Method and apparatus for preventing insertion of malicious content at a named data network router
First Claim
1. A computer-implemented method, comprising:
- forwarding, by a network node via an egress interface, an Interest specifying a location-independent, non-hierarchical content name that identifies a first Content Object;
storing, in a Pending Interest Table (PIT) within a data repository of the network node, a PIT entry for the Interest specifying the egress interface and a return interface;
receiving, by the network node, a second Content Object associated with the same content name via a second interface;
performing, based on the content name, a lookup operation in the PIT to identify the PIT entry for the previously forwarded Interest;
determining, from the PIT entry, the egress interface used previously by the network node to forward the Interest; and
responsive to determining that the egress interface specified by the PIT entry matches the second interface for the second Content Object, forwarding the second Content Object via the return interface specified in the PIT entry.
0 Assignments
0 Petitions
Accused Products
Abstract
An object-forwarding device can block a malicious Content Object from being inserted into an Interest'"'"'s reverse path over a named data network. During operation, the device can receive a Content Object via a first interface, and can perform a lookup operation in a Pending Interest Table (PIT) to identify a PIT entry for an Interest associated with the Content Object. The device then determines, from the PIT entry, an egress interface used to forward the Interest. If the device determines that the egress interface of the PIT entry matches the first interface for the Content Object, the device forwards the Content Object via a return interface specified in the PIT entry. On the other hand, if the egress interface of the PIT entry does not match the first interface for the Content Object, the device can block the Content Object.
581 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
forwarding, by a network node via an egress interface, an Interest specifying a location-independent, non-hierarchical content name that identifies a first Content Object; storing, in a Pending Interest Table (PIT) within a data repository of the network node, a PIT entry for the Interest specifying the egress interface and a return interface; receiving, by the network node, a second Content Object associated with the same content name via a second interface; performing, based on the content name, a lookup operation in the PIT to identify the PIT entry for the previously forwarded Interest; determining, from the PIT entry, the egress interface used previously by the network node to forward the Interest; and responsive to determining that the egress interface specified by the PIT entry matches the second interface for the second Content Object, forwarding the second Content Object via the return interface specified in the PIT entry. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium storing instructions that when executed by a network node computer cause the network node computer to perform a method, the method comprising:
-
forwarding, by a network node via an egress interface, an Interest specifying a location-independent, non-hierarchical content name that identifies a first Content Object; storing, in a Pending Interest Table (PIT) within a data repository of the network node, a PIT entry for the Interest specifying the egress interface and a return interface; receiving, by the network node, a second Content Object associated with the same content name via a second interface; performing, based on the content name, a lookup operation in the PIT to identify the PIT entry for the previously forwarded Interest; determining, from the PIT entry, the egress interface used previously by the network node to forward the Interest; and responsive to determining that the egress interface specified by the PIT entry matches the second interface for the second Content Object, forwarding the second Content Object via the return interface specified in the PIT entry. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a processor; and a memory configured to store instructions executable by the processor, wherein the processor is configured to; forward, via an egress interface, an Interest specifying a location-independent, non-hierarchical content name that identifies a first Content Object; store, in a Pending Interest Table (PIT) within a data repository a PIT entry for the Interest specifying the egress interface and a return interface; receive a second Content Object associated with the same content name via a second interface; perform, based on a content name, a lookup operation in the PIT to identify the PIT entry for the previously forwarded Interest; determine, from the PIT entry, the egress interface used previously to forward the Interest; determine whether the egress interface specified by the PIT entry matches the second interface for the second Content Object; and responsive to determining that the egress interface specified by the PIT entry matches the second interface for the second Content Object, forward the second Content Object via the return interface specified in the PIT entry. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification