Abstract
This paper presents a novel encryption-based access control scheme to address the access control issues in Named Data Networking (NDN). Though there have been several recent works proposing access control schemes, they are not suitable for many large scale real-world applications where content is often organized in a hierarchical manner (such as movies in Netflix) for efficient service provision. This paper uses a cryptographic technique, referred to as Role-Based Encryption, to introduce inheritance property for achieving access control over hierarchical contents. The proposed scheme encrypts the hierarchical content in such a way that any consumer who pays a higher level of subscription and is able to access (decrypt) contents in the higher part of the hierarchy is also able to access (decrypt) the content in the lower part of the hierarchy using their decryption keys. Additionally, our scheme provides many essential features such as authentication of the consumers at the very beginning before forwarding their requests into the network, accountability of the Internet Service Provider, consumers’ privilege revocations, etc. In addition, we present a formal security analysis of the proposed scheme showing that the scheme is provably secure against Chosen Plaintext Attack. Moreover, we describe the performance analysis showing that our scheme achieves better results than existing schemes in terms of functionality, computation, storage, and communication overhead. Our network simulations show that the main delay in our scheme is due to cryptographic operations, which are more efficient and hence our scheme is better than the existing schemes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Each tag contains a signature, validity period, etc.
- 2.
- 3.
An encrypted content can only be shared with a particular consumer. As such, the other authorized consumers cannot take benefit of the cached contents.
- 4.
Privilege revocation of one or more consumers at any time.
- 5.
This is another essential requirement for NDN, which helps to prevent entering bogus interest requests into the network. This, in turn, prevents DoS attacks.
- 6.
It also shows the ancestor categories in the CH.
- 7.
In the Selective-ID security model, the adversary must submit a challenged category before starting the security game. This is essential in our security proof to set up the system parameters.
References
Jacobson, V., et al.: Networking named content. In: Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, CoNEXT 2009, pp. 1–12 (2009)
Cisco. 2020 Global Networking Trends Report. Accessed 5 July 2020
Cisco. Cisco Annual Internet Report (2018–2023), White paper. 2020. Accessed 5 July 2020
Zhang, L., et al.: Named data networking. SIGCOMM Comput. Commun. Rev. 44(3), 66–73 (2014)
Tourani, R., Misra, S., Mick, T., Panwar, G.: Security, privacy, and access control in information-centric networking: a survey. IEEE Commun. Surv. Tutor. 20(1), 566–600 (2018)
Zhou, L., Varadharajan, V., Hitchens, M.: Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Inf. Forensics Secur. 8(12), 1947–1960 (2013)
Zhou, L., Varadharajan, V., Hitchens, M.: Trust enhanced cryptographic role-based access control for secure cloud data storage. IEEE Trans. Inf. Forensics Secur. 10(11), 2381–2395 (2015)
Sultan, N.H., Varadharajan, V., Zhou, L., Barbhuiya, F.A.: A role-based encryption scheme for securing outsourced cloud data in a multi-organization context (2020). https://arxiv.org/abs/2004.05419
Sultan, N.H., Laurent, M., Varadharajan, V.: Securing organization’s data: a role-based authorized keyword search scheme with efficient decryption (2020). https://arxiv.org/abs/2004.10952
Xue, K., et al.: A secure, efficient, and accountable edge-based access control framework for information centric networks. IEEE/ACM Trans. Netw. 27(3), 1220–1233 (2019)
Li, Q., Zhang, X., Zheng, Q., Sandhu, R., Fu, X.: LIVE: lightweight integrity verification and content access control for named data networking. IEEE Trans. Inf. Forensics Secur. 10(2), 308–320 (2015)
Fotiou, N., Polyzos, G.C.: Securing content sharing over ICN. In: Proceedings of the 3rd ACM Conference on Information-Centric Networking, ACM-ICN 2016, pp. 176–185 (2016)
AbdAllah, E.G., Zulkernine, M., Hassanein, H.S.: DACPI: a decentralized access control protocol for information centric networking. In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6, May 2016
Tourani, R., Stubbs, R., Misra, S.: TACTIC: tag-based access control framework for the information-centric wireless edge networks. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), pp. 456–466, July 2018
Nunes, I.O., Tsudik, G.: KRB-CCN: lightweight authentication and access control for private content-centric networks. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 598–615. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93387-0_31
Bilal, M., Pack, S.: Secure distribution of protected content in information-centric networking. IEEE Syst. J. 14(2), 1–12 (2019)
Li, B., et al.: Attribute-based access control for ICN naming scheme. IEEE Trans. Dependable Secure Comput. 15(2), 194–206 (2018)
Misra, S., et al.: AccConF: an access control framework for leveraging in-network cached data in the ICN-enabled wireless edge. IEEE Trans. Dependable Secure Comput. 16(1), 5–17 (2019)
Xia, Q., et al.: TSLS: time sensitive, lightweight and secure access control for information centric networking. In: IEEE Global Communications Conference (GLOBECOM), pp. 1–6, December 2019
He, P., et al.: LASA: lightweight, auditable and secure access control in ICN with limitation of access times. In: IEEE International Conference on Communications (ICC), pp. 1–6, May 2018
Tseng, Y., Fan, C., Wu, C.: FGAC-NDN: fine-grained access control for named data networks. IEEE Trans. Netw. Serv. Manag. 16(1), 143–152 (2019)
Suksomboon, K., et al.: In-device proxy re-encryption service for information-centric networking access control. In: IEEE 43rd Conference on Local Computer Networks (LCN), pp. 303–306, October 2018
Zhu, L., et al.: T-CAM: time-based content access control mechanism for ICN subscription systems. Future Gener. Comput. Syst. 106, 607–621 (2020)
Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. In: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, CRYPTO 2001, pp. 213–229 (2001)
Au, M.H., Tsang, P.P., Susilo, W., Mu, Y.: Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 295–308. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00862-7_20
Sultan, N.H., Varadharajan, V.: On the design and implementation of a RBE based access control scheme for data centric model for content sharing. ACSRC Technical report, The University of Newcastle, Australia, April 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix A Security Model
The security model of the proposed scheme is defined by the Semantic Security against Chosen Plaintext Attacks (IND-CPA) under Selective-ID modelFootnote 7. IND-CPA is illustrated using the following security game between a challenger \(\mathcal {C}\) and an adversary \(\mathcal {A}\).
-
Init Adversary \(\mathcal {A}\) submits a challenged category \(r_i\) and identity \(\mathtt {ID_u}\) to the challenger \(\mathcal {C}\).
-
Setup Challenger \(\mathcal {C}\) runs Content Provider Setup phase to generate system parameters and master secret. It also generates proxy re-encryption keys and a private key for the adversary \(\mathcal {A}\). Challenger \(\mathcal {C}\) sends the system parameters, proxy re-encryption keys and private key to the adversary \(\mathcal {A}\).
-
Phase 1 Adversary \(\mathcal {A}\) sends an identity of a category \(r^*_x\notin \mathbb {A}_{r_i}\) and a validity period \(\mathtt {VP^*_{ID_u}}\). Challenger \(\mathcal {C}\) runs Consumer Registration phase and generates secret key \(\mathtt {SK^{r^*_x}_{ID_u}}\) and public key \(\mathtt {Pub^{r^*_x}_{ID_u}}\). Challenger \(\mathcal {C}\) sends these keys to the adversary \(\mathcal {A}\). Adversary \(\mathcal {A}\) can ask for the secret and public keys for polynomially many times.
-
Challenge After the Phase 1 is over, the adversary \(\mathcal {A}\) sends two equal length messages \(\mathtt {K_0}\) and \(\mathtt {K_1}\) to the challenger \(\mathcal {C}\). The challenger \(\mathcal {C}\) flips a random coin \(\mu \in \{0, 1\}\) and encrypts \(\mathtt {K_\mu }\) by initiating Content Publication phase. Challenger \(\mathcal {C}\) sends the ciphertext of \(\mathtt {K_\mu }\) to the adversary \(\mathcal {A}\).
-
Phase 2 Same as Phase 1.
-
Guess Adversary \(\mathcal {A}\) outputs a guess \(\mu '\) of \(\mu \). The advantage of wining the game for the adversary \(\mathcal {A}\) is \(\mathtt {Adv^{IND-CPA}}= |Pr[\mu '= \mu ]- \frac{1}{2}|\).
Definition 1
The proposed scheme is semantically secure against Chosen Plaintext Attack if \(\mathtt {Adv^{IND-CPA}}\) is negligible for any polynomial time adversary \(\mathcal {A}\).
Remark 1
In Phase 1, the adversary \(\mathcal {A}\) is also allowed to send queries for re-encryption of the ciphertexts and signature generation. In our security game, the simulator \(\mathcal {B}\) gives all the proxy re-encryption keys to the adversary \(\mathcal {A}\) in the Setup phase. As such, the adversary \(\mathcal {A}\) can answer the re-encryption queries. Similarly, as the private key is also given to the adversary \(\mathcal {A}\), the adversary can also answer all the signature generation queries. Therefore, we do not include re-encryption and signature generation oracles in Phase 1. We observe that the adversary \(\mathcal {A}\) has at least the same capability as the NDN routers.
Appendix B Security Proof
Proof
In this proof, we construct a PPT simulator \(\mathcal {B}\) to break our proposed scheme with an advantage \(\frac{\epsilon }{2}\) with the help of an adversary \(\mathcal {A}\).
The DBDH challenger \(\mathcal {C}\) chooses random numbers \((a, b, c, z)\in \mathbb {Z}_q^*\) and computes \(A= g^a, B= g^b, C= g^c\). It flips a random coin \(l\in \{0, 1\}\). If \(l= 0\), the challenger \(\mathcal {C}\) computes \(Z\,=\, \hat{e}(g, g)^{abc}\); otherwise it computes \(Z\,=\, \hat{e}(g, g)^z\). The challenger \(\mathcal {C}\) sends the tuple \(\langle {g, A, B, C, Z}\rangle \) to a simulator \(\mathcal {B}\) and asks the simulator \(\mathcal {B}\) to output l. Now the simulator acts as the challenger in the rest of the security game.
Init– Adversary \(\mathcal {A}\) submits a challenged category \(r_i\) and identity \(\mathtt {ID_u}\) to the simulator \(\mathcal {B}\).
Setup– Simulator \(\mathcal {B}\) chooses random numbers \((x, \mathbbm {sk}, \varrho , \big \{[\mathbbm {sk_i}]_{\forall i\in \mathbb {U}_{_j}}, \mathbbm {t}_{r_j}\big \}_{\forall r_j\in \varPsi })\in \mathbb {Z}_q^*\). The simulator sets \(\eta = x- ab\cdot \mathbbm {sk}\) and computes the following parameters:
Moreover, the simulator \(\mathcal {B}\) computes \(\Big \{\mathtt {Acc_{r_j}}\,=\, \hat{e}\left( H(r^*_x), g\right) ^{\prod _{\forall i\in \mathbb {U}_{r_j}} \mathbbm {sk_i}}\Big \}_{\forall r_j \in \mathbb {A}_{r_i}}\) and \(\Big \{\mathtt {Acc_{r_j}}\,=\, \hat{e}\left( H(r^*_x), g\right) ^{\mathbbm {sk}\prod _{\forall i\in \mathbb {U}_{r_j}} \mathbbm {sk_i}}\Big \}_{\forall r_j \in (\varPsi \setminus \mathbb {A}_{r_i})}\). Simulator \(\mathcal {B}\) sends the tuple \(\Big <q, \mathbb {G}, \mathbb {G}_T, \hat{e}, g, H, H_1, \hat{e}(g, g)^{ab}, \hat{e}(g, g)^{\eta }, \mathbb {PK}_{r_j}= \{\mathtt {PK_{r_j}}, \mathbb {A}_{r_j}, r_j\}_{\forall r_j\in \varPsi }\Big>\), proxy re-encryption keys \(\{\mathtt {PKey_{r_j}^{r_w}}\}_{\forall r_j\in \varPsi }\), and also \(\mathbbm {sk}\) (i.e., private key) to the adversary \(\mathcal {A}\). It keeps other parameters by itself.
Phase 1– Adversary \(\mathcal {A}\) submits a category \(r^*_x\) such that \(r^*_x\notin \mathbb {A}_{r_i}\) and validity period \(\mathtt {VP^*_{ID_u}}\) to the simulator \(\mathcal {B}\). The simulator \(\mathcal {B}\) computes a pair of secret keys \(\mathtt {RK^1_{ID_u, r^*_x}}, \mathtt {RK^2_{ID_u, r^*_x}}\), another pair of public keys \(\mathtt {Pub1^{r^*_x}_{ID_u}}, \mathtt {Pub2^{r^*_x}_{ID_u}}\) and a witness public key \(\mathtt {PubWit^{r^*_x}_{ID_u}}\), where
Simulator \(\mathcal {B}\) sends the pair of secret keys \(\mathtt {RK^1_{ID_u, r^*_x}}, \mathtt {RK^2_{ID_u, r^*_x}}\), public keys \(\mathtt {Pub1^{r^*_x}_{ID_u}}, \mathtt {Pub2^{r^*_x}_{ID_u}}\) and public witness key \(\mathtt {PubWit^{r^*_x}_{ID_u}}\) to the adversary \(\mathcal {A}\).
Challenge– When the adversary \(\mathcal {A}\) decides that Phase 1 is over, it submits two equal length messages \(\mathtt {K_0}\) and \(\mathtt {K_1}\) to the simulator \(\mathcal {B}\). The simulator chooses a random number \(r\in \mathbb {Z}_q^*\) and flips a random binary coin \(\mu \). It then encrypts \(\mathtt {K_\mu }\) using the challenged category \(r_i\) and generates a ciphertext \(\mathbb {CT}_{\mu }= \langle {C_1 , C_2, C_3, C_{r_i}}\rangle \), where
Phase 2– Same as Phase 1.
Guess – The adversary \(\mathcal {A}\) guesses a bit \(\mu '\) and sends to the simulator \(\mathcal {B}\). If \(\mu '=\mu \) then the adversary \(\mathcal {A}\) wins CPA game; otherwise it fails. If \(\mu '= \mu \), simulator \(\mathcal {B}\) answers “DBDH” in the game (i.e. outputs \(l= 0\)); otherwise \(\mathcal {B}\) answers “random” (i.e. outputs \(l= 1\)).
If \(Z= \hat{e}(g, g)^{z}\); then \(C_1\) is completely random from the view of the adversary \(\mathcal {A}\). So, the received ciphertext \(\mathbb {CT}_\mu \) is not compliant to the game (i.e. invalid ciphertext). Therefore, the adversary \(\mathcal {A}\) chooses \(\mu '\) randomly. Hence, probability of the adversary \(\mathcal {A}\) for outputting \(\mu '= \mu \) is \(\frac{1}{2}\).
If \(Z= \hat{e}(g, g)^{abc}\), then adversary \(\mathcal {A}\) receives a valid ciphertext. The adversary \(\mathcal {A}\) wins the CPA game with non-negligible advantage \(\epsilon \) (according to Theorem 1). So, the probability of outputting \(\mu '= \mu \) for the adversary \(\mathcal {A}\) is \(\frac{1}{2}+ \epsilon \), where probability \(\epsilon \) is for guessing that the received ciphertext is valid and probability \(\frac{1}{2}\) is for guessing whether the valid ciphertext \(\mathbb {CT}_\mu \) is related to \(\mathtt {K_0}\) or \(\mathtt {K_1}\).
Therefore, the overall advantage \(\mathtt {Adv^{IND-CPA}}\) of the simulator \(\mathcal {B}\) is \(\frac{1}{2}(\frac{1}{2}+ \epsilon + \frac{1}{2})- \frac{1}{2}= \frac{\epsilon }{2}\).
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Sultan, N.H., Varadharajan, V., Camtepe, S., Nepal, S. (2020). An Accountable Access Control Scheme for Hierarchical Content in Named Data Networks with Revocation. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds) Computer Security – ESORICS 2020. ESORICS 2020. Lecture Notes in Computer Science(), vol 12308. Springer, Cham. https://doi.org/10.1007/978-3-030-58951-6_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-58951-6_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58950-9
Online ISBN: 978-3-030-58951-6
eBook Packages: Computer ScienceComputer Science (R0)