The meeting #9 was organized at Troyes University of Technology - Troyes. The meeting started with a debrief on the mid-term evaluation from ANR, which are very positive. Colleagues were informed about the next submissions and planned for other upcoming dissemination chances. A public server GitHub Doctor was created . The code CyberCapter is now available in this GitHub, other source code will be updated soon. To maintain up-to-date, the consortium also arranged partners to participate in important international conferences, including IETF/ICNRG, ETSI NFV. For task 2, the deliverable D2.1 was finished (see Deliverables and reports). Content for D2.2 was defined. Two presentations - "The MulVAL rules adopted in the NDN domain" and "Demonstration of a new architecture Monitoring by coupling MMT and TaaS" - were presented. In task 3, the content for two sub-tasks T3.1 and T3.2 were defined planned and distributed to each partner. The new post-doctor of the project presented his PhD project to colleagues. Regarding task 4, the deliverable D4.1 was finished and available online (see Deliverables and reports). A presentation "How to cache HTTP content in NDN?" was presented.
Meeting #8 was organized at Thales - Palaiseau. The consortium started by discussing the preparation for ANR's mid-term evaluation, which will occur in two weeks (October 3rd, 2016). In addition, partners considered and distributed the work for publication chances. In task 2, the workflow of communication between CyberCapter and MMT was defined. Colleagues were informed about the status of deliverable D2.1. In task 3, an intern from Thales presented his work during the internship, especially the analyze of Tosca and Tacker - an orchestrater Open Source. Regarding task 4, the consortium was presented two demonstration videos and decided to put them online (see in Demonstration).
Meeting #7 was organized in Orange labs in Lannion.
Partners was informed that DOCTOR project will be disseminated in the meeting of ICNRG (ICN Research group), co-organized with
conference ACM ICN 2016 in Kyoto, Japan. Concerning task 2, many attack types and scenarios have been presented to the consortium and discussed, such as cache poisoning, malicious Docker container, attacks in mixing context of NFV/NDN. The latest functions of mornitoring tool MMT is demonstrated, including measuring, analyzing, classifying the traffic in NDN (with or without HTTP). It now also integrated the algorithm to detect Interest flooding attack.
Task 3 was decided to be commenced right after the publication of D2.1 in 12/2016.
Regarding task 4, a topology traslation tool was presented and anticipated to be useful when emulating existent operateurs' topology. First evaluation results on the HTTP/NDN gatewat performance were shown and a complete evaluation campaign were discussed, aming to a research paper when finished. Besides, other advancement in naming scheme for the gateway and in integrating routers NDN containers with OpenVswitch were demonstrated.
Meeting #6 took place in Montimage company, Paris.
The consortium suggested opportunities to disseminate the project in workshop STAM, RESSI,
conference AIMS and planed papers submission in near future.
On task 2, a study on FIB's attacks and possible attack scenarios were brought to the consortium and receive an agreement to be further studied.
The deliverable D2.1 was scheduled for 12/2016 and was distribued to each of the partners involved.
On task 3, an Interest filter based on name composition as well as
a proposal for a "green" deployment of NDN and SRSC - SDN-based Routing Scheme for CCN are exhibited.
Regarding task 4, the testbed integration now allows having many of the developed components installed.
The MTT tool which integrates the analysis of NDN packages has been deployed.
First test series on the top 1000 sites was also carried out with the new version of the gateway.
Another test series on functional and performance will be conducted when the V2 corrected the gateway is operational.
The meeting was organised at LORIA/CNRS in Nancy. The consortium planned future publication opportunities,
and discussed the half-time project evaluation. The work on task 1 was discussed to finalize
D1.2 and especially the detailled architecture. Regardting task 2, partners presented achieved results
respectively on NFV/SDN security, NDN security and key management. Task 3 was launched with a presentation and refinement of the contribution for each partner, while task 4 was discussed
with a focus on next experimentations that can be conducted on both testbeds in Troyes and Nancy .
A joint workshop between Doctor and Reflection projects was held on September 24th in Orange Labs in Issy les Moulineaux.
The objective of this workshop was to enable partners from two projects to better understand the projects' current and future studies,
as well as identify relations between each project's activities.
The meeting #4 was organised at Orange Labs, Issy Les Moulineaux, France.
The consortium announces disseminations of DOCTOR project in workshop STAM and WIFS, and decided to target a paper for NetSoft 2016.
The work on node architecture has been presented by partners from Orange.
Many on-going work on aspects of security have been presented by other partners from UTT, Montimage, Thales and Loria.
The second deliverable was also discussed and distributed to the consortium.
The meeting #3 took place at Troyes University of Technology - Troyes, France on June 10th-11th, 2015.
In the meeting, the consortium presented the progress in the architecture design: analyse aspects of Docker, OpenStack on Ethernet; introduce the very first thought for NDN router.
The planning for task 2 and task 3 was initiated.
Partners from UTT also demonstrated some tests with HTTP/NDN gateway installed in Troyes's testbed.
The meeting #2 took place at Thales - Palaiseau, France on February 24th, 2015. During the meeting, partners discussed the following points: the current status of DOCTOR dissemination; the project website design as well as its due day; define partners' responsible for the first deliverable D1.1 and propose a timeline to finish; a gateway HTTP/NDN for task 4.
The kickoff meeting was held in Orange Labs - Issy Les Moulineaux, France on Dec 10th, 2014, with the participation of partners from Orange, ICD-UTT, Montimage, CNRS-Loria and Thales. An overview of the project, as well as four main tasks of the project and the roles of each involved partners, have been presented in the first session. Other concerns, such as communication tools for the project, schedule for a periodic meeting and the testbed, are discussed in the second session of the meeting.
Network operators are often very cautious before deploying any novel networking service. This is done only if the new networking solution is fully monitored, secured and can provide rapid return on investments. By adopting the emerging Network Functions Virtualization (NFV) concept, network operators will be able to overcome this constraint by allowing them to deploy solutions at lower costs and risks. Indeed, NFV involves implementing network functions in software that can rely on virtualization techniques to run on standard server hardware, and that can then be deployed in, or moved to, various network location as required.
This document presents the deployment of the two DOCTOR NDN/NFV testbeds accessing Web content in both UTT and University of Lorraine/TELECOM Nancy. Details about the incremental deployment of the project outcomes are provided. It includes the basic deployment of docker as a container-based virtualization framework and the instantiation of several NDN nodes in a functional topology. Integrating security components like monitoring probes (MMT) for network monitoring and CyberCAPTOR for vulnerability assessment is also described. Details about NDNPerf tool for NDN performance evaluation are also presented.
Security analysis of the virtualized NDN architecture
This document surveys the security issues that can affect the virtualized Named Data Networking architecture which proper deployment and management constitutes the main goal of the DOCTOR project. From the state of the art, we first describe the most critical attacks on the disruptive networking technologies used in the project, namely NDN to transport the data and SDN/NFV to build the virtual infrastructure. In a second time, we identify four critical attack scenarios that will guide the security monitoring and orchestration of the upcoming DOCTOR architecture.
In line with network softwarisation that relies on the NFV and SDN principles, the document describes the design of the virtualized network infrastructure we propose in the DOCTOR project for securely deploying network services, with a focus on Naming Data Networking as the main use case. The DOCTOR virtualized node supports the Virtualized Network Functions we target in the project while adopting the recommendations by the ETSI NFV group. This means that we also propose a Control and Management plane for the virtualized node, which integrates the DOCTOR Security Orchestration for configuring and monitoring VNFs. The DOCTOR Security Orchestration then cooperates in the southbound face with a SDN control- ler so as to secure and apply network policies for the overall virtualized network.
Network operators are often very cautious before deploying any novel networking service. This is done only if the new networking solution is fully monitored, secured and can provide rapid return on investments. By adopting the emerging Network Functions Virtualization (NFV) concept, network operators will be able to overcome this constraint by allowing them to deploy solutions at lower costs and risks. Indeed, NFV involves implementing network functions in software that can rely on virtualization techniques to run on standard server hardware, and that can then be deployed in, or moved to, various network location as required. This document analyzes and assesses how to leverage IT virtualization and determine which solutions are the most appropriate in the DOCTOR project to design a flexible NFV-based architecture that can host new networking services, such as the NDN content delivery service, in virtualized environments. We also present the different requirements and challenges for the monitoring and security issues, making it possible to efficiently secure the overall virtualized architecture.
T. Combe, W. Mallouli, T. Cholez, G. Doyen, B. Mathieu, and E. Montes de Oca,
“A SDN and NFV use-case: NDN implementation and security monitoring”
Book chapter to appear in Guide to Security in SDN and NFV - Challenges, Opportunities, and Applications, Springer, 2017.
N. T. Nguyen, X. Marchal, G. Doyen, T. Chloez and R. Cogranne,
“Content Poisoning in Named Data Networking: Comprehensive Characterization of real Deployment”
To appear in Proceedings of the 2017 IFIP/IEEE International Symposium on Integrated Network Management (IM), IEEE, 2017.
X. Marchal, T. Cholez, and O. Festor,
“Server-side performance evaluation of NDN,”
in Proceedings of the 2016 conference on 3rd ACM Conference on Information-Centric Networking, pp. 148–153, ACM, 2016.
X. Marchal, T. Cholez, and O. Festor, “PIT matching from unregistered remote faces: a critical NDN vulnerability,”
in Proceedings of the 2016 conference on 3rd ACM Conference on Information-Centric Networking, pp. 211–212, ACM, 2016.
X. Marchal, M. E. Aoun, B. Mathieu, W. Mallouli, T. Cholez, G. Doyen, P. Truong, A. Ploix, and E. M. De Oca,
“A virtualized and monitored NDN infrastructure featuring a NDN/HTTP gateway,”
in Proceedings of the 2016 conference on 3rd ACM Conference on Information-Centric Networking, pp. 225–226, ACM, 2016.
D. Kondo, T. Silverston, H. Tode, T. Asami and O. Perrin,
“Name Anomaly Detection for ICN“,
The 22nd IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN 2016), IEEE, June2016.
F. Reynaud, F.-X. Aguessy, O. Bettan, M. Bouet, and V. Conan,
“Attacks against network functions virtualization and software-defined networking: State-of-the-art,”
in 2016 IEEE NetSoft Conference and Workshops (NetSoft), pp. 471–476, IEEE, 2016.
H. L. Mai, N. T. Nguyen, G. Doyen, A. Ploix, and R. Cogranne,
“On the readiness of ndn for a secure deployment: The case of pending interest table,”
in IFIP International Conference on Autonomous Infrastructure, Management and Security, pp. 98–110, Springer, 2016.
E. Aubry, T. Silverston, and I. Chrisment,
“SRSC: SDN-based routing scheme for CCN,”
in Network Softwarization (NetSoft), 2015 1st IEEE Conference on, pp. 1–5, IEEE, 2015.
T. N. Nguyen, R. Cogranne, G. Doyen, and F. Retraint,
“Detection of interest flooding attacks in named data networking using hypothesis testing,”
in Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, pp. 1–6, IEEE, 2015.
E. M. de Oca and W. Mallouli, “Security aspects of SDMN,”
Book chapter in "Software Defined Mobile Networks (SDMN): Beyond LTE Network Architecture",
edited by M. Liyanage, A. Gurtov and M. Yliantilla. Published on August 17, 2015
T. Nguyen, R. Cogranne, and G. Doyen,
“An optimal statistical test for robust detection against interest flooding attacks in CCN,”
in 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 252–260, IEEE, 2015.
B. Mathieu, G. Doyen, W. Mallouli, T. Silverston, O. Bettan, F.-X. Aguessy, T. Cholez, A. Lahmadi, P. Truong, and E. M. de Oca,
“Monitoring and securing new functions deployed in a virtualized networking environment,”
in Availability, Reliability and Security (ARES), 2015 10th International Conference on, pp. 741–748, IEEE, 2015.
paper On the Readiness of NDN for a Secure Deployment: the case of Pending Interest Table
presented at AIMS 2016, Munich, Germany.
Challenges and directions for the security management of ICN services
presented at ICNRG (IRTF) meeting, Paris, France. (slides)
paper Detection of Interest Flooding Attacks in Named Data Networking using Hypothesis Testing presented at WIFS 2015
in Rome, Italy.
presented at Rendez-Vous de la Recherche et de l'Enseignement de la Sécurité des Systèmes d'Information RESSI 2015 in Troyes, France.
paper An optimal statistical test for robust detection against interest flooding attacks in CCN
presented at 14th IFIP/IEEE Symposium on Integrated Network and Service Management 2015
IM 2015 in Ottawa, Canada.
Two videos was presented to the consortium in the DOCTOR Meeting #8 at Thales, Palaiseau. The first video illustrates the principle of network node virtualization where multiple
protocol stacks can be deployed and function independently.
The second video demonstrates current functionalities of mornitoring tool MMT, such as analyzing, classifying traffic by name and face, adjusting the threshold to detect Interest flooding attack