The Internet and how we use it changed completely since its inception. Its current architecture based on a host-to-host design is not suitable for today's heavy use of multimedia files, where the same content is accessed and consumed by multiple consumers. Moreover, the proprietary and static nature of network devices such as routers heavily limits the achievable network performance, as well as reducing interoperability. These limitations are exacerbated by the rise of the Internet of Things, which is projected to introduce billions of new, always connected devices constantly generating data.
In order to make up for these shortcomings, several bodies issued funding for research on new Internet architectures, such as the NSF Future Internet Architectures (FIA) project. In recent years, two new architectures in particular received widespread acceptance: Software-Defined Networking (SDN) and Information-Centric Networking (ICN). However, despite their growing popularity and industrial support, the security of these architectures is still not well tested and recent research showed they both present potentially serious security and privacy flaws. In order for these alternative architectures to receive widespread adoption in real network deployments, additional research in their security is required.
State-of-the-art solutions in both SDN scalability and ICN secure content distribution suffer from severe drawbacks. Currently proposed solutions to address scalability issues in SDN are either considerably limited in scope [1][7], or simply try to mitigate the consequences of attacks without addressing the underlying issues of the architecture [8]. State-of-the-art works such as [1] and [7] are only applicable against a small subset of saturation attacks against SDN, namely attacks based on SYN-flooding. While SYN-flooding based attacks to SDN scalability are particularly easy to mount, attackers can use similar attacks that do not rely on stateful protocols such as TCP in order to circumvent the countermeasures proposed in [1], [7]. To address this issue, one potential direction worth investigating is the application of deep neural networks to the detection of the anomalous traffic that is characteristics of saturation attacks in SDN. Control plane saturation attacks require some form of flooding to be effective, which have a very distinctive pattern and differ considerably from normal traffic. Consequently, machine learning-based detection techniques should be able to detect these deviation in traffic features, and reliably detect ongoing attacks. A particular challenge will be how to efficiently integrate such detection mechanism with SDN's OpenFlow protocol, as well as what countermeasures are best to apply after detection.
Given that SDN technologies are already applied in real-world deployments, such advancement in saturation protection methods can have an important impact in real applications.
Current ICN state-of-the-art proposals to deal with confidentiality and security of content distribution suffer from a number of drawbacks. One of the leading techniques, described in [9], proposes to use classical broadcast encryption algorithms in the context of ICN content distribution. The proposed protocol provides acceptable performance and efficiency for large multimedia files, such as movies. However, both performance and efficiency of the protocol falls quickly as the number of users increases and/or the size of the protected contents decreases, making it not applicable to most type of contents. Other alternative state-of-the-art proposals such as [11] can maintain acceptable levels of performance for all types of contents, but to do so heavily reduces content availability. There is therefore ample room for improvement over current state-of-the-art, and advancements in this direction can have considerable impact not only on the ICN community and companies that are currently developing ICN solutions, but also on caching networks in general. An interesting research direction to address this issue is to evaluate the applicability of Attribute Based Encryption (ABE) techniques in the context of ICN. ABE allows to define strict access policies that a user must satisfy in order to be able to decrypt a protected content, as well as would allow to preserve ICN's efficient network caching. However, ABE introduces issues related to access rights revocation. To this end, it could be interesting to study combinations of ABE-based and broadcast encryption-based techniques, to provide both efficient access control as well as dynamic revocation capabilities.