Research On Security Authentication Methods In Named Data Networking

Currently,with the recent advances in the Internet,the end-to-end communication mode has been gradually transformed into a content-driven communication mode.With the popularity of Internet applications,the explosive growth of Internet users,and the continuous innovation of technologies such as Internet of things(IoT),edge computing and artificial intelligence,the architecture with IP address is increasingly hard to adapt to the rapid expansion of network scale and network data content.As the representative of content-centered network,named data networking(NDN)has gradually become the mainstream of the future Internet architecture because of its advantages in scalability,security,flexibility,reliability,congestion control and routing strategy.The security of NDN is embedded in the architecture at the beginning of design.The security of network depends on the data itself.At the beginning of data packet release,the data producer is forced to sign the content,and the data packet will be verified several times in the forwarding process.Insecure authentication scheme will not only leak the user's privacy,but also cause serious content and cache pollution to the network,which will induce various network attacks such as packet analysis attack.Although there are many research directions related to NDN security authentication in academia,the proposed schemes still have a lot of space for improvement in terms of security,resource utilization,and verification efficiency.Therefore,it is necessary to study an efficient and safe NDN authentication scheme.The main research work of this thesis is as follows:1.This thesis first introduces the architecture,naming mechanism,routing and forwarding mechanism,as well as security mechanism of NDN,and then analyzes the advantages of named data networking over IP networking.Then,it introduces the existing NDN security authentication schemes,and makes comparative analysis of them.2.The certificateless public key cryptosystem and batch verification mechanism are introduced.Then,this thesis analyzes the security problems of the existing certificateless batch verification methods.Later,considering that the data packet will be verified several times in the NDN core network,it proposes a certificateless batch verification scheme for named data networking.The scheme is proved to be safe under the random oracle model.In addition,the proposed scheme avoids the certificate management problem and key escrow problem in the traditional public key cryptosystem,and improves the verification efficiency of routers in the NDN network.3.This thesis leverages NDN to construct an IoT environment(NDN-IoT).Based on the mobile edge computing technology,it proposes a certificateless batch verification scheme in the environment of NDN-IoT.The proposed scheme solves the management problem of IoT end devices,avoids the data pollution from the source of information,transfers complex signing tasks from the source-constrained end devices and reduces the communication overhead in the NDN core network.Both security analysis and experimental simulations show that the proposed MEC-based certificateless batch verification scheme is provably secure and practical.