When encryption is not enough: privacy attacks in content-centric networking.

Content-Centric Networking (CCN) is a network architecture for transferring named content from producers to consumers upon request. The name-to-content binding is cryptographically enforced with a digital signature generated by the producer. Thus, content integrity and origin authenticity are core features of CCN. In contrast, content confidentiality and privacy are left to the applications. The typically advocated approach for protecting sensitive content is to use encryption, i.e., restrict access to those who have appropriate decryption key(s). Moreover, content is typically encrypted once for identical requests, meaning that many consumers obtain the same encrypted content. From a privacy perspective, this is a step backwards from the "secure channel" approach in today's IP-based Internet, e.g., TLS or IPSec. In this paper, we assess the privacy pitfalls of this approach, particularly, when the adversary learns some auxiliary information about popularity of certain plaintext content. Merely by observing (or learning) the frequency of requested content, the adversary can learn which encrypted corresponds to which plaintext data. We evaluate this attack using a custom CCN simulator and show that even moderately accurate popularity information suffices for accurate mapping. We also show how the adversary can exploit caches to learn content popularity information. The adversary needs to know the content namespace in order to succeed. Our results show that encryption-based access control is insufficient for privacy in CCN. More extensive counter-measures (such as namespace restrictions and content replication) are needed to mitigate the attack.