NAC: Automating Access Control via Named Data

Zhang, Zhiyi; Yu, Yang; Ramani, Sanjeev Kaushik; Afanasyev, Alexander; Zhang, Lixia

doi:10.1109/milcom.2018.8599774

Cited by 48 publications

(16 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…By encrypting the content with specific key, only the user owning the key can consume the content. Concretely, Zhang et al 3 proposed a typical access control scheme named NAC‐RSA. In NAC‐RSA, three roles are introduced, Access Manager (AM), Encryptor (i.e., the producer in NDN), Decryptor (i.e., the consumer in NDN).…”

Section: Related Workmentioning

confidence: 99%

“…To protect individual privacy in security‐based mobile prediction process for opportunistic Cloud of Things, Wang et al 8 designed a Privacy‐Preserving Message Forwarding framework, which also integrates an attribute‐based cryptographic algorithm with a message delivery process to resist malicious attack. Through improving NAC‐RSA using CP‐ABE, Zhang et, al 3 . proposed NAC‐ABE and simplified the key management and achieved better scalability under fine‐grained access control.…”

Section: Related Workmentioning

confidence: 99%

“…And if the name prefix entry does not exists, the interest packet will directly be treated as an illegal request from an unsubscribed user and discarded.As mentioned in Section 1, to check the validity of received interest packet, if simply moving the registration data from producer to edge router, the edge router should keep the producer's public key and each user's public key simultaneously. However, through introducing proxy signature, IBAC‐EV enables producer to delegate its signature and authentication authority to subscribed users and edge routers, respectively, so that the edge router only needs producer's public key to verify the signature. Content RetrievalFor utilizing the in‐network caching of NDN, symmetric encryption‐based content distribution is widely adopted to achieve the reusability of encrypted content in the network 3,16 SK (symmetric key) between the producer and edge router to protect the content, while sharing the encrypted content in the network.…”

Section: Interest‐based Access Control Via Edge Verificationmentioning

confidence: 99%

See 2 more Smart Citations

An interest‐based access control scheme via edge verification in Named Data Networking

Tao

Zhu

2022

Int J Communication

View full text Add to dashboard Cite

Named Data Networking (NDN) is a disruptive future architecture, in which content delivery can be significantly improved through named routing and distributed caching. However, distributed caching also leads to serious access control problems. Once a content is disseminated to the network, any entity can fetch it regardless of owning the access permission or not. To protect the authorized content, current solutions are mainly designed based on data packet encryption, but redundant in-network traffic is still a challenge due to illegal interest-data exchange. Focus on this problem, an Interest-Based Access Control scheme via Edge Verification (IBAC-EV) is proposed in this paper. In IBAC-EV, the producer authorizes the user to sign interest packet. By checking the signature, the edge router can forbid unsubscribed users to enter network through discarding interest packets. Simulation results show that IBAC-EV can effectively reduce the in-network traffic. Moreover, by using proxy signature algorithm, it simplifies the complexity of key management and alleviates the storage overhead on the edge router.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Interest‐based Access Control Via Edge Verificationmentioning

confidence: 99%

See 1 more Smart Citation

An interest‐based access control scheme via edge verification in Named Data Networking

Tao

Zhu

2022

Int J Communication

View full text Add to dashboard Cite

show abstract

“…Similarly, the access control module in Sovereign is also based on names. In Sovereign, the payload carried by each network packet is encrypted in a data-centric way [44]: the ciphertext is not bound with a channel (e.g., TLS); any party who has the decryption key can access it.…”

Section: Access Controlmentioning

confidence: 99%

Sovereign: User-Controlled Smart Homes

Zhang,

Yu,

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Smart homes made up of Internet of Things (IoT) devices have seen wide deployment in recent years, with most, if not all, of them controlled by remote servers in the cloud. Such designs raise security and privacy concerns for end users. We believe that the current situation has largely resulted from lacking a systematic home IoT framework to support localized end user control.To let end users take back the control of smart homes, we propose Sovereign, an IoT system framework that allows users to securely control home IoT systems without depending on a cloud backend. Unlike existing solutions, Sovereign networks home IoT devices and applications using named data with application-level semantics; the names are then used to construct security mechanisms. Users define security policies and these policies are then executed by the localized security modules. We implement Sovereign as a pub/sub based development platform together with a prototype local IoT controller. Our preliminary evaluation shows that Sovereign provides an easy-to-use systematic solution to secure smart homes under user control without imposing noticeable overhead.

show abstract

“…We argue that this is relatively easy in a private business model where the trust relationships among system entities have already been established. For example, DLedger can utilize name-based access control (NAC) [34], where the identity manager can serve as the decryption key distributor who grants the access rights to internal entities only.…”

Section: Security Attributesmentioning

confidence: 99%

DLedger: An IoT-Friendly Private Distributed Ledger System Based on DAG

Zhang,

Vasavada,

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

With the ever growing Internet of Things (IoT) market, ledger systems are facing new challenges to efficiently store and secure enormous customer records collected by the IoT devices. The authenticity, availability, and integrity of these records are critically important for both business providers and customers. In this paper, we describe DLedger, a lightweight and resilient distributed ledger system. Instead of a single chain of blocks, DLedger builds the ledger over a directed acyclic graph (DAG), so that its operations can tolerate network partition and intermittent connectivity. Instead of compute-intensive Proof-of-Work (PoW), DLedger utilizes Proof-of-Authentication (PoA), whose light-weight operations are IoT-friendly, to achieve consensus. Furthermore, DLedger is built upon a data-centric network called Named Data Networking (NDN), which facilitates the peerto-peer data dissemination in heterogeneous IoT networks.

show abstract

NAC: Automating Access Control via Named Data

Cited by 48 publications

References 19 publications

An interest‐based access control scheme via edge verification in Named Data Networking

An interest‐based access control scheme via edge verification in Named Data Networking

Sovereign: User-Controlled Smart Homes

DLedger: An IoT-Friendly Private Distributed Ledger System Based on DAG

Contact Info

Product

Resources

About