An integrated authentication and authorization approach for the network of information architecture

Several projects propose an information centric approach to the network of the future. Such an approach makes efficient content distribution possible by making information retrieval host-independent and integration into the network storage for caching information. Requests for particular content can, thus, be satisfied by any host or server holding a copy. One well-established approach of information centric networks is the Network of Information (NetInf) architecture, developed as part of the EU FP7 project SAIL. The approach is based on the Publish/Subscribe model, where hosts can join a network, publish data, and subscribe to publications. The NetInf introduces two main stages namely, the Publication and Data Retrieval through which hosts publish and retrieve data. Also, a distributed Name Resolution System (NRS) has been introduced to map the data to its publishers. The NRS is vulnerable to masquerading and content poisoning attacks through invalid data registration. Therefore, the paper proposes a Registration stage to take place before the publication and data retrieval stage. This new stage will identify and authenticate hosts before being able to access the NetInf system. Furthermore, the Registration stage uses (cap)abilities-based access policy to mitigate the issue of unauthorized access to data objects. The proposed solutions have been formally verified using formal methods approach.

[1]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[2]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM 2007.

[3]  Mahdi Aiash A formal analysis of authentication protocols for mobile devices in next generation networks , 2015, Concurr. Comput. Pract. Exp..

[4]  Bengt Ahlgren,et al.  Secure Naming for a Network of Information , 2010, 2010 INFOCOM IEEE Conference on Computer Communications Workshops.

[5]  Michael Rabinovich,et al.  Content Delivery Networks: Protection or Threat? , 2009, ESORICS.

[6]  Stephen Farrell,et al.  The NetInf Protocol , 2013 .

[7]  Michael Gregg Certified ethical hacker , 2006 .

[8]  Catherine Paquet Implementing Cisco IOS Network Security (IINS): CCNA Security exam 640-553 , 2009 .

[9]  Zongming Guo,et al.  Topology-aware content-centric networking , 2013, SIGCOMM.

[10]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[11]  Stephen Farrell,et al.  The Named Information (ni) URI Scheme: Optional Features , 2012 .

[12]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[13]  Hsing-Chung Chen A multi-issued tag key agreement with time constraint for homeland defense sub-department in NFC environment , 2014, J. Netw. Comput. Appl..

[14]  Giannis F. Marias,et al.  Access control enforcement delegation for information-centric networking architectures , 2012, ICN.

[15]  Mahdi Aiash A Novel Security Protocol for Resolving Addresses in the Location/ID Split Architecture , 2013, NSS.