Securing content-centric networks with content-based encryption

https://doi.org/10.1016/j.jnca.2018.12.005Get rights and content

Abstract

As content is transmitted in content-driven manner in the content-centric network (CCN), it does not require any host address; therefore, it is infeasible to establish a traditional secure channel between hosts. Securing the content transmission in the CCN is a challenging problem. We solve this problem with the content-based encryption, where the encryption key is associated with the content itself, and the private decryption keys are distributed to the authorized consumers. To deal with the security requirements for content-based encryption, we define a security model that captures the key existential unforgeability and semantic security. We then propose a content-based encryption scheme with short ciphertexts, which is proven to be strong key existentially unforgeable and semantically secure in the standard model. We apply the scheme to construct a secure content transmission protocol in the CCN, which captures the security properties of content confidentiality, integrity, resistance to replay attacks and resistance to key forgery attacks. The performance analysis shows that our protocol is efficient for large content transmission.

Introduction

In contrast to the traditional host-centric network, which was designed for end-to-end data transmission (e.g. TCP/IP), the content-centric network (CCN) (Jacobson et al., 2012; Jacobson et al., 2009) offers great advantage for content acquisition and sharing. With the new network topology, the CCN adopts the content-driven mechanism rather than the address-driven mechanism such as TCP/IP. In the CCN, for a required data item, any node which possesses it can provide; therefore, it greatly reduces the cost of content transmission. It can also avoid the risk of failure in content acquisition in TCP/IP, where the end-to-end connectivity may not ever exist and links (contacts) may not be suitable for schedules, or the target node is unable to provide the requested content.

The security of content transmission in the CCN is a challenging problem (Vasilakos et al., 2015; Amadeo et al., 2016; Zhang et al., 2018; Fan et al., 2016; Huang et al., 2017). Firstly, as the CCN is not address-driven, there is no notion of host at its lowest level. Therefore, the CCN needs to secure the content itself rather than to secure its communication channel. Secondly, due to store-and-forward mechanism, contents may not always arrive from their original producers. Consequently, the content security defined with respect to confidentiality and integrity cannot be captured in the traditional secure transmission model due to point-to-point channels.

To address this problem, in this paper, we present a new approach to protect the content delivery in the CCN. In order to avoid the inherent problems in the above approaches, we apply a novel public key encryption system, i.e. content-based encryption (Wang and Mu, 2016), to construct a secure content transmission protocol in the CCN. Content-based encryption is a new type of public key cryptosystem extended from ID-based encryption, where the encryption key is directly associated with the content itself, i.e. the unique name of content, and for each content many private decryption keys, generated by a trusted third party, are authorized to the valid consumer nodes. With the hybrid method, a symmetric key is encrypted with the content-based public key while the content is encrypted with the symmetric key. The ciphertext is relayed by intermediate nodes to the corresponding consumer who requests the content. Any authorized consumer nodes in the CCN can recover the content by decrypting the ciphertext with an authorized decryption key associated with the content.

It is worth noting that our presented content-based encryption scheme has several advantages: short public parameters (4 group elements for fully semantic security), efficient construction (a ciphertext consists of three group elements; encryption and decryption require only a small constant number of group operations, while user private keys and the public parameters are compact). We also prove that the content-based encryption is secure against strong key existential forgery and fully secure against chosen plaintext attack under the defined security model.

Then, we utilize the proposed content-based encryption as a building block to construct a secure content transmission protocol in the content-centric network. In the protocol, the symmetric key is encrypted under our content-based encryption scheme, and the content chunks are encrypted with the symmetric cryptosystem. The security of the protocol is also analyzed. In our protocol the content provided by the provider node can be securely relayed and cached by the intermediate nodes and acquired by any authorized consumers, with the confidentiality and integrity of the content. The protocol also resists the replay attacks and content related secret key forgery attacks. The performance of the protocol is evaluated in a simulated scenario. The simulation results show that only small amount of data and computation cost are added when applying the content-based encryption in the transmission protocol.

Our Contribution. With our content-based encryption, contents distributed in the content-centric network can be protected. Firstly, we present a concrete content-based encryption scheme without random oracle and formally prove the unforgeability of secret decryption key and semantic security accordingly. Based on our content-based encryption scheme, we then construct a secure content transmission protocol for the content-centric network, where the content can be cached and relayed in the CCN, and the content confidentiality and integrity are achieved, while it also resists the replay attack and content-related private key forgery attack. A performance evaluation is conducted and shows that the scheme for protecting the content transmission is very efficient.

Organization. Firstly, we recall related works in Section 2. Then, we introduce the secure content transmission architecture, the threat model and security requirements in Section 3. We provide the definition of content-based encryption and its security model in Section 4. We describe the preliminaries, the hard problem assumptions, and our construction of content-based encryption scheme as well as its security proof in Section 5. In Section 6, we present the secure content transmission protocol in the CCN, show it satisfies the security properties, and demonstrates its performance. We conclude this paper in Section 7.

Section snippets

Related works

In order to secure the content in the CCN, a symmetric key is used to encrypt the content. The authorized nodes, which hold symmetric keys, can access the content. However, how to distribute the symmetric key is a problem. The traditional public key infrastructure (PKI) as well as the ID-based PKI (Shamir, 1984; Boneh and Franklin, 2003; Gao et al., 2018; Ye et al., 2018; Li et al., 2018a), are not appropriate for securely distributing symmetric keys in the CCN due to the high cost of

Content transmission architecture in CCN

In this section, we describe the architecture for secure data transmission in the CCN and define its threat model.

Building block: content-based encryption

To secure the content transmission in the CCN, we first introduce a building block, i.e. content-based encryption, in this section. Then, its security definitions are presented.

Construction for content-based encryption in standard model

Before describing the content-based encryption scheme in detail, we give some cryptographic background knowledge.

The proposed protocol

To secure the content transmission in CCN, we apply our content-based encryption scheme to construct a secure content transmission protocol, which consists of five phases, i.e. System Setup, Content Registeration, Content Information Publish, Content Acquisition and Content Verification.

Phase 1: System Setup

The TTP executes the following steps to setup the system.

  • Generate the master-key MK and the public system parameters params for the CBE scheme.

  • Choose two collision-resistant hash functions H1

Conclusion

To secure the content transmission in CCN, we proposed a content-based encryption scheme with short ciphertexts, and proved it is semantically secure and key existentially unforgeable in the standard model under the q-BDHI+ assumption and the q-SDH assumption, respectively. Our content-based encryption scheme is then applied to construct a practical and secure content transmission protocol in the content-centric network. Compared to previous works, our protocol has simultaneously achieved the

Acknowledgement

This work is supported by of National Key R&D Program of China (2017YFB0802003), the National Natural Science Foundation of China (61502086, U1633114) and the Sichuan Science and Technology Program (2018GZ0202).

References (25)

  • D. Boneh et al.

    Collusion resistant broadcast encryption with short ciphertexts and private keys

  • L. Fan et al.

    Secure multiple amplify-and-forward relaying with cochannel interference

    IEEE J. Sel. Top. Signal Process.

    (2016)
  • Cited by (19)

    • Reconfigurable content-addressable memory (CAM) on FPGAs: A tutorial and survey

      2022, Future Generation Computer Systems
      Citation Excerpt :

      With the escalation of cloud computing and data approaching the sea of data, there is an increasing demand for high throughput search engines where FPGAs and FPGA-based CAMs play a significant role [76]. CAMs are used in data compression, translation lookaside buffers (TLBs) in microprocessors, image recognition, content-centric networks [77], and cognitive information processing. The commercial use of TCAM is in-network routers where it classifies the incoming packets against the stored addresses [2,78,35].

    • Dynamic Partitioning and Popularity based Caching for Optimized Performance in content-centric fog networks: DPPCOP

      2022, Pervasive and Mobile Computing
      Citation Excerpt :

      Thus, intermediate fog nodes can store the incoming contents from the cloud servers and provide services to its connected end-users with lesser latency [11]. Presently, the end-users are more focused on the rapid delivery of requested contents instead of searching the IP address of the cloud server/fog node to access the required content [12,13]. Towards this, the Content-Centric Networking (CCN) appeared to be a suitable architecture for the fog network environment.

    • The 5G communication technology-oriented intelligent building system planning and design

      2020, Computer Communications
      Citation Excerpt :

      The second is to be able to forward Interest packets on multiple paths simultaneously. These studies give the main research goals of intelligent forwarding platforms [11,12]. They are to quickly find content names, research intelligent forwarding strategies, research-caching strategies, and storage space management strategies.

    • Special issue on advances in security and privacy in IoT

      2019, Journal of Network and Computer Applications
    View all citing articles on Scopus
    View full text