Top

Published in:

2018 | OriginalPaper | Chapter

`KRB-CCN`: Lightweight Authentication and Access Control for Private Content-Centric Networks

Authors : Ivan O. Nunes, Gene Tsudik

Published in: Applied Cryptography and Network Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Content-Centric Networking (CCN) is an internetworking paradigm that offers an alternative to today’s IP-based Internet Architecture. Instead of focusing on hosts and their locations, CCN emphasizes addressable named content. By decoupling content from its location, CCN allows opportunistic in-network content caching, thus enabling better network utilization, at least for scalable content distribution. However, in order to be considered seriously, CCN must support basic security services, including content authenticity, integrity, confidentiality, authorization and access control. Current approaches rely on content producers to perform authorization and access control, which is typically attained via public key encryption. This general approach has several disadvantages. First, consumer privacy vis-a-vis producers is not preserved. Second, identity management and access control impose high computational overhead on producers. Also, unnecessary repeated authentication and access control decisions must be made for each content request. (This burden is particularly relevant for resource-limited producers, e.g., anemic IoT devices.)

These issues motivate our design of KRB-CCN – a complete authorization and access control system for private CCN networks. Inspired by Kerberos in IP-based networks, KRB-CCN involves distinct authentication and authorization authorities. By doing so, KRB-CCN obviates the need for producers to make consumer authentication and access control decisions. KRB-CCN preserves consumer privacy since producers are unaware of consumer identities. Producers are also not required to keep any hard state and only need to perform two symmetric key operations to guarantee that sensitive content is confidentially delivered only to authenticated and authorized consumers. Furthermore, KRB-CCN works transparently on the consumer side. Most importantly, unlike prior designs, KRB-CCN leaves the network (i.e., CCN routers) out of any authorization, access control or confidentiality issues. We describe KRB-CCN design and implementation, analyze its security, and report on its performance.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Formal Analysis of Distance Bounding with Secure Hardware

next chapter Assentication: User De-authentication and Lunchtime Attack Mitigation with Seated Posture Biometric

We overview them in Sect. 6.

KRB-CCN source-code is available at: https://github.com/ivanolive/krb-ccn.

See: http://arxiv.org/abs/1804.03820.

In CCN design, an interest carrying a payload must have the hash of the payload appended to its name.

Jacobson, V., Smetters, D.K., Thornton, J.D., Plass, M.F., Briggs, N.H., Braynard, R.L.: Networking named content. In: Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, pp. 1–12. ACM (2009)

Zhang, L., Estrin, D., Burke, J., Jacobson, V., Thornton, J.D., Smetters, D.K., Zhang, B., Tsudik, G., Massey, D., Papadopoulos, C., et al.: Named data networking (NDN) project. Relatório Técnico NDN-0001, Xerox Palo Alto Research Center-PARC (2010)

Smetters, D.K., Golle, P., Thornton, J.: CCNx access control specifications. Technical report, PARC (2010)

Misra, S., Tourani, R., Majd, N.E.: Secure content delivery in information-centric networks: design, implementation, and analyses. In: Proceedings of the 3rd ACM SIGCOMM Workshop on Information-Centric Networking, pp. 73–78. ACM (2013)

Wood, C.A., Uzun, E.: Flexible end-to-end content security in CCN. In: 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC), pp. 858–865. IEEE (2014)

Ion, M., Zhang, J., Schooler, E.M.: Toward content-centric privacy in ICN: attribute-based encryption and routing. In: Proceedings of the 3rd ACM SIGCOMM Workshop on Information-Centric Networking, pp. 39–40. ACM (2013)

Kuriharay, J., Uzun, E., Wood, C.A.: An encryption-based access control framework for content-centric networking. In: 2015 IFIP Networking Conference (IFIP Networking), pp. 1–9. IEEE (2015)

Yu, Y., Afanasyev, A., Zhang, L.: Name-based access control, Named Data Networking Project, Technical Report NDN-0034 (2015)

Ghali, C., Schlosberg, M.A., Tsudik, G., Wood, C.A.: Interest-based access control for content centric networks. In: Proceedings of the 2nd International Conference on Information-Centric Networking, pp. 147–156. ACM (2015)

10.

Neuman, B.C., Ts’o, T.: Kerberos: an authentication service for computer networks. IEEE Commun. Mag. 32(9), 33–38 (1994)CrossRef

11.

Mosko, M., Solis, I., Wood, C.: CCNx semantics, IRTF Draft, Palo Alto Research Center, Inc. (2016)

12.

Ricciardi, F.: Kerberos protocol tutorial. The National Institute of Nuclear Physics Computing and Network Services, LECCE, Italy (2007)

13.

Mockapetris, P.V.: Domain names-concepts and facilities (1987)

14.

PARC: CCNx distillery (2016). https://github.com/parc/CCNx_Distillery

15.

Sodium: The sodium crypto library (libsodium) (2017). https://github.com/jedisct1/libsodium

16.

Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14CrossRef

17.

Dworkin, M.: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. US Department of Commerce, National Institute of Standards and Technology (2007)

18.

DiBenedetto, S., Gasti, P., Tsudik, G., Uzun, E.: ANDaNA: anonymous named data networking application, arXiv preprint arXiv:1112.2205 (2011)

19.

Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. Technical report, Naval Research Lab Washington DC (2004)

20.

Mosko, M., Uzun, E., Wood, C.A.: Mobile sessions in content-centric networks. In: IFIP Networking (2017)

21.

Doraswamy, N., Harkins, D.: IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks. Prentice Hall Professional, Upper Saddle River (2003)

22.

Nunes, I.O., Tsudik, G., Wood, C.A.: Namespace tunnels in content-centric networks. In: 2017 IEEE 42nd Conference on Local Computer Networks (LCN), pp. 35–42. IEEE (2017)

23.

Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_40CrossRef

24.

Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_16CrossRef

25.

Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(1), 1–30 (2006)CrossRef

26.

Canetti, R., Hohenberger, S.: Chosen-ciphertext secure proxy re-encryption. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 185–194. ACM (2007)

27.

Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)

28.

Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)

29.

Solis, I., Scott, G.: CCN 1.0 (tutorial). In: ACM ICN (2014)

Title: KRB-CCN: Lightweight Authentication and Access Control for Private Content-Centric Networks
Authors: Ivan O. Nunes
Gene Tsudik
Publisher: Springer International Publishing
Book: Applied Cryptography and Network Security
Print ISBN: 978-3-319-93386-3

Electronic ISBN: 978-3-319-93387-0

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-93387-0_31

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner