research-article

Schematizing Trust in Named Data Networking

Authors:

Alexander Afanasyev,

Van Jacobson, and

Lixia ZhangAuthors Info & Claims

ACM-ICN '15: Proceedings of the 2nd ACM Conference on Information-Centric Networking

September 2015

Pages 177 - 186

https://doi.org/10.1145/2810156.2810170

Published: 30 September 2015 Publication History

Abstract

Securing communication in network applications involves many complex tasks that can be daunting even for security experts. The Named Data Networking (NDN) architecture builds data authentication into the network layer by requiring all applications to sign and authenticate every data packet. To make this authentication usable, the decision about which keys can sign which data and the procedure of signature verification need to be automated. This paper explores the ability of NDN to enable such automation through the use of trust schemas. Trust schemas can provide data consumers an automatic way to discover which keys to use to authenticate individual data packets, and provide data producers an automatic decision process about which keys to use to sign data packets and, if keys are missing, how to create keys while ensuring that they are used only within a narrowly defined scope ("the least privilege principle"). We have developed a set of trust schemas for several prototype NDN applications with different trust models of varying complexity. Our experience suggests that this approach has the potential of being generally applicable to a wide range of NDN applications.

References

[1]

A. Afanasyev, C. Yi, L. Wang, B. Zhang, and L. Zhang. SNAMP: Secure namespace mapping to scale NDN forwarding. In Proc. of Global Internet Symposium, 2015.

[2]

R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS security introduction and requirements. RFC 4033, 2005.

[3]

L. Bauer, S. Garriss, and M. K. Reiter. Efficient proving for practical distributed access-control systems. In ESORICS, 2007.

Digital Library

[4]

M. Y. Becker and P. Sewell. Cassandra: Distributed access control policies with tunable expressiveness. In Proc. of International Workshop on Policies for Distributed Systems and Networks (POLICY), 2004.

Digital Library

[5]

M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proc. of IEEE Symposium on Security and Privacy, 1996.

Digital Library

[6]

D. Clarke, J.-E. Elien, C. Ellison, M. Fredette, A. Morcos, and R. L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 2001.

Digital Library

[7]

W. Clocksin and C. S. Mellish. Programming in PROLOG. Springer Science & Business Media, 2003.

Digital Library

[8]

D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280, 2008.

[9]

T. Dierks and E. Rescorla. The transport layer security (TLS) protocol version 1.2. RFC 5246, 2008.

[10]

E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design patterns: elements of reusable object-oriented software. Pearson Education, 1994.

Digital Library

[11]

P. Hoffman and J. Schlyter. The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA. RFC 6698, 2012.

[12]

T. Jim. SD3: A trust management system with certified evaluation. In Proc. of IEEE Symposium on Security and Privacy, 2001.

Digital Library

[13]

N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust-management framework. In Proc. of IEEE Symposium on Security and Privacy, 2002.

Digital Library

[14]

N. Li, W. H. Winsborough, and J. C. Mitchell. Distributed credential chain discovery in trust management. In Proc. of Conf. on Comp. and Comm. Security (CCS-8), 2001.

Digital Library

[15]

NDN Team. Libraries / NDN platform. http://named-data.net/codebase/platform/, 2015.

[16]

NDN Team. NDN packet format specification. http://named-data.net/doc/ndn-tlv/, 2015.

[17]

NDN Team. NDN regular expression. http://named-data.net/doc/ndn-cxx/current/tutorials/utils-ndn-regex.html, 2015.

[18]

D. Smetters and V. Jacobson. Securing network content. Technical report, PARC, 2009.

[19]

Y. Yu. Public key management in Named Data Networking. Tech. Rep. NDN-0029, NDN, 2015.

[20]

L. Zhang, A. Afanasyev, J. Burke, V. Jacobson, kc claffy, P. Crowley, C. Papadopoulos, L. Wang, and B. Zhang. Named data networking. ACM Computer Communication Reviews, 2014.

Digital Library

Cited By

ASAEDA HMATSUZONO KHAYAMIZU YHtet HLAING HOOKA A(2024)A Survey of Information-Centric Networking: The Quest for InnovationIEICE Transactions on Communications10.1587/transcom.2023EBI0001E107.B:1(139-153)Online publication date: 1-Jan-2024
https://doi.org/10.1587/transcom.2023EBI0001
Yu TKong ZMa XWang LZhang L(2024)PythonRepo: Persistent In-Network Storage for Named Data Networking2024 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC59896.2024.10556243(927-931)Online publication date: 19-Feb-2024
https://doi.org/10.1109/ICNC59896.2024.10556243
Agiollo ABardhi EConti MDal Fabbro NLazzeretti R(2024)Anonymous Federated Learning via Named-Data NetworkingFuture Generation Computer Systems10.1016/j.future.2023.11.009152(288-303)Online publication date: Mar-2024
https://doi.org/10.1016/j.future.2023.11.009
Show More Cited By

Index Terms

Schematizing Trust in Named Data Networking
1. Security and privacy
  1. Network security
  2. Systems security
    1. Operating systems security

Recommendations

Network-Layer Trust in Named-Data Networking

In contrast to today's IP-based host-oriented Internet architecture, Information-Centric Networking (ICN) emphasizes content by making it directly addressable and routable. Named Data Networking (NDN) architecture is an instance of ICN that is being ...
Read More
Enhancing Security and Trust in Named Data Networking using Hierarchical Identity Based Cryptography

Named data networking NDN represents a promising clean slate for future internet architecture. It adopts the information-centric networking ICN approach that treats named data as the central element, leverages in-network caching, and uses a data-centric ...
Read More
Towards named data networking technology: Emerging applications, use cases, and challenges for secure data communication
Abstract
Named Data Networking (NDN), an emerging Internet architecture is altering the basics of the networking model by making content directly addressable and routable. NDN changes the communication model by shifting from the current host-centric model ...
Highlights
- The traditional TCP/IP has several limitations, such as mobility and security.
- NDN tackles TCP/IP issues with its features of content naming, caching, and security.
- This paper discusses the integration of NDN with the current ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ACM-ICN '15: Proceedings of the 2nd ACM Conference on Information-Centric Networking

September 2015

236 pages

ISBN:9781450338554

DOI:10.1145/2810156

General Chair:
Ignacio Solis
PARC, USA
,
Program Chairs:
Antonio Carzaniga
USI, Switzerland
,
K. K. Ramakrishnan
UC Riverside, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 September 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

ICN'15

Sponsor:

SIGCOMM

ICN'15: 2nd International Conference on Information-Centric Networking

September 30 - October 2, 2015

California, San Francisco, USA

Acceptance Rates

ACM-ICN '15 Paper Acceptance Rate 18 of 55 submissions, 33%;

Overall Acceptance Rate 133 of 482 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

127
Total Citations
View Citations
574
Total Downloads

Downloads (Last 12 months)54
Downloads (Last 6 weeks)2

Other Metrics

View Author Metrics

Citations

Cited By

ASAEDA HMATSUZONO KHAYAMIZU YHtet HLAING HOOKA A(2024)A Survey of Information-Centric Networking: The Quest for InnovationIEICE Transactions on Communications10.1587/transcom.2023EBI0001E107.B:1(139-153)Online publication date: 1-Jan-2024
https://doi.org/10.1587/transcom.2023EBI0001
Yu TKong ZMa XWang LZhang L(2024)PythonRepo: Persistent In-Network Storage for Named Data Networking2024 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC59896.2024.10556243(927-931)Online publication date: 19-Feb-2024
https://doi.org/10.1109/ICNC59896.2024.10556243
Agiollo ABardhi EConti MDal Fabbro NLazzeretti R(2024)Anonymous Federated Learning via Named-Data NetworkingFuture Generation Computer Systems10.1016/j.future.2023.11.009152(288-303)Online publication date: Mar-2024
https://doi.org/10.1016/j.future.2023.11.009
Cai JHuang HMa CLiu J(2024)A blockchain-based privacy protecting framework with multi-channel access control model for asset tradingPeer-to-Peer Networking and Applications10.1007/s12083-024-01732-9Online publication date: 4-Jun-2024
https://doi.org/10.1007/s12083-024-01732-9
Yu TMa XXie HKutscher DZhang L(2023)Cornerstone: Automating Remote NDN Entity BootstrappingProceedings of the 18th Asian Internet Engineering Conference10.1145/3630590.3630598(62-68)Online publication date: 12-Dec-2023
https://dl.acm.org/doi/10.1145/3630590.3630598
Kutscher DBurke JFioccola GMendes PCalvert KHjálmtýsson GCrowley PPapadopoulos C(2023)Statement: The Metaverse as an Information-Centric NetworkProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623761(112-114)Online publication date: 9-Oct-2023
https://dl.acm.org/doi/10.1145/3623565.3623761
Dulal SWang LCalvert KHjálmtýsson GCrowley PPapadopoulos C(2023)Reining in Redundant Traffic through Adaptive Duplicate Suppression in Multi-Access NDN NetworksProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623717(78-87)Online publication date: 9-Oct-2023
https://dl.acm.org/doi/10.1145/3623565.3623717
Davis JCalvert KCalvert KHjálmtýsson GCrowley PPapadopoulos C(2023)SoK: On Named Content and Inter-domain RoutingProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623716(55-66)Online publication date: 9-Oct-2023
https://dl.acm.org/doi/10.1145/3623565.3623716
Liang THuang WMa XZhang WZhang YZhang BCalvert KHjálmtýsson GCrowley PPapadopoulos C(2023)PCLive: Bringing Named Data Networking to Internet LivestreamingProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623711(36-45)Online publication date: 9-Oct-2023
https://dl.acm.org/doi/10.1145/3623565.3623711
Yu TMa XXie HKocaoğullar YZhang LCalvert KHjálmtýsson GCrowley PPapadopoulos C(2023)A New API in Support of NDN Trust SchemaProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623709(46-54)Online publication date: 9-Oct-2023
https://dl.acm.org/doi/10.1145/3623565.3623709
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents