Communications of the ACM

collapsed into a single PIT entry when they flow through the same router. For example, if a router receives Interests with the same name from five of its faces, the router only forwards the first Interest for that name while recording the incoming faces for the other four Interests in its PIT. When the corresponding data packet comes back, the router forwards that matching data back out to all five faces.

PIT state enables control of traffic load by limiting the number of pending Interests to achieve flow balance. (Only one Interest and one data need to traverse any link for all requestors to be satisfied.) The PIT state can also be used to mitigate DDoS attacks by setting an upper bound on the number of PIT entries allowed.

An NDN network is loop-free because each node keeps an entry for each outstanding Interest in its PIT, detecting and discarding duplicates. Each node forwards an Interest to multiple upstream nodes simultaneously and uses the feedback loop created by the request/response structure to evaluate packet delivery performance across its faces—for example, different networks peering with a router or different wireless links on a mobile handset.

Data signatures for provenance and security. Another fundamental aspect of NDN is its use of cryptographic signatures within data packets. NDN requires each data packet to be signed by a key that binds the content to its name. A key locator field encodes the name of the packet’s signing key. NDN does not dictate how the consuming application evaluates whether to trust the key. This data-centric approach secures the data packet independently of how it is communicated, in contrast with channel-based models such as TLS/SSL on the current Internet.

An active area of research focuses
on defining a set of well-understood
trust models from which applica-
tion developers can choose. Within a
given trust model, signatures enable
determination of data packet prove-
nance, and serve as the basic building
block of security in NDN, 21 including
encryption-based access control. 30 A
valid signature by a trusted key is a
strong indication that the data is what
it purports to be, regardless of from
where the data was retrieved. The
NDN research team is experimenting
with a variety of hierarchical, web-of-
trust, and evidentiary trust models
that use features of NDN for efficient
key dissemination and evaluation of
trust relationships. 29
Diverse and pervasive storage at the
network layer. Because NDN applica-
tions do not care from where request-
ed data is retrieved, any NDN node can
answer an Interest if it has correspond-
ing data. This feature enables an NDN
network to take advantage of diverse
and pervasive forms of storage to yield
performance and scalability enhance-
ments, and also provides support for
disruption-tolerant networking (DTN).
NDN networks can republish data
from the local storage of any nearby de-
vice, use router memory as data caches,
and deploy persistent repositories that
work with any NDN content. Through
these means, NDN provides features
similar to today’s content distribution
networkse (CDNs), but at the network
layer, and thus available consistently
for all data, without contractual agree-
ments between content producers and
CDN providers. This is an active area
of exploration; for example, NDN re-
searchers are developing new primi-
tives to interact with repos and sup-
port efficient synchronization among
named data collections. 18

These four abstractions combine and interact to form an NDN network. Naming data necessitates the request/

e CDN services replicate data across a geographically distributed network connected to the IP Internet, moving content close to high concentrations of users to provide faster data access over a broader area (often globally) than a traditional Web hosting model.