An access control mechanism to ensure privacy in named data networking using attribute-based encryption with immediate revocation of privileges

For future Internet, information-centric networking (ICN) is considered a potential solution to many of its current problems. However, concern regarding the protection of user data persists. This paper presents an access control mechanism that will allow users to set fine-grained access policies for applications in named data networking (NDN), a popular ICN architecture. Using an attribute-based encryption scheme with an immediate revocation of privileges, data security is guaranteed. The mechanism inserts a proxy server to mediate the access to the protected data and to inspect for revocation. As an optional feature, the NDN router can add proxy server functions. According to the experiments, the proposed security mechanism proved functional in terms of processing time, memory usage, and file size, which influence both storage and transmission and demonstrate efficiency in manipulating dozens of attributes in an access policy.

[1]  Prateek Mittal,et al.  EASiER: encryption-based access control in social networks with efficient revocation , 2011, ASIACCS '11.

[2]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[3]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.

[4]  Emiliano De Cristofaro,et al.  Privacy in content-oriented networking: threats and countermeasures , 2012, CCRV.

[5]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[6]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[7]  Allison Bishop,et al.  Revocation Systems with Very Small Private Keys , 2010, 2010 IEEE Symposium on Security and Privacy.

[8]  Junbeom Hur,et al.  Improving Security and Efficiency in Attribute-Based Data Sharing , 2013, IEEE Transactions on Knowledge and Data Engineering.

[9]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[10]  Deborah Estrin,et al.  Named Data Networking (NDN) Project , 2010 .

[11]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[12]  Nikos Fotiou,et al.  A Survey of Information-Centric Networking Research , 2014, IEEE Communications Surveys & Tutorials.

[13]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).