An Endorsement-based Key Management System for Decentralized NDN Chat Application

In Named Data Networking (NDN), all data packets are authenticated with digital signatures. Thus a trustworthy key management system is required in all NDN applications for data validation. In this paper, we propose an endorsementbased key management system, which is inspired by the concept of Web-of-Trust, to secure ChronoChat, a serverless group chat application over NDN. With the endorsementbased key management system, users in a chatroom can collaboratively authenticate each other’s membership in the chatroom. The system also leverages the synchronization mechanism provided in ChronoChat for efficient key/endorsement distribution and revocation. We further extend the key management system for user identity authentication in a chatroom to enable one user to authenticate another user’s identity without resorting to any external public key infrastructure.

[1]  Van Jacobson,et al.  A new approach to securing audio conference tools , 2011, AINTEC '11.

[2]  Los Angeles,et al.  Addressing Operational Challenges in Named Data Networking Through NDNS Distributed Database , 2013 .

[3]  Lixia Zhang,et al.  Security evaluation of a control system using Named Data Networking , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[4]  Wolfgang Nejdl,et al.  Personalized Reputation Management in P2P Networks , 2004, ISWC Workshop on Trust, Security, and Reputation on the Semantic Web.

[5]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[6]  Gene Tsudik,et al.  DoS and DDoS in Named Data Networking , 2012, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[7]  Daniel Massey,et al.  Security Through Publicity , 2006, HotSec.

[8]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[9]  V. Jacobson,et al.  Securing Network Content , 2009 .

[10]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[11]  Alexander Afanasyev,et al.  Chronos : Serverless Multi-User Chat Over NDN , 2012 .

[12]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[13]  David Shaw,et al.  OpenPGP Message Format , 1998, RFC.

[14]  Alexander Afanasyev,et al.  Let's ChronoSync: Decentralized dataset state synchronization in Named Data Networking , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[15]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[16]  Priya Mahadevan,et al.  Interest flooding attack and countermeasures in Named Data Networking , 2013, 2013 IFIP Networking Conference.

[17]  Gene Tsudik,et al.  Securing instrumented environments over content-centric networking: the case of lighting control and NDN , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[18]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.