Research Of Identity-based Cryptography For Named Data Networking

Named Data Network(NDN) which eliminates the dependence on IPaddress is a kind of information-centric network. Compared withtraditional network，NDN has higher efficiency in transmission of datawith large volume and removes the IPv4address exhaustion crisis. Itscontent-centric network model and flexible routing strategy not only bringadvantages, but also introduce many security challenges. Therefore,security was considered to be part of the base application components.How to design a globally available security infrastructure (SI) which iseasy to use has become a serious problem. One of the key points to solvethis problem is to achieve cross-domain authentication.Considering that the hierarchical name of data in NDN andhierarchical secret key distribution scheme in hierarchical identity-basedcryptography(HIBC), this paper gives the first scheme to design SI basedon HIBC. Through integrating the data naming tree and secret keydistribution tree, the scheme achieves message authentication by signingthe data with the private key corresponding to the name of the content.Moreover, we acquire data-confidentiality between end to endcommunication on non-secure channels, by encrypting the content withreceiver’s identity. Finally, the safety and efficiency of the scheme areanalyzed. Compared with CA-based trust mechanism, the scheme proposedin this paper has reflected higher efficiency and adaptability in secret keymanagement, distribution and content signcryption.However, the data publisher needs to encrypt the data many timesduring one-to-many private communication, which can not take advantageof NDN’s caching mechanism. Taking into account this flaw, this paper then proposed a new identity-based multi-recipient signcryption schemefor multi-PKG environment. The new scheme can achieve confidentialityagainst selective chosen ciphertext attack and unforgeability against chosenmessage attack in random oracle model. Relying on the new signcryptionscheme proposed in this paper, another designing program for SI isproposed. In the new system，data producer signs on the data with theprivate key corresponding to his identity and stores the producer’s identityin ‘Sign Info’ field of the packet. During the multi-recipients confidentialcommunications, the producer can simply encrypt the data once, whichreduces the computational burden of data sender. Compared to the firstscheme based on HIBC, this scheme is more suitable to multi-recipientsconfidential communications.