Rethinking Caching Security of Information-Centric Networking: A System Recovery Perspective

ICN names data rather than hosts and then directly relays packets according to data names. This fundamental shift in naming from host-dependent to host-independent enables ICN to cache data for future service in its network. Therefore, ICN acts as not only a tunnel to transmit data but also a temporary cache of data, which inevitably confronts data attacks. In this article, for the first time, we investigate caching security from a system recovery perspective, and find that ICN attacked by typical caching attacks can be eventually recovered to the normal state if in-network security on data is provided. However, it may cause concern about the recovery time. To address this concern, we introduce a lightweight solution to shorten the recovery period of ICN by constructing and managing trusted zones with Dual Tunnels among Routers in a Penalty-Feedback Way (Duty). The feasibility and effectiveness of our design are verified by the experimental evaluations on real topology. Our work indicates a new perspective in the cache security of ICN and addresses some future work.