More Web Proxy on the site http://driver.im/

research-article

Interest-Based Access Control for Content Centric Networks

Authors:

Marc A. Schlosberg,

Christopher A. WoodAuthors Info & Claims

ACM-ICN '15: Proceedings of the 2nd ACM Conference on Information-Centric Networking

Pages 147 - 156

https://doi.org/10.1145/2810156.2810174

Published: 30 September 2015 Publication History

Abstract

Content-Centric Networking (CCN) is an emerging network architecture designed to overcome limitations of the current IP-based Internet. One of the fundamental tenets of CCN is that content is named and addressable. Consumers request content by issuing interests with the desired content name. These interests are forwarded by routers to producers, and the requested content is returned and optionally cached at each router along the path.

In-network caching makes it difficult to enforce access control policies on sensitive content since routers only use interest information for forwarding decisions. This motives our work on Interest-Based Access Control (IBAC) -- a scheme for access control enforcement using only information contained in interest messages. IBAC makes sensitive content names unpredictable to unauthorized parties. It supports both hash- and encryption-based name obfuscation. Interest replay attacks are addressed by formulating a mutual trust framework between producers and consumers that enables routers to perform authorization checks before satisfying interests from local caches. We assess computational, storage, and bandwidth costs of each IBAC variant. Proposed design is flexible and allows producers to arbitrarily specify and enforce any type of content access control, without having to deal with content encryption and key distribution. This is the first comprehensive CCN access control design that only uses information contained in interest messages.

References

[1]

Microsoft PlayReady. http://www.microsoft.com/playready/.

[2]

T. Berners-Lee, R. Fielding, and L. Masinter. RFC 3986: Uniform resource identifier (URI): Generic syntax. 2005.

[3]

G. Carofiglio, M. Gallo, L. Muscariello, and D. Perino. Modeling data transfer in content-centric networking. In ITC, 2011.

Digital Library

[4]

D. Cooper. RFC 3280: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. 2008.

[5]

N. Fotiou, G. F. Marias, and G. C. Polyzos. Access control enforcement delegation for information-centric networking architectures. In ICN Workshop, 2012.

Digital Library

[6]

P. Gasti, G. Tsudik, E. Uzun, and L. Zhang. DoS DDoS in named-data networking. In ICCCN, 2013.

[7]

C. Ghali, M. A. Schlosberg, G. Tsudik, and C. A. Wood. Interest-based access control for content centric networks (extended version). arXiv, 2015.

[8]

C. Ghali, G. Tsudik, and E. Uzun. Needle in a haystack: Mitigating content poisoning in named-data networking. In NDSS SENT Workshop, 2014.

[9]

C. Ghali, G. Tsudik, and E. Uzun. Network-layer trust in named-data networking. CCR, 2014.

Digital Library

[10]

D. Gross. Fundamentals of queueing theory. John Wiley & Sons, 2008.

[11]

M. Ion, J. Zhang, and E. M. Schooler. Toward content-centric privacy in ICN: Attribute-based encryption and routing. In ICN, 2013.

Digital Library

[12]

V. Jacobson, D. K. Smetters, J. D. Thornton, M. F. Plass, N. H. Briggs, and R. L. Braynard. Networking named content. In CoNext, 2009.

Digital Library

[13]

S. Jahid, P. Mittal, and N. Borisov. EASiER: Encryption-based access control in social networks with efficient revocation. In ASIACCS, 2011.

Digital Library

[14]

S. Kamara and K. Lauter. Cryptographic cloud storage. In FC, 2010.

Digital Library

[15]

J. Katz and Y. Lindell. Introduction to modern cryptography. CRC Press, 2014.

Digital Library

[16]

H. Krawczyk, R. Canetti, and M. Bellare. RFC 2104: HMAC: Keyed-hashing for message authentication. 1997.

Digital Library

[17]

J. Kurihara, C. Wood, and E. Uzuin. An encryption-based access control framework for content-centric networking. IFIP, 2015.

[18]

S. Misra, R. Tourani, and N. E. Majd. Secure content delivery in information-centric networks: Design, implementation, and analyses. In ICN, 2013.

Digital Library

[19]

M. Mosko, I. Solis, and E. Uzun. CCN 1.0 protocol architecture.

[20]

M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. RFC 2560: Online certificate status protocol - OCSP. 1999.

[21]

D. K. Smetters, P. Golle, and J. D. Thornton. CCNx access control specifications. Technical report, PARC, July 2010.

[22]

G. Wang, Q. Liu, and J. Wu. Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In CCS, 2010.

Digital Library

[23]

C. A. Wood and E. Uzun. Flexible end-to-end content security in CCN. In CCNC, 2014.

[24]

S. Yu, C. Wang, K. Ren, and W. Lou. Achieving secure, scalable, and fine-grained data access control in cloud computing. In INFOCOM, 2010.

Digital Library

[25]

L. Zhang, A. Afanasyev, J. Burke, V. Jacobson, P. Crowley, C. Papadopoulos, L. Wang, B. Zhang, et al. Named data networking. CCR, 2014.

Digital Library

[26]

L. Zhou, V. Varadharajan, and M. Hitchens. Achieving secure role-based access control on encrypted data in cloud storage. Transactions on Information Forensics and Security, 2013.

Digital Library

Cited By

Park CPark WWoo S(2023)Security Bootstrapping for Securing Data Plane and Control Plane in Named Data NetworkingIEEE Transactions on Network and Service Management10.1109/TNSM.2022.323235920:3(3765-3781)Online publication date: Sep-2023
https://doi.org/10.1109/TNSM.2022.3232359
Shah MLeau YAnbar MBin-Salem A(2023)Security and Integrity Attacks in Named Data Networking: A SurveyIEEE Access10.1109/ACCESS.2023.323873211(7984-8004)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3238732
Adhikari SRay SObaidat MBiswas G(2023)ECC-based Efficient and Secure Access Control Scheme for Content Centric Network-A Next Generation InternetWireless Personal Communications10.1007/s11277-023-10625-8132:1(571-607)Online publication date: 29-Jul-2023
https://doi.org/10.1007/s11277-023-10625-8
Show More Cited By

Index Terms

Interest-Based Access Control for Content Centric Networks
1. Networks
  1. Network protocols
2. Security and privacy
  1. Network security

Recommendations

Towards Attribute-Centric Access Control: an ABAC versus RBAC argument

Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control ABAC versus Role-based access control RBAC. However, existing arguments have been primarily focused ...
Secure content delivery in information-centric networks: design, implementation, and analyses
ICN '13: Proceedings of the 3rd ACM SIGCOMM workshop on Information-centric networking

In this paper, we propose a novel secure content delivery framework, for an information-centric network, which will enable content providers (e.g., Netflix and Youtube) to securely disseminate their content to legitimate users via content distribution ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ACM-ICN '15: Proceedings of the 2nd ACM Conference on Information-Centric Networking

September 2015

236 pages

ISBN:9781450338554

DOI:10.1145/2810156

General Chair:
Ignacio Solis
PARC, USA
,
Program Chairs:
Antonio Carzaniga
USI, Switzerland
,
K. K. Ramakrishnan
UC Riverside, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 September 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

ICN'15

Sponsor:

SIGCOMM

ICN'15: 2nd International Conference on Information-Centric Networking

September 30 - October 2, 2015

California, San Francisco, USA

Acceptance Rates

ACM-ICN '15 Paper Acceptance Rate 18 of 55 submissions, 33%;

Overall Acceptance Rate 133 of 482 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
300
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Park CPark WWoo S(2023)Security Bootstrapping for Securing Data Plane and Control Plane in Named Data NetworkingIEEE Transactions on Network and Service Management10.1109/TNSM.2022.323235920:3(3765-3781)Online publication date: Sep-2023
https://doi.org/10.1109/TNSM.2022.3232359
Shah MLeau YAnbar MBin-Salem A(2023)Security and Integrity Attacks in Named Data Networking: A SurveyIEEE Access10.1109/ACCESS.2023.323873211(7984-8004)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3238732
Adhikari SRay SObaidat MBiswas G(2023)ECC-based Efficient and Secure Access Control Scheme for Content Centric Network-A Next Generation InternetWireless Personal Communications10.1007/s11277-023-10625-8132:1(571-607)Online publication date: 29-Jul-2023
https://doi.org/10.1007/s11277-023-10625-8
Tao YZhu Y(2022)An interest‐based access control scheme via edge verification in Named Data NetworkingInternational Journal of Communication Systems10.1002/dac.516935:10Online publication date: 6-Apr-2022
https://doi.org/10.1002/dac.5169
Wu DXu ZChen BZhang YHan Z(2021)Enforcing Access Control in Information-Centric Edge NetworkingIEEE Transactions on Communications10.1109/TCOMM.2020.302638069:1(353-364)Online publication date: Jan-2021
https://doi.org/10.1109/TCOMM.2020.3026380
Fan LWang L(2021)Secure Sharing of Spatio-Temporal Data through Name-based Access ControlIEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)10.1109/INFOCOMWKSHPS51825.2021.9484557(1-7)Online publication date: 10-May-2021
https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484557
Jiang SLiu JWang LZhou YFang Y(2020)ESAC: An Efficient and Secure Access Control Scheme in Vehicular Named Data NetworkingIEEE Transactions on Vehicular Technology10.1109/TVT.2020.300445969:9(10252-10263)Online publication date: Sep-2020
https://doi.org/10.1109/TVT.2020.3004459
Chen BLiu LMa H(2020)HAC: Enable High Efficient Access Control for Information-Centric Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2020.29893617:10(10347-10360)Online publication date: Oct-2020
https://doi.org/10.1109/JIOT.2020.2989361
Lyu QQi YZhang XLiu HWang QZheng N(2020)SBACJournal of Network and Computer Applications10.1016/j.jnca.2019.102444149:COnline publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1016/j.jnca.2019.102444
Boussaha RChallal YBouabdallah ABessedik M(2020)Optimized in-network authentication against pollution attacks in software-defined-named data networkingJournal of Information Security and Applications10.1016/j.jisa.2019.10240950:COnline publication date: 1-Feb-2020
https://dl.acm.org/doi/10.1016/j.jisa.2019.102409
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents