Research On Identity-based Access Control Mechanism For Named Data Networking

Named Data Networking(NDN) is an emerging network architecture designed to overcome limitations of the current IP-based Internet. The NDN architecture has shifted from the IP address based packet delivery model to the named-based data retrieval model, resulting in effective content distribution and sharing via in-network cache and direct retrieval on name. However this shift has also created challenges of securing sensitive or valuable content and enforcing appropriate control to defense against unauthorized access. Therefore, the design of an access control mechanism for NDN has become a concerned research issue.This thesis is funded by the Chongqing Key Project of Research on Fundamental Science and Advanced Technology “Research on Name Label Switching Based Fast Data Forwarding Mechanism for Future Internet” and undertakes the research on a secure content distribution and access control mechanism. This thesis presents an identity based access control mechanism with security and high-efficiency for NDN architecture, the main contributions of which are summarized as follows:Firstly, Identity-Based Cryptography and Proxy Re-Encryption are combined to ensure the confidentiality of data. The identity suggests the access authority of a user. Only authorized user could possess a re-encryption key for transforming the cipher under his own public key of identity. Furthermore, a combination of asymmetric and symmetric ciphers is utilized to ensure that the Data object is encrypted once and decrypt many times.Secondly, to minimize the possibility of distributing the protected and encrypted Data objects to unauthorized consumers, it's necessary to allow routers with an Interest filter to enforce access control according to the user's identity. A data structure of hash table is introduced to pre-filter Interest from unauthorized users, minimizing the occupation of network resources.Thirdly, the proposed identity-based access control scheme is simulated over ndn SIM for a file access application to verify the feasibility. The security analysis proves to be reached the design goal in terms of data confidentiality and efficiency of key management. The proposed scheme can achieve CCA-security. Compared with the existing identity-based encryption scheme in NDN, our design provides strong end-to-end content security and reduced overhead of communication with 20% computation overhead saved and 20% network resource consumption decreased.