LIVE: Lightweight Integrity Verification and Content Access Control for Named Data Networking

Li, Qi; Zhang, Xinwen; Zheng, Qingji; Sandhu, Ravi; Fu, Xiaoming

doi:10.1109/tifs.2014.2365742

Cited by 81 publications

(39 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently several researches have been conducted to deal with the problem of heavy overhead from public key signature-based data packet authentication in CCN [1,4,[7][8][9][10][11][12][13][14]. PARC implemented MHT-based aggregate signing mechanism into CCNx, which is the reference implementation of CCN protocol [1,4,7,8] [9,10].…”

Section: Content-centric Networking (Ccn) and Content Authentication mentioning

confidence: 99%

“…Even though self-verifying name-based methods can reduce the number of signature generation and verification, they depend on a certain naming architecture and the works in [11,12] did not provide the implementation results. In 2015, Qi Li et al proposed LIVE (Lightweight Integrity Verification architecture), which provides an efficient data segment integrity mechanism and allows a content publisher to control access to contents stored in remote CCN network nodes [14]. In LIVE, a content publisher provides different kinds of tokens to network nodes according to the access control policy and only nodes that receive the authorized token can verify the content and store it in their Content Store.…”

Section: Content-centric Networking (Ccn) and Content Authentication mentioning

confidence: 99%

“…To address heavy overhead from public key signaturebased data segment authentication in CCN, several researches have been conducted [1,[6][7][8][9][10][11][12][13][14]. These can be divided into five categories: Merkle Hash Tree (MHT) based signing approaches [1,[6][7][8], HMAC-based methods [9,10], selfverifying name-based methods [11,12], hash chain-based method [13], and multitoken-based method [14].…”

Section: Introductionmentioning

confidence: 99%

“…These can be divided into five categories: Merkle Hash Tree (MHT) based signing approaches [1,[6][7][8], HMAC-based methods [9,10], selfverifying name-based methods [11,12], hash chain-based method [13], and multitoken-based method [14]. PARC (Palo Alto Research Center) implemented MHT-based aggregate signing mechanism into CCNx, which is the reference implementation of CCN protocol [1,4,7,8].…”

Section: Introductionmentioning

confidence: 99%

“…Even though it is efficient with regard to computation and communication, it might be vulnerable to transmission error due to inherent property of hash chain. Noteworthily, in 2015, multitoken-based method was proposed for efficient data integrity checking and access control in CCN nodes [14]. Even if transmission delay and communication overhead from the method are acceptable, it requires that a content publisher has complete identity information of authorized CCN nodes along with their public keys.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

Seo

Youn

2018

Security and Communication Networks

View full text Add to dashboard Cite

Content-Centric Networking (CCN) is a new networking paradigm for the future Internet, which shifts the communication paradigm from host-centric to data-centric. In CCN, contents are routed by their unique names and they are stored in network nodes by units of segment during transmission for future usage. Since contents are stored in network nodes in a distributed manner, security is built into CCN data packets by embedding a public key signature to enable any content requesters to verify authenticity and integrity of contents. However, the use of public key signatures for authenticating CCN data packets incurs significant overhead regarding computation and communication, which limits universal utilization of CCN. Furthermore, this can lead to a new kind of DDoS attacks. Even though CCN adopts an aggregate signature method based on Merkle Hash Tree (MHT) in its reference implementation, it still incurs large amount of overhead. This paper presents TLDA, an efficient Two-Layered Data Authentication mechanism, which can considerably reduce overhead of computation and communication for authenticating data segments in CCN. For efficiency of computation and communication, TLDA newly introduces the concept of authentication Meta part consisting of data segments' hash values. To a great extent TLDA not only reduces the computation and communication overhead compared with CCN's basic authentication method, but also provides robustness against transmission loss and out-of-order transmission.We have implemented TLDA and demonstrated that it provides 74.3% improved throughput and 36.557% reduced communication overhead compared to those of the original CCNx library developed by PARC when transmitting a 128Mbyte content in units of 1Kbyte segment with RSA-2048 and SHA-256 as its signature algorithm and hash algorithm, respectively.

show abstract

Section: Content-centric Networking (Ccn) and Content Authentication mentioning

confidence: 99%

Section: Content-centric Networking (Ccn) and Content Authentication mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

Seo

Youn

2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

An edge re‐encryption‐based access control mechanism in NDN

Zhu

Huang

Tao

et al. 2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Content privacy is one of the key issues in named data networking. Implementing content access control by encrypting the content key with the user's public key is the major method currently. However, this method brings extra retrieving delay because the user needs to obtain the encrypted key from the producer after requesting data packet. Focusing on this problem, this paper proposes an edge re‐encryption‐based access control (ERE‐AC), in which the content is encrypted using a symmetric key, and the content key will be encrypted twice by the producer and edge router. Using edge re‐encryption, only the authorized user can decrypt the re‐encrypted content key with its own private key and thus obtaining the plaintext of content. This mechanism makes the encrypted content and content key stored in the network that are available for all users. It achieves two advantages, one is that the user does not need to fetch content key from the producer and can shorten the retrieving time; another is that no replica redundancy exists in the network. The simulation results of ndnSIM show that compared with encryption and probability‐based access control model, ERE‐AC can effectively shorten the content retrieving delay while slightly increasing the hit rate.

show abstract

An efficient caching security approach for content‐centric mobile networks in internet of things systems

Obaidat

et al. 2023

Security and Privacy

View full text Add to dashboard Cite

With the expansion of internet of things (IoT), the IP-based network architecture has been difficult to support the development of IoT. Content-centric mobile networking (CCMN) models are based on naming the content to get rid of address-space scarcity, caching the content at intermediate nodes to provide efficient data delivery, which can solve the development bottleneck ofIoT. The in-network caching is a key factor to enable practical deployments of CCMN. And it is also subject to serious security threats of cache pollution attacks (CPA), which can tamper the distribution of content and reduce the advantages of built-in cache. In addition, the identity and trust mechanism of mobile devices are also important factors hindering the deployment of CCMN. However, existing caching security mechanisms cannot be applied directly, because the features of the built-in cache, including ubiquity, mobility, and heterogeneity, bring new challenges on designing the caching security mechanism against CPA. In this article, we propose a lightweight CPA detection and defense approach for CCMN. We first model the attack and defense process of CPA as a dynamic game, which can optimize the performance of the attack detection. Then, we adopt popularity analysis to detect CPA, and accurately estimate the current network and attack state by a logical regression algorithm. Our design can also intelligently maintain the identity and trust mechanism.Finally, we design a punishment mechanism to deal with the attackers. Extensive simulations demonstrate that our approach can detect CPA efficiently, mitigate the impact of CPA effectively. Our game model can reduce the impact of locality-disruption attack and false-locality attack by 60% and 30%, respectively, compared with the state-of-the-art methods. When the game reaches Nash equilibrium, our model can reduce the impact of CPA on cache hit ratio by 55% on average.

show abstract

LIVE: Lightweight Integrity Verification and Content Access Control for Named Data Networking

Cited by 81 publications

References 26 publications

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

TLDA: An Efficient Two-Layered Data Authentication Mechanism for Content-Centric Networking

An edge re‐encryption‐based access control mechanism in NDN

An efficient caching security approach for content‐centric mobile networks in internet of things systems

Contact Info

Product

Resources

About