Security Evaluation of a Control System Using Named Data Networking

Security is an integral part of networked computer systems. The recent Named Data Networking (NDN) project aims to develop a new Internet architecture that communicates data using names rather than locations, the latter of which is what the current IP-based Internet does with IP addresses. One of the first real-world applications using NDN is a lighting control system. We conduct a red team assessment of the current state of the security of this lighting system and its NDN implementation. The system is representative of a more general class of automated controller systems. Our analysis found that due to NDN's use of named data, the system inherently prevents most attacks that IP-based systems are vulnerable to. Although many parts of the system are secure, we discovered some problems with the verification of timestamps and processing of large packets that led to a severe memory leak. The system also lacks a secure key distribution mechanism. While NDN security is on the right track, there are important security design issues NDN must account for.