{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T07:44:53Z","timestamp":1761896693811,"version":"3.37.3"},"reference-count":134,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Commun. Surv. Tutorials"],"published-print":{"date-parts":[[2018]]},"DOI":"10.1109\/comst.2018.2798280","type":"journal-article","created":{"date-parts":[[2018,1,25]],"date-time":"2018-01-25T19:17:27Z","timestamp":1516907847000},"page":"1418-1442","source":"Crossref","is-referenced-by-count":25,"title":["Security and Privacy Analysis of National Science Foundation Future Internet Architectures"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2520-9092","authenticated-orcid":false,"given":"Moreno","family":"Ambrosin","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1454-3255","authenticated-orcid":false,"given":"Alberto","family":"Compagno","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3612-1934","authenticated-orcid":false,"given":"Mauro","family":"Conti","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5312-7385","authenticated-orcid":false,"given":"Cesar","family":"Ghali","sequence":"additional","affiliation":[]},{"given":"Gene","family":"Tsudik","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2013.01.009"},{"key":"ref38","article-title":"Corrupted DNS resolution paths: The rise of a malicious resolution authority","author":"dagon","year":"2008","journal-title":"Proc Network and Distributed System Security Symp (NDSS)"},{"key":"ref33","first-page":"243","article-title":"Violating consumer anonymity: Geo-locating nodes in named data networking","author":"compagno","year":"2015","journal-title":"Proc Comput Security Appl Conf"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.17487\/rfc5996"},{"key":"ref31","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1007\/978-1-4419-5906-5_770","article-title":"Access control lists","author":"cankaya","year":"2011","journal-title":"Encyclopedia of Cryptography and Security"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.17487\/rfc1122"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2013.07.034"},{"journal-title":"Towards Improving DNS Security Stability and Resiliency","year":"2012","author":"conrad","key":"ref36"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2015.7288477"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2013.6761300"},{"journal-title":"DNS Privacy Considerations","year":"7626","author":"bortzmeyer","key":"ref28"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/362686.362692"},{"journal-title":"Dynamic Updates in the Domain Name System (DNS UPDATE)","year":"1997","author":"bound","key":"ref29"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/972374.972382"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2412096.2412099"},{"journal-title":"DNS Security Introduction and Requirements","year":"4033","author":"arends","key":"ref21"},{"key":"ref24","first-page":"21","article-title":"Problem areas for the IP security protocols","author":"bellovin","year":"1996","journal-title":"Proc 6th Conf USENIX Security Symp Focusing Appl Cryptography"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2012.6384450"},{"journal-title":"Internet control message protocol","year":"1981","author":"postel","key":"ref101"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.15"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.17487\/rfc0768"},{"article-title":"ICMP traceback messages","year":"2003","author":"bellovin","key":"ref25"},{"key":"ref50","first-page":"147","article-title":"Interest-based access control for content centric networks","author":"ghali","year":"2015","journal-title":"Proc 2nd Int Conf Inf Centric Netw (ICN)"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2677046.2677049"},{"key":"ref59","article-title":"Implementing pushback: Router-based defense against DDoS attacks","author":"ioannidis","year":"2002","journal-title":"Proc Network and Distributed System Security Symp (NDSS)"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484367"},{"key":"ref57","article-title":"The case for pushing DNS","author":"handley","year":"2005","journal-title":"Proc HotNets-IV"},{"key":"ref56","first-page":"309","article-title":"XIA: Efficient support for evolvable internetworking","author":"han","year":"2012","journal-title":"Proc 9th USENIX Conf Netw Syst Design Implement (NSDI)"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2993"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1007\/s11036-005-6425-1"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-4666-8371-6.ch004"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2017.8038367"},{"key":"ref40","article-title":"Using client puzzles to protect TLS","volume":"42","author":"dean","year":"2001","journal-title":"Proc 10th Usenix Security Symp"},{"journal-title":"UltraDNS DOS Attack","year":"2002","key":"ref4"},{"journal-title":"Signed Interest","year":"2018","key":"ref3"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1149"},{"journal-title":"ICANN Factsheet for the February 6 2007 Root Server Attack","year":"2007","key":"ref5"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.17487\/rfc5855"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2015.34"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2392629"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4786"},{"key":"ref46","article-title":"ANDaNA: Anonymous named data networking application","author":"dibenedetto","year":"2011","journal-title":"Proc 18th Annu Netw Distrib Syst Sec Symp (NDSS '11)"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2007.11.019"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2013.6614187"},{"key":"ref47","first-page":"1","article-title":"Developing information networking further: From PSIRP to pursuit","author":"fotiou","year":"2010","journal-title":"Proc Int Conf Broadband Commun Netw Syst"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2460"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/1096536.1096538"},{"journal-title":"DNSCurve Link-Level Security for the Domain Name System","year":"2010","author":"dempsky","key":"ref44"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.8"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2012.50"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2845"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1109\/COMSNETS.2013.6465579"},{"key":"ref124","doi-asserted-by":"publisher","DOI":"10.1145\/2656877.2656888"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/2070562.2070576"},{"key":"ref72","first-page":"399","article-title":"F10: A fault-tolerant engineered network","author":"liu","year":"2013","journal-title":"Proc 9th USENIX Conf Netw Syst Design Implement (NSDI)"},{"key":"ref129","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2004.1301320"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1145\/1456403.1456416"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.17487\/rfc3007"},{"journal-title":"Privacy in MobilityFirst Architecture","year":"2018","author":"lindqvist","key":"ref70"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/1592761.1592785"},{"key":"ref130","first-page":"83","article-title":"HOURS: Achieving DoS resilience in an open service hierarchy","author":"yang","year":"2004","journal-title":"Proc 35th Annu IEEE\/IFIP Int Conf Depend Syst Netw (DNS)"},{"key":"ref77","article-title":"Security and privacy in future Internet architectures—Benefits and challenges of content centric networks","volume":"abs 1601 1278","author":"lutz","year":"2016","journal-title":"CoRR"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2013.6614191"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/1142473.1142485"},{"key":"ref133","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.45"},{"key":"ref134","doi-asserted-by":"publisher","DOI":"10.1145\/2740070.2631442"},{"key":"ref131","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49143-0"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/ANCS.2015.7110128"},{"article-title":"Named data networking (NDN) project","year":"2010","author":"zhang","key":"ref132"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1145\/2660129.2660154"},{"key":"ref60","first-page":"151","article-title":"Client puzzles: A cryptographic countermeasure against connection depletion attacks","volume":"99","author":"juels","year":"1999","journal-title":"Proc Network and Distributed System Security Symp (NDSS)"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4302"},{"key":"ref61","first-page":"185","article-title":"Detecting DNS amplification attacks","author":"kambourakis","year":"2007","journal-title":"Proc 4th Int Workshop Crit Inf Infrastruct Security"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4303"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/IMIS.2014.62"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.17487\/rfc3947"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/1282427.1282402"},{"key":"ref67","doi-asserted-by":"crossref","first-page":"310","DOI":"10.1007\/3-540-44647-8_19","article-title":"The order of encryption and authentication for protecting communications (or: How secure is SSL?)","author":"krawczyk","year":"2001","journal-title":"Advances in Crypto 2001"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2104"},{"journal-title":"Nameserver DoS Attack October 2002","year":"2018","key":"ref2"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.17487\/rfc5936"},{"journal-title":"IPv6 Extension Headers Review and Considerations","year":"2016","key":"ref1"},{"journal-title":"Security architecture for the Internet protocol","year":"2005","author":"seo","key":"ref109"},{"journal-title":"NSF Future Internet Architecture Project","year":"2014","key":"ref95"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/90.929847"},{"key":"ref94","first-page":"85","article-title":"Serval: An end-host stack for service-centric networking","author":"nordstr\u00f6m","year":"2012","journal-title":"Proc 9th USENIX Conf Netw Syst Design Implement (NSDI)"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23233"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1145\/1999916.1999922"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4025"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1145\/2656877.2656885"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1145\/290163.290168"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1145\/2079296.2079326"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44702-4_2"},{"article-title":"Network security via explicit consent","year":"2012","author":"naous","key":"ref90"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1145\/1030194.1015504"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.17487\/rfc0791"},{"key":"ref111","doi-asserted-by":"crossref","first-page":"247","DOI":"10.1145\/2740070.2626331","article-title":"A global name service for a highly mobile internetwork","volume":"44","author":"sharma","year":"2014","journal-title":"SIGCOMM Comput Commun Rev"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4949"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1145\/2089016.2089017"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2007.42"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1145\/2619239.2626318"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/Kaleidoscope.2014.6858470"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2011.5936152"},{"key":"ref10","first-page":"1","article-title":"Interest flooding attack and countermeasures in named data networking","author":"afanasyev","year":"2013","journal-title":"Proc IFIP Netw Conf"},{"article-title":"Addressing operational challenges in named data networking through NDNS distributed database","year":"2013","author":"afanasyev","key":"ref11"},{"article-title":"Packet fragmentation in NDN: Why NDN uses hop-by-hop fragmentation","year":"2015","author":"afanasyev","key":"ref12"},{"article-title":"Map-and-ENCAP for scaling NDN routing","year":"2015","author":"afanasyev","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2012.6231276"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2043164.2018460"},{"key":"ref118","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2002.808414"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.10.001"},{"key":"ref82","first-page":"148","article-title":"Server-side performance evaluation of NDN","author":"marchal","year":"2016","journal-title":"Proc ACM Conf Inf Centric Netw (ICN)"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.17487\/rfc3022"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2002396.2002418"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2014.6911810"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2656877.2656889"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2408"},{"key":"ref119","first-page":"303","article-title":"Tor: The second-generation onion router","author":"syverson","year":"2004","journal-title":"Proc 13th Usenix Security Symp"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1007\/978-3-642-38082-2_2","article-title":"The NEBULA future Internet architecture","author":"anderson","year":"2013","journal-title":"The Future Internet"},{"journal-title":"CCSP Self-Study Cisco Secure Virtual Private Networks (CSVPN)","year":"2004","author":"mason","key":"ref83"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1109\/ANCS.2013.6665203"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1145\/964723.383060"},{"key":"ref116","first-page":"543","article-title":"Distributed denial of service: Taxonomies of attacks, tools, and countermeasures","author":"specht","year":"2004","journal-title":"Proc 17th Int Conf Parallel Distrib Comput Syst Int Workshop Security Parallel Distrib Syst"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1145\/571697.571724"},{"key":"ref115","first-page":"466","article-title":"The Hitchhiker’s guide to DNS cache poisoning","author":"son","year":"2010","journal-title":"Proc Int Conf Secur Privacy Commun Syst"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2749508"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/PIMRC.2014.7136409"},{"key":"ref121","doi-asserted-by":"publisher","DOI":"10.1145\/2500501"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1145\/2248361.2248363"},{"key":"ref123","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663731"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.17487\/rfc1981"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1002\/bltj.2118"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2008.03.006"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.17487\/rfc1035"}],"container-title":["IEEE Communications Surveys & Tutorials"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9739\/8362823\/08269274.pdf?arnumber=8269274","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,26]],"date-time":"2022-01-26T03:29:19Z","timestamp":1643167759000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8269274\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"references-count":134,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/comst.2018.2798280","relation":{},"ISSN":["1553-877X"],"issn-type":[{"type":"electronic","value":"1553-877X"}],"subject":[],"published":{"date-parts":[[2018]]}}}