ABSTRACT
The Named Data Network (NDN) is a research activity towards the Internet of the Future, aiming to provide named content regardless location, application, or transport protocol. To secure content distribution, NDN uses a security model in which contents are digitally signed by their producers. Consumers must retrieve public keys to validate a content's signature, and need to check the validity status of those keys before using them. Traditional public key infrastructures use Certificate Revocation Lists (CRL) and the Online Certificate Status Protocol (OCSP) to disseminate key status information. However, such systems must be adapted to work on the NDN architecture. This paper proposes a replication system approach to disseminate key status information in NDN, regardless the key management system adopted. Replication techniques improve robustness, reduce convergence time, and improve key status availability throughout the network. Main results show a significant reduction in response time for consulting a key status, when compared to retrieving it from the original data producer.
- Tim Dierks. The transport layer security (TLS) protocol version 1.2. RFC 5246, 2008.Google Scholar
- Bengt Ahlgren, Christian Dannewitz, Claudio Imbrenda, Dirk Kutscher, and Borje Ohlman. A Survey of Information-Centric Networking. IEEE Communications Magazine, 50(7):26--36, 2012.Google ScholarCross Ref
- Van Jacobson, Diana K Smetters, James D Thornton, Michael F Plass, Nicholas H Briggs, and Rebecca L Braynard. Networking Named Content. In 5th international conference on Emerging networking experiments and technologies (ACM CoNEXT 2009), pages 1--12, 2009. Google ScholarDigital Library
- Yingdi Yu. Public Key Management in Named Data Networking. Technical Report NDN-0029, NDN, 2015.Google Scholar
- D Cooper, S Santesson, S Farrell, S Boeyen, R Housley, and W Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, 2008.Google Scholar
- Stefan Santesson, Michael Myers, Rich Ankney, Ambarish Malpani, Slava Galperin, and Carlisle Adams. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 2560, 2013.Google Scholar
- Jeremy Clark and Paul C van Oorschot. Sok: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. In IEEE Symp. on Security and Privacy, pages 511--525. IEEE, 2013. Google ScholarDigital Library
- Dwaine Clarke, Jean-Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, and Ronald L. Rivest. Certificate Chain Discovery in SPKI/SDSI. Journal of Computer Security, 9(4):285--322, 2001. Google ScholarDigital Library
- Yingdi Yu, Alexander Afanasyev, and Lixia Zhang. NDN DeLorean: An authentication system for data archives in named data networking. NDN, San Diego, CA, USA, Tech. Rep. NDN-0040, 2016.Google Scholar
- Paolo Gasti, Gene Tsudik, Ersin Uzun, and Lixia Zhang. DoS and DDoS in Named Data Networking. In 22nd Intl Conf on Computer Communication and Networks (ICCCN), pages 1--7. IEEE, 2013.Google Scholar
- Van Jacobson, Diana K. Smetters, James D. Thornton, Michael Plass, Nick Briggs, and Rebecca Braynard. Networking Named Content. Communications of the ACM, 55(1):117--124, January 2012. Google ScholarDigital Library
- Katie Shilton, Jeff Burke, KC Claffy, C Duan, and Lixia Zhang. A world on NDN: Affordances & implications of the named data networking future internet architecture. NDN, Technical Report NDN-0018, 2014.Google Scholar
- Diana Smetters and Van Jacobson. Securing network content, 2009.Google Scholar
- Giulia Mauri and Giacomo Verticale. Up-to-date key retrieval for information centric networking. Computer Networks, 112:1--11, 2017. Google ScholarDigital Library
- Navin Budhiraja, Keith Marzullo, Fred B Schneider, and Sam Toueg. The Primary-Backup Approach. Distributed systems, 2:199--216, 1993. Google ScholarDigital Library
- Spyridon Mastorakis, Alexander Afanasyev, Ilya Moiseenko, and Lixia Zhang. ndnSIM 2: An Updated NDN Simulator for NS-3. Technical Report NDN-0028, NDN, 2016.Google Scholar
- Neil Spring, Ratul Mahajan, and David Wetherall. Measuring ISP topologies with RocketFuel. ACM SIGCOMM Computer Communication Review, 32(4):133--145, 2002. Google ScholarDigital Library
Recommendations
Public Key Infrastructure for Named Data Networks
ICDCN '20: Proceedings of the 21st International Conference on Distributed Computing and NetworkingNamed Data Networking (NDN) is a proposed Internet architecture which changes the basic model of network communication. Instead of host-centric (IP based) addressing of the present day Internet architecture, NDN is primarily a data-centric design. The ...
Securing Named Data Networks: Challenges and the Way Forward
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and TechnologiesDespite decades of research on the Internet security, we constantly hear about mega data breaches and malware infections affecting hundreds of millions of hosts. The key reason is that the current threat model of the Internet relies on two assumptions ...
Towards efficient certificate status validations with E-ADOPT in mobile ad hoc networks
Each public key infrastructure needs an efficient certificate status validation method to exclude the revoked certificates from network. In this paper, we present a novel certificate validation scheme called E-ADOPT or Enhanced-ADOPT which utilizes a ...
Comments