Research On CP-ABE-based Access Control Mechanism In Named Data Network

Nowadays,it is difficult for the traditional TCP/IP network to meet the new requirements of internet users,such as supporting massive content distribution,mobility,security and so on.More and more experts and scholars devote themselves to the research of Future Internet Architecture,and consider designing new network architecture to change the network architecture radically and solve this problem fundamentally.Named Data Networking(NDN),as a candidate of Future Internet Architecture,introduces a novel security communication model with the new requirements are considered at beginning of design.Any router in NDN can cache mass data,which is convenient for consumers to obtain data from any nearby router.However,such a radical change causes new challenges for NDN access control since the data publishers are decoupling with the published data and loses control over them.So,access control is very important for security in NDN.In most of the existing access control mechanisms in NDN,publishers are required to be always online to authenticate consumers,and revocation and privacy is considered scarcely.First,focusing on those problems,fully integrated with the in-network storage of NDN,a new access control model in NDN is proposed in this thesis.The system structure and working principle are elaborated,the definition of security properties and security model are defined,and under the specific security assumption,a new scheme for NDN access control based on Ciphertext Policy-Attribute Based Encryption(CP-ABE)is presented.Then,to solve the revocation problem in NDN access control effectively,realize privacy-preserving of users and improve the feasibility and efficiency of NDN access control in practical,this thesis makes the following three improvements:(1)Based on decentralized multi-authority CP-ABE scheme,the scheme under prime order groups is constructed,which improve the feasibility and efficiency of NDN access control system in the practical;(2)Considering the in-network storage technique,an indirect revocation approach is proposed for the above scheme based on periodically updating attribute-based keys of the non-revoked consumers which is combined with the cache strategy in NDN properly,and the revocation of user,user attribute and system attribute can be realized;(3)aiming at the problem of privacy leaking in access structure,using the partially-hidden access structure,each attribute consists of twoparts which are attribute name and its value,attribute name is just in access structure,while the attribute values which is related to the sensitive information of users are hidden,so that recipient anonymity is achieved to realize privacy-preserving.Finally,the security is proved under the static security model.And it is proved that the scheme is fine-grained,collusion resistance,back security and forward security and privacy-preserving.Then,the characteristics and efficiency of the scheme are analyzed and compared,and it can be observed that the scheme is fully functional and efficient in practical.