Shifting from host-oriented to data-oriented, information-centric networking (ICN) adopts several key design principles, e.g., in-network caching, to cope with the tremendous internet growth. In the ICN setting, data to be distributed can be cached by ICN routers anywhere and accessed arbitrarily by customers without data publishers' permission, which imposes new challenges when achieving data access control: (i) security: How can data publishers protect data confidentiality (either data cached by ICN routers or data accessed by authorized users) even when an authorized user's decryption key was revoked or compromised, and (ii) scalability: How can data publishers leverage ICN's promising features and enforce access control without complicated key management or extensive communication. This paper addresses these challenges by using the new proposed dual-phase encryption that uniquely combines the ideas from one-time decryption key, proxy re-encryption and all-or-nothing transformation, while still being able to leverage ICN's features. Our analysis and performance show that our solution is highly efficient and provable secure under the existing security model.
展开▼
