NDN-ABS: Attribute-Based Signature Scheme for Named Data Networking

The Named Data Networking architecture mandates cryptographic signatures of packets at the network layer. Traditional RSA and ECDSA public key signatures require obtaining signer's NDN certificate (and, if needed, the next-level certificates of the trust chain) to validate the signatures. This potentially creates two problems. First, the communication channels must be active in order to retrieve the certificates, which is not always the case in disruptive and ad hoc environments. Second, the certificate identifies the individual producer and thus producer anonymity cannot be guaranteed if necessary. In this paper, we present NDN-ABS, an alternative NDN signatures design based on the attribute-based signatures, to addresses both these problems. With NDN-ABS, data packets can be verified without the need for any network retrieval (provided the trust anchor is pre-configured) and attributes can be designed to only identify application-defined high-level producer anonymity sets, thus ensuring individual producer's anonymity. The paper uses an illustrative smart-campus environment to define and evaluate the design and highlight how the NDN trust schema can manage the validity of NDN-ABS signatures. The paper also discusses performance limitations of ABS and potential ways they can be overcome in a production environment.

[1]  Jaap-Henk Hoepman,et al.  Fast revocation of attribute-based credentials for both users and verifiers , 2017, Comput. Secur..

[2]  Li Xu,et al.  Attribute-Based Signatures with Efficient Revocation , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[3]  Satyajayant Misra,et al.  LASeR: Lightweight Authentication and Secured Routing for NDN IoT in Smart Cities , 2017, IEEE Internet of Things Journal.

[4]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[5]  Sarmad Ullah Khan,et al.  Multiple Authorities Attribute-Based Verification Mechanism for Blockchain Mircogrid Transactions , 2018 .

[6]  Tsz Hon Yuen,et al.  Time-Based Direct Revocable Ciphertext-Policy Attribute-Based Encryption with Short Revocation List , 2018, IACR Cryptol. ePrint Arch..

[7]  Börje Ohlman,et al.  Attribute-Based Encryption on a Resource Constrained Sensor in an Information-Centric Network , 2016, ICN.

[8]  Jaap-Henk Hoepman,et al.  Fast revocation of attribute-based credentials for both users and verifiers , 2015, Comput. Secur..

[9]  Xiaofeng Wang,et al.  Mediated attribute based signature scheme supporting key revocation , 2012, 2012 8th International Conference on Information Science and Digital Content Technology (ICIDT2012).

[10]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[11]  Alexander Afanasyev,et al.  NDN DeLorean: an authentication system for data archives in named data networking , 2017, ICN.

[12]  Kenichi Nakamura,et al.  Moderator-Controlled Information Sharing by Identity-Based Aggregate Signatures for Information Centric Networking , 2015, ICN.

[13]  Nikos Fotiou,et al.  Securing Content Sharing over ICN , 2016, ICN.

[14]  Dongqing Xie,et al.  Attribute-based signature and its applications , 2010, ASIACCS '10.

[15]  Brent Waters,et al.  Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption , 2012, IACR Cryptol. ePrint Arch..

[16]  Alexander Afanasyev,et al.  A Brief Introduction to Named Data Networking , 2018, MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM).

[17]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[18]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[19]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[20]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[21]  Van Jacobson,et al.  Schematizing Trust in Named Data Networking , 2015, ICN.

[22]  Jianqing Zhang,et al.  Toward content-centric privacy in ICN: attribute-based encryption and routing , 2013, SIGCOMM 2013.

[23]  Alexander Afanasyev,et al.  NAC: Automating Access Control via Named Data , 2018, MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM).

[24]  Patrick Crowley,et al.  Named data networking , 2014, CCRV.

[25]  Mariana Raykova,et al.  Decentralized Authorization and Privacy-Enhanced Routing for Information-Centric Networks , 2015, ACSAC 2015.

[26]  Jinshu Su,et al.  Flexible multi-authority attribute-based signature schemes for expressive policy , 2012, Mob. Inf. Syst..

[27]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[28]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[29]  Melissa Chase,et al.  FAME: Fast Attribute-based Message Encryption , 2017, CCS.

[30]  Dalia Khader,et al.  Attribute Based Group Signature with Revocation , 2007, IACR Cryptol. ePrint Arch..