Interest-Based Access Control for Content Centric Networks (extended version)

摘要

Content-Centric Networking (CCN) is an emerging network architecture designedto overcome limitations of the current IP-based Internet. One of thefundamental tenets of CCN is that data, or content, is a named and addressableentity in the network. Consumers request content by issuing interest messageswith the desired content name. These interests are forwarded by routers toproducers, and the resulting content object is returned and optionally cachedat each router along the path. In-network caching makes it difficult to enforceaccess control policies on sensitive content outside of the producer sincerouters only use interest information for forwarding decisions. To that end, wepropose an Interest-Based Access Control (IBAC) scheme that enables accesscontrol enforcement using only information contained in interest messages,i.e., by making sensitive content names unpredictable to unauthorized parties.Our IBAC scheme supports both hash- and encryption-based name obfuscation. Weaddress the problem of interest replay attacks by formulating a mutual trustframework between producers and consumers that enables routers to performauthorization checks when satisfying interests from their cache. We assess thecomputational, storage, and bandwidth overhead of each IBAC variant. Our designis flexible and allows producers to arbitrarily specify and enforce any type ofaccess control on content, without having to deal with the problems of contentencryption and key distribution. This is the first comprehensive design for CCNaccess control using only information contained in interest messages.