NDN Privacy Protection Search Scheme

The current internet model,which relies on packet switching,has served us well and led to a huge explosion in connectivity of both computers and people,and created a huge new industry.However,the way the internet is used today(which is mainly viewing different kinds of content)is increasingly at odds with its original intention of connecting computers with known addresses to each other.This thesis examines several technologies,collectively known as “Named Data Networking”,which aim to fix this discrepancy by placing emphasis on the content being transferred,in order to create a more durable,secure and efficient internet for tomorrow.The data-centric security model consists of two parts: data-centric authenticity and datacentric confidentiality.NDN achieves data-centric authenticity by mandating per packet signature,and data-centric confidentiality by data encryption.While the idea is straightforward,we observed that usability of data-centric security of NDN prevents developers from enabling security in their applications.This work presents a NDN privacy protection search scheme.To achieve that,we designed NDN certificate system to facilitate public key distribution in NDN.We show that the adversarial models used in existing multi-user searchable encryption solutions are not realistic as they implicitly require that the NDN ISP/(storage)service cannot collude with some users.We then propose a stronger adversarial model,and propose a construction which is both practical and provably secure in this new model.The new solution combines the use of bilinear pairings with private information retrieval and introduces a new,non-trusted entity called “proxy” to transform each user's search query into one instance per targeted file or document.