GATE and FENCE: Geo-Blocking Protocols for Named Data Networking

Named Data Networking (NDN) is a novel Internet architecture which focuses on content distribution by exploiting in-network caching and name-based forwarding. Contrary to today’s Internet, NDN has been designed from the ground up to be secure. From a content provider perspective (e.g., YouTube, Netflix), NDN offers appealing advantages in terms of network load and traffic reduction at producer side through in-network requests aggregation and content caching. As a side effect, content providers lose control on content dissemination when consumers’ requests are aggregated or satisfied by the network. This hinders the correct application of copyright and licensing agreements: only specific regions are allowed to consume a subset of the distributed contents. In attempt to address this problem, the existing TCP/IP approaches exploit requests’ source addresses (at server side) to identify the geographic origin of each request. In NDN these solutions are unfeasible for two reasons: consumers’ requests do not carry any source address, and a request will never reach content providers when aggregated or satisfied in the network. We solve this problem by proposing two lightweight and distributed geo-blocking protocols (GATE and FENCE) which use packet marking to identify and validate network regions at network edges. We perform experiments both on a network simulator and by extending the NDN implementation. Through our results we prove the proposed protocols are feasible, i.e., all the regions blacklisted by content providers are blocked and their network costs, in terms of space and router processing overhead, are negligible.