A Proactive Cache Privacy Attack on NDN.

Named Data Networking (NDN) is a relatively new architecture, adhering to the Information-Centric Networking (ICN) paradigm, which focuses on explicitly named, routable and addressable content. While addressing and overcoming some of the current Internet issues, ICN is also affected by its own ones. Among those, content caching can be exploited, together with the Content Fetch Time (CFT), to identify the contents requested by the users. This attack is reactive, since the attacker infers whether a content has been requested after the victim has already sent a request for it. The defence mechanisms rely on the modification of the CFT, which, despite defending the users, also damage them from a usability point of view.In this paper, we investigate an enhanced version of the attack, which is proactive and is still feasible even under enabled countermeasures. In the proactive attack, the attacker forces a router to cache a content and only afterwards checks whether the victim sends requests for that content. With respect to the reactive attack the proactive one: (i) is resilient to the existing defence mechanisms; (ii) can be applied for both popular and unpopular contents; (iii) can be used also in case of multiple users connected to the same router of the victim. After several simulations, we identified the parameters required to setup the proactive attack and proved its feasibility, both in terms of effectiveness and in terms of bypassing the existing countermeasures. We, finally, explored new possible countermeasures.