Securing Content Sharing over ICN

Fotiou, Nikos; Polyzos, George C.

doi:10.1145/2984356.2984376

Cited by 27 publications

(15 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For this solution, we leverage IB-PRE to provide access control on content items stored in network endpoints outside the administrative realm of the content owner, as in [19]. We assume that each content item is encrypted by the content owner using a symmetric encryption algorithm (each item with a different key) and each item is protected by an access control policy.…”

Section: Access Controlmentioning

confidence: 99%

See 1 more Smart Citation

Name-Based Security for Information-Centric Networking Architectures

Fotiou

Polyzos

2019

Future Internet

View full text Add to dashboard Cite

Information-Centric Networking (ICN) is an emerging communication paradigm built around content names. Securing ICN using named-based security is, therefore, a natural choice. For this paper, we designed and evaluated name-based security solutions that satisfy security requirements that are particular to ICN architectures. In order to achieve our goal, we leverage identity-based encryption, identity-based proxy re-encryption, and the emerging paradigm of decentralized identifiers. Our solutions support outsourcing content storage, content integrity protection and content authentication, and provenance verification, as well as access control. We show that our solutions have tolerable storage and computation overhead, thus proving their feasibility.

show abstract

Section: Access Controlmentioning

confidence: 99%

“…Moreover, storage endpoints learn no secret information. For a more thorough security analysis of this solution, interested readers are referred to [19].…”

Section: Security Evaluationmentioning

confidence: 99%

Name-Based Security for Information-Centric Networking Architectures

Fotiou

Polyzos

2019

Future Internet

View full text Add to dashboard Cite

show abstract

“…We argue that local processing of data within an edge IoT domain can provide better privacy and security compared to cloud-based systems that perform both storage and processing in the cloud. To that end, we envision a proxy reencryption (PRE) based access control scheme similar to the one proposed by Fotiou et al [17], which would allow encryption of processed IoT data before sending it to untrusted parties for better privacy and security. Using the proxy reencryption mechanism, a delegator (e.g., local processing node) can enforce the data access control policies of the IoT domain at an untrusted delegatee (e.g., remote storage services) when encrypted data are shared.…”

Section: Privacy and Security Considerationsmentioning

confidence: 99%

A keyword-based ICN-IoT platform

Ascigil

Rene

Xylomenos

et al. 2017

Proceedings of the 4th ACM Conference on Information-Centric Networking

View full text Add to dashboard Cite

Information-Centric Networking (ICN) has been proposed as a promising solution for the Internet of Things (IoT), due to its focus on naming data, rather than endpoints, which can greatly simplify applications. The hierarchical naming of the Named-Data Networking (NDN) architecture can be used to name groups of data values, for example, all temperature sensors in a building. However, the use of a single naming hierarchy for all kinds of different applications is inflexible. Moreover, IoT data are typically retrieved from multiple sources at the same time, allowing applications to aggregate similar information items, something not natively supported by NDN. To this end, in this paper we propose (a) locating IoT data using (unordered) keywords combined with NDN names and (b) processing multiple such items at the edge of the network with arbitrary functions. We describe and evaluate three different strategies for retrieving data and placing the calculations in the edge IoT network, thus combining connectivity, storage and computing.

show abstract

“…Although our solution is specific to PSI, it can be generalized to any rendezvous‐based ICN architecture, ie, an architecture where a centralized network entity mediates content demand and supply. Our solution is built on our previous works described in Fotiou et al and Fotiou and Polyzos . In particular, the security mechanisms discussed in Fotiou and Polyzos are applied to the solution presented in Fotiou et al so as to remove the need for a trusted entity (in Fotiou et al, this entity is referred to as the Access Control Provider ).…”

Section: Introductionmentioning

confidence: 99%

“…Our solution is built on our previous works described in Fotiou et al and Fotiou and Polyzos . In particular, the security mechanisms discussed in Fotiou and Polyzos are applied to the solution presented in Fotiou et al so as to remove the need for a trusted entity (in Fotiou et al, this entity is referred to as the Access Control Provider ). As a consequence, this work adds significant less communication overhead compared to Fotiou et al…”

Section: Introductionmentioning

confidence: 99%

Rendezvous‐based access control for information‐centric architectures

Fotiou

Alzahrani

2017

Int J Network Mgmt

Self Cite

View full text Add to dashboard Cite

SummaryInformation-centric networking (ICN) has been in the spotlight of many research efforts as it shifts the focus from (endpoint) locations to content items themselves. By leveraging content centrism and by using content and content names as the main pillar of all (inter-)networking functions, ICN architectures are expected to overcome many of the limitations of the current Internet architecture. Information-centric networking paradigm also advocates a shift in security solutions: Instead of securing the communication channel, ICN security solutions should secure the content itself. Therefore, end users should be able to access content stored in various locations in the network-even unsecured-in a private and secure way. Similarly, content owners should not lose the governance of their content items, no matter the network location where they are stored.In this paper, we design, implement, and evaluate an access control delegation mechanism for the publish-subscribe Internet architecture. Our solution does not introduce any new entity; instead it allows semitrusted publish-subscribe Internet rendezvous points to enforce access control policies. Moreover, our solution leverages identity-based proxy re-encryption to protect content confidentiality in the presences of malicious publishers, ie, nodes that host content items and do not respect the access control decisions of the rendezvous point.

show abstract

Securing Content Sharing over ICN

Cited by 27 publications

References 25 publications

Name-Based Security for Information-Centric Networking Architectures

Name-Based Security for Information-Centric Networking Architectures

A keyword-based ICN-IoT platform

Rendezvous‐based access control for information‐centric architectures

Contact Info

Product

Resources

About