehensive IFA’s dataset

GNNs reach reasonably time efficient results even in huge-scale graphs

GNN4IFA: Network as a Graph

G(t) = {X(t), A(t)} represents the graph for NDN network at time t

• A^NxN represents the binary adjacency matrix for routers interconnections, where:

​

​

• X(t) represents routers states, where:

​

​

Main Intuition

16

and

GNN4IFA: Generalisability study

17

Accuracy and F1-score of SAD over SPOTIFAI topologies, when trained on a different topology.

TPR and FPR of UAD over SPOTIFAI topologies, when trained on a different topology.

SAD generalises well from larger to smaller topologies.

UAD generalises well from smaller to larger topologies.

GNN4IFA: Data requirements study

18

Accuracy (top) and F1-score (bottom) of SAD over SPOTIFAI topologies, when trained on a different percentage of samples.

TPR (top) and FPR (bottom) of UAD over SPOTIFAI topologies, when trained on a different percentage of samples.

SAD and UAD perform well even when trained on small set of samples.

Where my research stands?

19

Bardhi, E., Conti, M., Lazzeretti, R., & Losiouk, E. (2023). Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey. IEEE Communications Surveys & Tutorials.

Bardhi, E., Conti, M., Lazzeretti, R., & Kuippers, F. (2023). Fully Distributed In-Network DDoS Detection. To be submitted to CoNext Nov. 2023

Agiollo, A., Bardhi, E., Conti, M., Lazzeretti, R., Losiouk, E., & Omicini, A. (2023, July). GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks. In 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P) (pp. 615-630). IEEE.

Agiollo, A., Bardhi, E., Conti, M., Dal Fabbro, N., Lazzeretti, R., Anonymous Federated Learning with Named-Data Networking, Currently under revision at FGCS journal.

Bardhi, E., Conti, M., Lazzeretti, R., Is AI a Trick or T(h)reat for Securing Programmable Data Planes?, Currently under revision at IEEE Network Magazine.

Bardhi, E., Conti, M., Lazzeretti, R., & Losiouk, E. (2021, October). ICN PATTA: ICN privacy attack through traffic analysis. In 2021 IEEE 46th Conference on Local Computer Networks (LCN) (pp. 443-446). IEEE.

Bardhi, E., Conti, M., Lazzeretti, R., Losiouk, E., & Taffal, A. (2022, August). Sim2Testbed Transfer: NDN Performance Evaluation. In Proceedings of the 17th International Conference on Availability, Reliability and Security (pp. 1-9).

Thank You

ebardhi@purdue.edu