Research On Access Control Technologies For Named Data Networking

With the development of Internet technology,the scope and scale of Internet applications have gone far beyond the original design concept.Its main application has turned to the acquisition of content,such as text messages and multimedia audios and videos,which result in the demand for content distribution increases rapidly.In the face of this challenge,TCP/IP exposes its design shortcomings:the host-oriented transmission method makes a lot of redundant network transmission and low content distribution efficiency.And there are also some shortcomings in the aspects of mobility and security.To address these challenges,a variety of content-centric networking architectures have been proposed.Named Data Networking(NDN)has become the most popular research field,as its advanced project concepts,feasibility and substantive progress.NDN adopts a named routing mechanism.Users send Interest packet to obtain corresponding Data packet.By deploying ubiquitous caches in the network,data packets can be reused.This design improves the responsiveness of content request and eases network congestion.However,NDN also brings many new security issues while improving network performance.The disclosure of content privacy is an important security risk.In NDN,the content can be cached at any router.If there is no effective access control mechanism,an attacker may obtain the content of a legitimate user and discover the privacy of a legitimate user.How to implement content access control and ensure that content published by a content provider is only valid for authorized users is crucial for building a secure NDN network.For the content access control problem,the most popular solution is to encrypt the content and securely distributes the decryption key to authorized users.However,existing encryption schemes usually result in that encrypted content data packets or key data packets cannot be reused for multiple users,in other words,resulting in redundant storage of "one or more encrypted copies of content,"which severely limits the cache utilization of NDN.The low cache utilization means that the user's request is less likely to be satisfied by intra-network cache.Most requests need to be responded by the content provider,and uses need long latency to get the content.At the same time,some access control schemes have high computational and storage costs and limit their application.Faced with these challenges,this paper explores the design of access control schemes in NDN from aspects of cache utilization,content request latency,and user computational overhead.The research work is as follows:(1)For the problem of cache utilization caused by encryption,the paper proposes an access control scheme based on edge router proxy re-encryption.The scheme uses the symmetric key to encrypt the content and uses proxy re-encryption to implement the distribution of the content key.The edge router acts as a proxy and re-encrypts content for the connected authorized user.The content data packet and the key data package encrypted by content provider can share among all users.When the user requests content,the request delay is low,because it can hit the cache with a high probability.The simulation results on ndnSIM show that compared with the way of directly using the user's public key to distribute the content key,this solution improves the cache utilization,and it also reduces the user's request delay.(2)The above solution requires the participation of edge routers in the implementation of the access control scheme,which brings potential security risks.From the perspective of end to end security,broadcast encryption is a good alternative.For the current broadcast encryption-based access control scheme,when the user number of a group is large,the enabling block is large and the content key extraction time is long.This paper proposes a user location-based broadcast encryption access control scheme.Grouping users according to the user's topological position,which keeps the number of users in the broadcast encryption system at an appropriate range,reduces the computational cost for each user,and also improves the problem of low cache utilization caused by random grouping users.The ndnSIM simulation results show that the user location-based broadcast encryption access control scheme reduces the redundancy of the encrypted content in the network and improves the cache utilization compared to the random grouping users.