Annals of Telecommunications https://doi.org/10.1007/s12243-018-0669-9 Cache nFace: a simple countermeasure for the producer-consumer collusion attack in Named Data Networking Andr ´ e Nasserala 1,2 · Ian Vilar Bastos 1 · Igor Monteiro Moraes 1 Received: 13 June 2018 / Accepted: 5 October 2018 © Institut Mines-T´ el´ ecom and Springer Nature Switzerland AG 2018 Abstract We propose, in this paper, a countermeasure against the producer-consumer collusion attack in Named Data Networking (NDN). In this attack, malicious nodes act in collusion by generating content requests at high rate and thus changing content popularity. The goal of the attack is to reduce in-network caching efficiency by increasing the probability of legitimate consumers to retrieve contents directly from the producer. The proposed countermeasure, called Cache nFace, mitigates this attack by dividing the cache of a node into sub-caches. Each sub-cache only stores contents requested through one specific network interface. Our assumption is that malicious requests do not arrive simultaneously at all interfaces of a content router very often. Results show that cache nFace reduces up to 50% the effectiveness of the attack and outperforms another proposal found in the literature in all the analyzed scenarios. Keywords Collusion attack · Network security · Named Data Networking 1 Introduction Information-centric networking (ICN) is a new communica- tion paradigm for the Internet [1, 2]. ICN aims at delivering contents to users regardless of the location of these contents, as opposed to the TCP/IP stack, that aims at interconnecting end systems. Several architectures have been proposed for this new communication paradigm and the most cited in the literature is the Named Data Networking (NDN) [1, 3]. The main features of NDN are routing based on content names, in-network caching, and content-based security [1, 4]. The advantage brought by NDN is the indirect content retrieval because of its in-network caching technique [5].  Andr´ e Nasserala nasserala@ufac.br Ian Vilar Bastos ianvilar@id.uff.br Igor Monteiro Moraes igor@ic.uff.br 1 Laborat´ orio M´ıdiaCom, PGC-TCC, Instituto de Computac¸˜ ao, Universidade Federal Fluminense, Niter´ oi, Brazil 2 Centro de Ciˆ encias Exatas e Tecnol´ ogicas, Universidade Federal do Acre, Rio Branco, Brazil With NDN, if any node in the network receives a content request and has the content stored in cache, this node is able to send back the content to the requesting node. The con- sumer is the node that requests a content and the producer is the source of this content. In-network caching therefore allows nodes closer to the consumer to satisfy the content request and thus the content retrieval time is reduced [6, 7]. In addition, in-network caching increases content availabil- ity and can reduce bandwidth usage because contents tra- verse less number of hops towards consumers very often [8]. NDN has also the advantage of securing the content itself [3]. With NDN, each content packet contains a digital signature and the producer’s public key or indicates how to obtain this key [1]. Thus, consumers are able to verify the integrity of packets and if the packet has been generated by the producer that possesses that public key. NDN archi- tecture is also more robust against denial-of-service (DoS) attacks that are common in the TCP/IP stack, such as bandwidth depletion and reflection, because intermediate nodes cache contents and aggregate content requests [9], as discussed in Section 2. NDN, however, is not able to handle a particular DoS attack [10, 11] called producer-consumer collusion attack, which aims at increasing the content retrieval time. In this attack, malicious consumers request contents that are only available in malicious producers at high rate. The retrieval time of legitimate contents increases, in this case, because