More Web Proxy on the site http://driver.im/

research-article

A Secure, Efficient, and Accountable Edge-Based Access Control Framework for Information Centric Networks

Authors:

David S. L. Wei,

Feng WuAuthors Info & Claims

IEEE/ACM Transactions on Networking (TON), Volume 27, Issue 3

Pages 1220 - 1233

https://doi.org/10.1109/TNET.2019.2914189

Published: 01 June 2019 Publication History

Abstract

Information centric networking ICN has been regarded as an ideal architecture for the next-generation network to handle users’ increasing demand for content delivery with in-network cache. While making better use of network resources and providing better service delivery, an effective access control mechanism is needed due to the widely disseminated contents. However, in the existing solutions, making cache-enabled routers or content providers authenticate users’ requests causes high computation overhead and unnecessary delay. Also, the straightforward utilization of advanced encryption algorithms makes the system vulnerable to DoS attacks. Besides, privacy protection and service accountability are rarely taken into account in this scenario. In this paper, we propose SEAF, a secure, efficient, and accountable edge-based access control framework for ICN, in which authentication is performed at the network edge to block unauthorized requests at the very beginning. We adopt group signature to achieve anonymous authentication and use hash chain technique to reduce greatly the overhead when users make continuous requests for the same file. At the same time, we provide an efficient revocation method to make our framework more robust. Furthermore, the content providers can affirm the service amount received from the network and extract feedback information from the signatures and hash chains. By formal security analysis and the comparison with related works, we show that SEAF achieves the expected security goals and possesses more useful features. The experimental results also demonstrate that our design is efficient for routers and content providers and bring in only slight delay for users’ content retrieval.

References

[1]

V. Jacobson et al., "Networking named content," in Proc. 5th Int. Conf. Emerging Netw. Exp. Technol., Dec. 2009, pp. 1-12.

Digital Library

[2]

K. Xue et al., "A withered tree comes to life again: Enabling in-network caching in the traditional IP network," IEEE Commun. Mag., vol. 55, no. 11, pp. 186-193, Nov. 2017.

[3]

Q. Li et al., "Capability-based security enforcement in named data networking," IEEE/ACM Trans. Netw., vol. 25, no. 5, pp. 2719-2730, Oct. 2017.

Digital Library

[4]

E. G. AbdAllah, M. Zulkernine, and H. S. Hassanein, "DACPI: A decentralized access control protocol for information centric networking," in Proc. Int. Conf. Commun., May 2016, pp. 1-6.

[5]

N. Fotiou, G. F. Marias, and G. C. Polyzos, "Access control enforcement delegation for information-centric networking architectures," in Proc. 2nd Ed. ICN Workshop Inf.-Centric Netw., Sep. 2012, pp. 85-90.

Digital Library

[6]

N. Fotiou and G. C. Polyzos, "Securing content sharing over ICN," in Proc. 3rd ACM Conf. Inf.-Centric Netw., Sep. 2016, pp. 176-185.

Digital Library

[7]

S. Misra et al., "AccConF: An access control framework for leveraging in-network cached data in the ICN-enabled wireless edge," IEEE Trans. Dependable Secure Comput., vol. 16, no. 1, pp. 5-17, Jan./Feb. 2017.

Digital Library

[8]

Q. Li, X. Zhang, Q. Zheng, R. Sandhu, and X. Fu, "LIVE: Lightweight integrity verification and content access control for named data networking," IEEE Trans. Inf. Forensics Security, vol. 10, no. 2, pp. 308-320, Feb. 2015.

Digital Library

[9]

B. Li, D. Huang, Z. Wang, and Y. Zhu, "Attribute-based access control for ICN naming scheme," IEEE Trans. Dependable Secure Comput., vol. 15, no. 2, pp. 194-206, Mar./Apr. 2018.

[10]

M. Mangili, F. Martignon, and S. Paraboschi, "A cache-aware mechanism to enforce confidentiality, trackability and access policy evolution in content-centric networks," Comput. Netw., vol. 76, pp. 126-145, Jan. 2015.

Digital Library

[11]

T. Chen, K. Lei, and K. Xu, "An encryption and probability based access control model for named data networking," in Proc. IEEE Int. Perform. Comput. Commun. Conf., Dec. 2014, pp. 1-8.

[12]

Y. Xin, Y. Li, W. Wang, W. Li, and X. Chen, "A novel interest flooding attacks detection and countermeasure scheme in NDN," in Proc. IEEE Global Commun. Conf., Dec. 2016, pp. 1-7.

[13]

Q. Li, R. Sandhu, X. Zhang, and M. Xu, "Mandatory content access control for privacy protection in information centric networks," IEEE Trans. Dependable Secure Comput., vol. 14, no. 5, pp. 494-506, Sep./Oct. 2017.

Digital Library

[14]

A. Mohaisen, X. Zhang, M. Schuchard, H. Xie, and Y. Kim, "Protecting access privacy of cached contents in information centric networks," in Proc. 8th ACM SIGSAC Symp. Inf., Comput. Commun. Secur., May 2013, pp. 173-178.

Digital Library

[15]

Q. Wu et al., "Privacy-aware multipath video caching for content-centric networks," IEEE J. Sel. Areas Commun., vol. 34, no. 8, pp. 2219-2230, Aug. 2016.

Digital Library

[16]

R. T. Ma and D. Towsley, "Cashing in on caching: On-demand contract design with linear pricing," in Proc. 11th ACM Conf. Emerg. Netw. Exp. Technol., Dec. 2015, p. 8.

Digital Library

[17]

R. Tourani, S. Misra, and T. Mick, "Application-specific secure gathering of consumer preferences and feedback in ICNs," in Proc. 3rd ACM Conf. Inf. Centric Netw., Sep. 2016, pp. 65-70.

Digital Library

[18]

C. Ghali, G. Tsudik, C. A. Wood, and E. Yeh, "Practical accounting in content-centric networking," in Proc. IEEE/IFIP Netw. Oper. Manage. Symp., Apr. 2016, pp. 436-444.

[19]

K. Xue et al., "SEAF: A secure, efficient and accountable access control framework for information centric networking," in Proc. Int. Conf. Comput. Commun., Apr. 2018, pp. 2213-2221.

[20]

D. Boneh, X. Boyen, and H. Shacham, "Short group signatures," in Advances in Cryptology--CRYPTO (Lecture Notes in Computer Science), vol. 3152, M. K. Franklin, Ed. Berlin, Germany: Springer, 2004, pp. 41-55.

[21]

C. Delerablëe, P. Paillier, and D. Pointcheval, "Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys," in Proc. 1st Int. Conf. Pairing-Based Cryptogr., 2007, pp. 39-59.

Digital Library

[22]

L. Lamport, "Password authentication with insecure communication," Commun. ACM, vol. 24, no. 11, pp. 770-772, Nov. 1981.

Digital Library

[23]

Z. Zhu and R. Jiang, "A secure anti-collusion data sharing scheme for dynamic groups in the cloud," IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 1, pp. 40-50, Jan. 2016.

Digital Library

[24]

X. Liu, Y. Zhang, B. Wang, and J. Yan, "Mona: Secure multi-owner data sharing for dynamic groups in the cloud," IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 6, pp. 1182-1191, Jun. 2013.

Digital Library

[25]

D. Boneh, B. Lynn, and H. Shacham, "Short signatures from the weil pairing," in Proc. Int. Conf. Theory Appl. Cryptol. Inf. Secur. New York, NY, USA: Springer, Nov. 2001, pp. 514-532.

Digital Library

[26]

D. Pointcheval and J. Stern, "Security arguments for digital signatures and blind signatures," J. Cryptol., vol. 13, no. 3, pp. 361-396, 2000.

Digital Library

[27]

C.-I. Fan, I.-T. Chen, C.-K. Cheng, J.-J. Huang, and W.-T. Chen, "FTP-NDN: File transfer protocol based on re-encryption for named data network supporting nondesignated receivers," IEEE Syst. J., vol. 12, no. 1, pp. 473-484, Mar. 2018.

[28]

S. Mastorakis, A. Afanasyev, I. Moiseenko, and L. Zhang, "ndnSIM 2: An updated NDN simulator for NS-3," Univ. California, Los Angeles, Los Angeles, CA, USA, Tech. Rep. NDN-0028, Nov. 2016.

[29]

R. Zhang, Y. Zhang, and K. Ren, "DP²AC: Distributed privacy-preserving access control in sensor networks," in Proc. IEEE Int. Conf. Comput. Commun., Aug. 2009, pp. 1251-1259.

[30]

D. He et al., "Distributed privacy-preserving access control in a single-owner multi-user sensor network," in Proc. IEEE Int. Conf. Comput. Commun., Apr. 2011, pp. 331-335.

[31]

Q. Zheng, G. Wang, R. Ravindran, and A. Azgin, "Achieving secure and scalable data access control in information-centric networking," in Proc. IEEE Int. Conf. Commun., Jul. 2015, pp. 5367-5373.

[32]

A. Chaabane, E. De Cristofaro, M. A. Kaafar, and E. Uzun, "Privacy in content-oriented networking: Threats and countermeasures," ACM SIGCOMM Comput. Commun. Rev., vol. 43, no. 3, pp. 25-33, 2013.

Digital Library

[33]

G. Acs et al., "Privacy-aware caching in information-centric networking," IEEE Trans. Dependable Secure Comput., vol. 16, no. 2, pp. 313-328, Mar. 2019.

Digital Library

[34]

R. Küsters, T. Truderung, and A. Vogt, "Accountability: Definition and relationship to verifiability," in Proc. 17th ACM Conf. Comput. Commun. Secur., Jul. 2010, pp. 526-535.

Digital Library

[35]

C. Pappas, R. M. Reischuk, and A. Perrig, "FAIR: Forwarding accountability for internet reputability," in Proc. 23rd IEEE Int. Conf. Netw. Protocols, Jul. 2015, pp. 189-200.

Cited By

Jiang SLi JSang GWu HZhou Y(2024)Vehicular Edge Computing Meets Cache: An Access Control Scheme With Fair Incentives for Privacy-Aware Content DeliveryIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2024.335752225:8(8404-8418)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1109/TITS.2024.3357522
Wang CDeng XMa MLi QBai HZhang Y(2024)An anonymous and efficient certificateless signature scheme based on blockchain in NDN‐IoT environmentsTransactions on Emerging Telecommunications Technologies10.1002/ett.497935:4Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1002/ett.4979
Hammoud AKantardjian MNajjar AMourad AOtrok HDziong ZGuizani N(2023)Dynamic Fog Federation Scheme for Internet of VehiclesIEEE Transactions on Network and Service Management10.1109/TNSM.2022.321797220:2(1913-1923)Online publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1109/TNSM.2022.3217972
Show More Cited By

Recommendations

SEAF: A Secure, Efficient and Accountable Access Control Framework for Information Centric Networking
IEEE INFOCOM 2018 - IEEE Conference on Computer Communications
Information Centric Networking (ICN) has been regarded as an ideal architecture for the next-generation network to handle users' increasing demand for content delivery with in-network cache. While making better use of network resources and ...
Secure content delivery in information-centric networks: design, implementation, and analyses
ICN '13: Proceedings of the 3rd ACM SIGCOMM workshop on Information-centric networking

In this paper, we propose a novel secure content delivery framework, for an information-centric network, which will enable content providers (e.g., Netflix and Youtube) to securely disseminate their content to legitimate users via content distribution ...
TSLS: Time Sensitive, Lightweight and Secure Access Control for Information Centric Networking
2019 IEEE Global Communications Conference (GLOBECOM)
Information Centric Networking (ICN), a new paradigm of Internet infrastructure, aims to better accommodate users' rapid growing demand for content delivery and optimize bandwidth utilization. Although the in-network cache feature of ICN facilitates the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE/ACM Transactions on Networking

IEEE/ACM Transactions on Networking Volume 27, Issue 3

June 2019

386 pages

ISSN:1063-6692

Issue’s Table of Contents

Copyright © 2019.

Publisher

IEEE Press

Publication History

Published: 01 June 2019

Published in TON Volume 27, Issue 3

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
107
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jiang SLi JSang GWu HZhou Y(2024)Vehicular Edge Computing Meets Cache: An Access Control Scheme With Fair Incentives for Privacy-Aware Content DeliveryIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2024.335752225:8(8404-8418)Online publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1109/TITS.2024.3357522
Wang CDeng XMa MLi QBai HZhang Y(2024)An anonymous and efficient certificateless signature scheme based on blockchain in NDN‐IoT environmentsTransactions on Emerging Telecommunications Technologies10.1002/ett.497935:4Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1002/ett.4979
Hammoud AKantardjian MNajjar AMourad AOtrok HDziong ZGuizani N(2023)Dynamic Fog Federation Scheme for Internet of VehiclesIEEE Transactions on Network and Service Management10.1109/TNSM.2022.321797220:2(1913-1923)Online publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1109/TNSM.2022.3217972
Mao BLiu JWu YKato N(2023)Security and Privacy on 6G Network Edge: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2023.324467425:2(1095-1127)Online publication date: 1-Apr-2023
https://dl.acm.org/doi/10.1109/COMST.2023.3244674
Liu NGao SYu LHe G(2022)A Secure and Cached-Enabled NDN Forwarding Plane Based on Programmable SwitchesWireless Communications & Mobile Computing10.1155/2022/44669422022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/4466942
Devi OWebber JMehbodniya AChaitanya MJawarkar PSoni MMiah S(2022)The Future Development Direction of Cloud-Associated Edge-Computing Security in the Era of 5G as Edge IntelligenceScientific Programming10.1155/2022/14739012022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1473901
Xue KYang JXia QWei DLi JSun QLu J(2022)CSEVP: A Collaborative, Secure, and Efficient Content Validation Protection Framework for Information Centric NetworkingIEEE Transactions on Network and Service Management10.1109/TNSM.2021.313654719:2(1761-1775)Online publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1109/TNSM.2021.3136547
Dougherty STourani RPanwar GVishwanathan RMisra SSrikanteswara SKim YKim JVigna GShi E(2021)APECS: A Distributed Access Control Framework for Pervasive Edge Computing ServicesProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484804(1405-1420)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484804
Laoutaris NIordanou C(2021)What do information centric networks, trusted execution environments, and digital watermarking have to do with privacy, the data economy, and their future?ACM SIGCOMM Computer Communication Review10.1145/3457175.345718151:1(32-38)Online publication date: 12-Mar-2021
https://dl.acm.org/doi/10.1145/3457175.3457181
Nour BKhelifi HHussain RMastorakis SMoungla H(2021)Access Control Mechanisms in Named Data NetworksACM Computing Surveys10.1145/344215054:3(1-35)Online publication date: 17-Apr-2021
https://dl.acm.org/doi/10.1145/3442150
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents