Research On Content Validity Authtication And Access Control Mechanism In Information Center Network

Nowadays,multimedia content retrieving replace traditional end-to-end commu-nication as the core services of the Internet today.The traditional TCP/IP architecture are not designed for large-scale content retrieving at the beginning.When it deals with repeated transmission of popular contents,there are massive redundant data in the exciting network,resulting in low bandwidth utilization and transmission efficiency.To improve the contents distribution transmission efficiency of networks,researchers try to propose a new network framework to solve the problems in TCP/IP architecture.The future network architecture,represented by the Information Center Network(ICN),is emerged.ICN innovatively replaces the original named host model with named content.Also it introduces in-network caching,which empowers the routers the ability to cache contents,so that interest packets can be satisfied and responded by routers in the network,making network transmission efficiency much higher.However,these new features of ICN networks also bring new security challenges that are different from those of traditional networks.Due to ICN inter-network caching,the content validity verification problem and access control problem have become the new security issues that need to be solved immediately.The distributed storage of content in ICN networks makes the content no longer under the direct control of the content provider physically,and it is difficult for content providers to protect contents validity and provide the content access control.Content security in ICN networks is very different from traditional networks due to these changes:1)Validation of content.Since the contents cached by routers in ICN networks are forwarded from others,it gives attackers the opportunity to inject poisoned contents into the network,which further pollutes the routers' caches and thus makes users' requests to be responded by poisoned contents as well.It is very important for ICN to authenticate the validity of contents which is guarantee that ICNs can provide content effectively.The existing schemes only considers the computation overhead of content validity detection at a single point.But they ignore a fact that the validation results of a single router can be used by other routers to improve the validation efficiency with collaboration by each other.There is no proposed scheme for collaborative verification in ICN now.2)Access control of content.Based on the in-network caching feature,packets of interest may be satisfied at any routers and the content is returned directly to the requesting user.In the standard ICN architecture,users can access the required content from the network without the authorization of the content provider.Therefore,in order to guarantee secure content delivery,access control in ICN is also an important issue.The existing schemes is based on content encryption and distribution of keys to achieve access control capability.However,this type of scheme is not consider to the implementation of such a situation:the content is distributed in advance using the in-network caching of ICN network,and only legitimate users can finally decrypt the content at the specified moment.So in the above two aspects of ICN content security,although some schemes have been proposed,there are still some unsatisfactory shortcomings in both performance and functionality,which affect the usability of these schemesIn this thesis,we conducts in-depth research in terms of two aspects of ICN content security and propose two solutions for each.The main contributions of this paper are as follows:(1)A collaborative,secure,efficient content validation protection framework for Information Centric Networking,CSEVP,is proposed.In the proposed scheme,each router independently calculates a certain probability to authenticate a content.All routers transmitting content have the probability to participate in the authentication and only one router authenticate the content.Secondly,CSEVP uses a bloom filter to record the results of the authenticated cached content for easy sharing among routers,thus further improving the authentication efficiency.(2)A time sensitive,lightweight and secure access control for Information Centric Networking,TSLS,is proposed.In the proposed scheme,the content provider introduces a combination of broadcast encryption and time token to protect the confidentiality of the content,and only users who satisfy the privilege at a specific time have the ability to decrypt and access the content.In addition,fast and lightweight challenge-response authentication is implemented on the edge router to block unauthorized requests from being injected into the network.Responses from legitimate users are forwarded to content providers to express the user's needs.And content providers can distribute content to the network in advance based on the user's needs,improving the efficiency of content distribution.