skip to main content
10.1145/2810156.2810170acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article

Schematizing Trust in Named Data Networking

Published: 30 September 2015 Publication History
  • Get Citation Alerts
  • Abstract

    Securing communication in network applications involves many complex tasks that can be daunting even for security experts. The Named Data Networking (NDN) architecture builds data authentication into the network layer by requiring all applications to sign and authenticate every data packet. To make this authentication usable, the decision about which keys can sign which data and the procedure of signature verification need to be automated. This paper explores the ability of NDN to enable such automation through the use of trust schemas. Trust schemas can provide data consumers an automatic way to discover which keys to use to authenticate individual data packets, and provide data producers an automatic decision process about which keys to use to sign data packets and, if keys are missing, how to create keys while ensuring that they are used only within a narrowly defined scope ("the least privilege principle"). We have developed a set of trust schemas for several prototype NDN applications with different trust models of varying complexity. Our experience suggests that this approach has the potential of being generally applicable to a wide range of NDN applications.

    References

    [1]
    A. Afanasyev, C. Yi, L. Wang, B. Zhang, and L. Zhang. SNAMP: Secure namespace mapping to scale NDN forwarding. In Proc. of Global Internet Symposium, 2015.
    [2]
    R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS security introduction and requirements. RFC 4033, 2005.
    [3]
    L. Bauer, S. Garriss, and M. K. Reiter. Efficient proving for practical distributed access-control systems. In ESORICS, 2007.
    [4]
    M. Y. Becker and P. Sewell. Cassandra: Distributed access control policies with tunable expressiveness. In Proc. of International Workshop on Policies for Distributed Systems and Networks (POLICY), 2004.
    [5]
    M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proc. of IEEE Symposium on Security and Privacy, 1996.
    [6]
    D. Clarke, J.-E. Elien, C. Ellison, M. Fredette, A. Morcos, and R. L. Rivest. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security, 2001.
    [7]
    W. Clocksin and C. S. Mellish. Programming in PROLOG. Springer Science & Business Media, 2003.
    [8]
    D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 5280, 2008.
    [9]
    T. Dierks and E. Rescorla. The transport layer security (TLS) protocol version 1.2. RFC 5246, 2008.
    [10]
    E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design patterns: elements of reusable object-oriented software. Pearson Education, 1994.
    [11]
    P. Hoffman and J. Schlyter. The DNS-based authentication of named entities (DANE) transport layer security (TLS) protocol: TLSA. RFC 6698, 2012.
    [12]
    T. Jim. SD3: A trust management system with certified evaluation. In Proc. of IEEE Symposium on Security and Privacy, 2001.
    [13]
    N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust-management framework. In Proc. of IEEE Symposium on Security and Privacy, 2002.
    [14]
    N. Li, W. H. Winsborough, and J. C. Mitchell. Distributed credential chain discovery in trust management. In Proc. of Conf. on Comp. and Comm. Security (CCS-8), 2001.
    [15]
    NDN Team. Libraries / NDN platform. http://named-data.net/codebase/platform/, 2015.
    [16]
    NDN Team. NDN packet format specification. http://named-data.net/doc/ndn-tlv/, 2015.
    [17]
    NDN Team. NDN regular expression. http://named-data.net/doc/ndn-cxx/current/tutorials/utils-ndn-regex.html, 2015.
    [18]
    D. Smetters and V. Jacobson. Securing network content. Technical report, PARC, 2009.
    [19]
    Y. Yu. Public key management in Named Data Networking. Tech. Rep. NDN-0029, NDN, 2015.
    [20]
    L. Zhang, A. Afanasyev, J. Burke, V. Jacobson, kc claffy, P. Crowley, C. Papadopoulos, L. Wang, and B. Zhang. Named data networking. ACM Computer Communication Reviews, 2014.

    Cited By

    View all
    • (2024)A Survey of Information-Centric Networking: The Quest for InnovationIEICE Transactions on Communications10.1587/transcom.2023EBI0001E107.B:1(139-153)Online publication date: 1-Jan-2024
    • (2024)PythonRepo: Persistent In-Network Storage for Named Data Networking2024 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC59896.2024.10556243(927-931)Online publication date: 19-Feb-2024
    • (2024)Anonymous Federated Learning via Named-Data NetworkingFuture Generation Computer Systems10.1016/j.future.2023.11.009152(288-303)Online publication date: Mar-2024
    • Show More Cited By

    Index Terms

    1. Schematizing Trust in Named Data Networking

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        ACM-ICN '15: Proceedings of the 2nd ACM Conference on Information-Centric Networking
        September 2015
        236 pages
        ISBN:9781450338554
        DOI:10.1145/2810156
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 30 September 2015

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. named data networking
        2. security

        Qualifiers

        • Research-article

        Funding Sources

        Conference

        ICN'15
        Sponsor:
        ICN'15: 2nd International Conference on Information-Centric Networking
        September 30 - October 2, 2015
        California, San Francisco, USA

        Acceptance Rates

        ACM-ICN '15 Paper Acceptance Rate 18 of 55 submissions, 33%;
        Overall Acceptance Rate 133 of 482 submissions, 28%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)54
        • Downloads (Last 6 weeks)2

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)A Survey of Information-Centric Networking: The Quest for InnovationIEICE Transactions on Communications10.1587/transcom.2023EBI0001E107.B:1(139-153)Online publication date: 1-Jan-2024
        • (2024)PythonRepo: Persistent In-Network Storage for Named Data Networking2024 International Conference on Computing, Networking and Communications (ICNC)10.1109/ICNC59896.2024.10556243(927-931)Online publication date: 19-Feb-2024
        • (2024)Anonymous Federated Learning via Named-Data NetworkingFuture Generation Computer Systems10.1016/j.future.2023.11.009152(288-303)Online publication date: Mar-2024
        • (2024)A blockchain-based privacy protecting framework with multi-channel access control model for asset tradingPeer-to-Peer Networking and Applications10.1007/s12083-024-01732-9Online publication date: 4-Jun-2024
        • (2023)Cornerstone: Automating Remote NDN Entity BootstrappingProceedings of the 18th Asian Internet Engineering Conference10.1145/3630590.3630598(62-68)Online publication date: 12-Dec-2023
        • (2023)Statement: The Metaverse as an Information-Centric NetworkProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623761(112-114)Online publication date: 9-Oct-2023
        • (2023)Reining in Redundant Traffic through Adaptive Duplicate Suppression in Multi-Access NDN NetworksProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623717(78-87)Online publication date: 9-Oct-2023
        • (2023)SoK: On Named Content and Inter-domain RoutingProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623716(55-66)Online publication date: 9-Oct-2023
        • (2023)PCLive: Bringing Named Data Networking to Internet LivestreamingProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623711(36-45)Online publication date: 9-Oct-2023
        • (2023)A New API in Support of NDN Trust SchemaProceedings of the 10th ACM Conference on Information-Centric Networking10.1145/3623565.3623709(46-54)Online publication date: 9-Oct-2023
        • Show More Cited By

        View Options

        Get Access

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Media

        Figures

        Other

        Tables

        Share

        Share

        Share this Publication link

        Share on social media