A cache-aware mechanism to enforce confidentiality, trackability and access policy evolution in Content-Centric Networks

摘要

The Content-Centric Networking (CCN) paradigm introduces a novel communication model where any node in the network can implement caching functionalities to directly serve incoming content requests. However, such a radical change in the protocol stack poses new security challenges since the content producer loses control over the data he provides to the network. Our contribution is to propose ConfTrack-CCN, an efficient encryption-based extension to the CCN proposal, designed to enforce confidential data dissemination, trackable content access and seamless support of policy evolution. ConfTrack-CCN jointly enforces all these three requirements by protecting the data with two layers of encryption, the latter of which evolves to reflect access privilege updates. A forced consumer-producer interaction makes consumers fetch keying materials, while sending back logging data on the accessed objects. To evaluate the traffic reduction that ConfTrack-CCN can guarantee, we perform thorough simulation campaigns with real network topologies, and we further study the computational overhead introduced by the encryption primitives we use to secure the communication. The results clearly show that, on average, ConfTrack-CCN ensures a 20% higher hit-rate than other security schemes, while introducing a negligible computational overhead.