Securing Named Data Networking routing using Decentralized Identifiers

Named Data Networking (NDN) is a realization of the Information-Centric Networking (ICN) paradigm, where routing is based on content identifiers rather than on network location identifiers. The routing state in NDN can grow exponentially, not only due to the huge number of content identifiers (as opposed to network addresses) but also because it is difficult to detect "fake" routing advertisements. For example, in contrast to IP-based routing, a potentially valid routing entry in NDN can be advertised from multiple network locations, making NDN susceptible to Denial-of-Service attacks at the routing layer. In this paper, we leverage Decentralized Identifiers (DIDs) to build self-verifiable "content advertisements." With our solution, any router can verify that a content advertisement originates from an "authorized" entity, without requiring any trusted third party. We implement our solution and we evaluate it in a scenario where filtering is implemented by the edge routers. We show that our solution reduces fake routing advertisements with minimal computational overhead.