CDAC: A Collaborative Data Access Control Scheme in Named Data Networking

摘要

Named Data Networking (NDN) shifts networking paradigm from host-oriented to data-oriented and supports in-network caching. However, in-network caching brings about some new security issues (e.g., the separation of ownership and management of data). In native NDN architecture, consumers' requests are usually authenticated by a content producer, which results in highly computation overhead and unnecessary network delay. Moreover, in such a scenario where the connection between content producer and network is intermittent, encrypted contents cached in routers fail to be accessed by consumers due to lacking of content producer's permission. In this paper, we propose a collaborative data access control scheme for NDN, called CDAC, in which data access control is performed at cached-enabled routers rather than single content producer. In addition, enhanced secret sharing method is applied to achieve data access control in the situation where the connection between content producer and network is intermittent. We also use two-variable one-way function to reduce the computation overhead caused by consumer's revocation. Through reasonable security analysis and the comparison with preliminary works, the CDAC scheme achieves the expected design goals. The experimental results demonstrate that our scheme is efficient for N DN architecture, and introduces slight delay for contents securely retrieval.