Method and apparatus for preventing insertion of malicious content at a named data network router
First Claim
1. A computer-implemented method, comprising:
- forwarding, by a network node via an egress interface, an Interest specifying a location-independent, hierarchical, variable-length content name that identifies a first Content Object;
storing, in a Pending Interest Table (PIT) within a data repository of the network node, a PIT entry for the Interest specifying the egress interface and a return interface;
receiving, by the network node, a second Content Object associated with the same content name via a second interface;
performing, based on the content name, a lookup operation in the PIT to identify the PIT entry for the previously forwarded Interest;
determining, from the PIT entry, the egress interface used previously by the network node to forward the Interest; and
responsive to determining that the egress interface specified by the PIT entry matches the second interface for the Content Object, forwarding the Content Object via the return interface specified in the PIT entry.
3 Assignments
0 Petitions
Accused Products
Abstract
An object-forwarding device can block a malicious Content Object from being inserted into an Interest'"'"'s reverse path over a named data network. During operation, the device can receive a Content Object via a first interface, and can perform a lookup operation in a Pending Interest Table (PIT) to identify a PIT entry for an Interest associated with the Content Object. The device then determines, from the PIT entry, an egress interface used to forward the Interest. If the device determines that the egress interface of the PIT entry matches the first interface for the Content Object, the device forwards the Content Object via a return interface specified in the PIT entry. On the other hand, if the egress interface of the PIT entry does not match the first interface for the Content Object, the device can block the Content Object.
-
Citations
21 Claims
-
1. A computer-implemented method, comprising:
-
forwarding, by a network node via an egress interface, an Interest specifying a location-independent, hierarchical, variable-length content name that identifies a first Content Object; storing, in a Pending Interest Table (PIT) within a data repository of the network node, a PIT entry for the Interest specifying the egress interface and a return interface; receiving, by the network node, a second Content Object associated with the same content name via a second interface; performing, based on the content name, a lookup operation in the PIT to identify the PIT entry for the previously forwarded Interest; determining, from the PIT entry, the egress interface used previously by the network node to forward the Interest; and responsive to determining that the egress interface specified by the PIT entry matches the second interface for the Content Object, forwarding the Content Object via the return interface specified in the PIT entry. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium storing instructions that when executed by a network node computer cause the network node computer to perform a method, the method comprising:
-
forwarding, via an egress interface, an Interest specifying a location-independent, hierarchical, variable-length content name that identifies a first Content Object; storing, in a Pending Interest Table (PIT) within a data repository, a PIT entry for the Interest specifying the egress interface and a return interface; receiving a second Content Object associated with the same content name via a second interface; performing, based on the content name, a lookup operation in the PIT to identify the PIT entry for the previously forwarded Interest; determining, from the PIT entry, the egress interface used previously to forward the Interest; and responsive to determining that the egress interface specified by the PIT entry matches the second interface for the Content Object, forwarding the Content Object via the return interface specified in the PIT entry. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a forwarding module to forward, via an egress interface, an Interest specifying a location-independent, hierarchical, variable-length content name that identifies a first Content Object; an interface-storing module to store, in a Pending Interest Table (PIT) within a data repository, a PIT entry for the Interest specifying the egress interface and a return interface; a communication module to receive a second Content Object associated with the same content name via a second interface; an object-processing module to perform, based on the content name, a lookup operation in the PIT to identify the PIT entry for the previously forwarded Interest; an interface-determining module to determine, from the PIT entry, the egress interface used previously to forward the Interest; an interface-checking module to determine whether the egress interface specified by the PIT entry matches the second interface for the Content Object; and wherein responsive to the interface-checking module determining that the egress interface specified by the PIT entry matches the second interface for the Content Object, the communication module is further configured to forward the Content Object via the return interface specified in the PIT entry. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification