Research On Access Control Mechanisms Based On Content Encryption For Named Data Networking

With the popularity of Internet applications,the traditional TCP/IP networking has exposed many drawbacks such as poor security,low efficiency of content distribution,and poor mobility.Named Data Networking(NDN)as the next-generation networking is designed to better meet the needs of the users.Due to the feature of in-network caching in NDN,the unauthorized users might fetch the cached contents from NDN routers,and the content provider cannot perform effective access control on the content,and the content provider cannot know the users' access information.Therefore,how to build a traceable,flexible and efficient access control mechanism for NDN is an important research topic to improve the availability of NDN.Funded by the Chongqing Key Project of Research on Fundamental Science and Advanced Technology,this thesis undertakes the research on access control for NDN.The main work and innovations of this thesis are summarized as follows:1.To achieve flexible and efficient access control in NDN,this thesis proposes an access control mechanism based on the content encryption.In order to improve the security of content,a Per-Packet Protection(PPP)method is firstly proposed to implement access control.PPP adopts one-way hash functions to generate random keys for different data packets,and combines Identity Based Cryptography method with the improved Shamir's Secret Sharing method to efficiently distribute the key information.Combined with PPP method,an access control mechanism based on the secret sharing and the symmetric encryption(SSSE)is proposed.SSSE mechanism uses the exclusiveOR threshold secret sharing method to encode the content,and selects part data to perform symmetric encryption.Therefore,SSSE mechanism only re-encrypts partial data instead of the whole data in the revocation process,which reduces computational overhead.The efficiency of SSSE mechanism is verified by simulation.2.To achieve access traceability in NDN,this thesis proposes a traceable and lightweight access control(TLAC)mechanism.TLAC mechanism collaboratively leverages Identity-based Combined Public Key and Schnorr signature to propose an anonymous and secure “three-way handshake” authentication protocol.In the TLAC mechanism,the edge routers perform authentication based on users' signatures attached to Interest packets,which can filter the illegal users' requests and ensure the traceability of the access.Considering the continuity of the request,the mechanism reduces the overhead of the subsequent authentication based on the shared secret and the lightweight one-way hash function after performing “three-way handshake”.The simulation results show that TLAC mechanism only introduces acceptable delay when the user requests content.