Forward Secrecy Enhancement for Named Data Networking Access Control over Mobile Ad-Hoc Networks

Abstract

Named Data Networking (NDN) is a new paradigm for the future Internet, aiming for efficient content delivery using in-network cache and information-centric communication. Security is built into NDN by embedding a public key signature in each data packet to enable verification of authenticity and integrity of contents. For NDN access control, the encryption-based model is the main proposed scheme where sensitive data are encrypted by legitimate producers and then decrypted by only authorized consumers. There have been several proposals using this encryption-based model. However, most of them still suffer from Perfect Forward Secrecy (PFS) issues. Without PFS, the previously published contents for an authorized consumer could be compromised if the private key of the consumer is leaked. This could be a serious security threat in several scenarios, particularly the battlefield scenario. Hence, this dissertation proposes EKAC: Ephemeral Key-based Access Control scheme for NDN to address the problem. EKAC considers Mobile Ad-Hoc Network scenarios, like battlefield network, where the connection can be intermittently lost, and provides a new mechanism to provide PFS, immediate revocation. We have evaluated the performance of EKAC by comparing to previous encryption-based access control schemes. From the evaluation results, EKAC is more suitable for security to prevent attackers to access the previously published contents, in case that the attackers compromise consumer devices to gain the consumer’s private key. So, EKAC can support ephemeral key shares. Furthermore, our policy key distribution is more suitable for intermittent connection. For the efficiency of EKAC, we have also found that EKAC computation and communication cost is less than the previous NDN access control scheme.

-