Supporting Virtual Organizations Using Attribute-Based Encryption in Named Data Networking

This paper investigates the use of Named Data Networks (NDNs) and Attribute-Based Encryption (ABE) to support federations of computing resources managed using the Virtual Organization (VO) concept. The NDN architecture focuses on fetching structurally named and secured pieces of application data, instead of pushing packets to host IP addresses. The VO concept allows management of federations across different administrative domains and enable secure collaborations. We show how hierarchicallly structured namespaces can be used to manage sets of named resources from different VO sites, and make them available to different VO members, based on their authorization attributes. For this initial investigation, we use a Two-Tier VO model and develop the associated VO data naming schema. We present an example, discuss outstanding issues, and identify future work.

[1]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[2]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[3]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[4]  Steven Tuecke,et al.  Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile , 2004, RFC.

[5]  Bassem Nasser,et al.  Access Control Model for Grid Virtual Organizations , 2005, ICEIS.

[6]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[7]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[8]  Jim Basney,et al.  Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, Grid , 2006 .

[9]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[10]  Christine Morin,et al.  Virtual Organization Support within a Grid-Wide Operating System , 2008, IEEE Internet Computing.

[11]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[12]  Alexander Afanasyev,et al.  Let's ChronoSync: Decentralized dataset state synchronization in Named Data Networking , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[13]  David W. Chadwick,et al.  Adding Federated Identity Management to OpenStack , 2013, Journal of Grid Computing.

[14]  Craig A. Lee,et al.  A Design Space Review for General Federation Management Using Keystone , 2014, 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing.

[15]  Patrick Crowley,et al.  Named data networking , 2014, CCRV.

[16]  Craig A. Lee,et al.  A Keystone-Based Virtual Organization Management System , 2014, 2014 IEEE 6th International Conference on Cloud Computing Technology and Science.

[17]  Harvey Newman,et al.  Managing scientific data with named data networking , 2015, NDM '15.

[18]  Van Jacobson,et al.  Schematizing Trust in Named Data Networking , 2015, ICN.

[19]  Name-Based Access Control , 2015 .

[20]  Alexander Afanasyev,et al.  Named Data Networking of Things (Invited Paper) , 2016, 2016 IEEE First International Conference on Internet-of-Things Design and Implementation (IoTDI).

[21]  Craig A. Lee,et al.  Cloud Federation Management and Beyond: Requirements, Relevant Standards, and Gaps , 2016, IEEE Cloud Computing.

[22]  Craig A. Lee,et al.  A Keystone-Based General Federation Agent , 2016, 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW).

[23]  Foster Ian,et al.  Globus auth: A research identity and access management platform , 2016 .

[24]  Alexander Afanasyev,et al.  NAC: Automating Access Control via Named Data , 2018, MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM).