Achieving secure and scalable data access control in information-centric networking

Shifting from host-oriented to data-oriented, information-centric networking (ICN) adopts several key design principles, e.g., in-network caching, to cope with the tremendous internet growth. In the ICN setting, data to be distributed can be cached by ICN routers anywhere and accessed arbitrarily by customers without data publishers' permission, which imposes new challenges when achieving data access control: (i) security: How can data publishers protect data confidentiality (either data cached by ICN routers or data accessed by authorized users) even when an authorized user's decryption key was revoked or compromised, and (ii) scalability: How can data publishers leverage ICN's promising features and enforce access control without complicated key management or extensive communication. This paper addresses these challenges by using the new proposed dual-phase encryption that uniquely combines the ideas from one-time decryption key, proxy re-encryption and all-or-nothing transformation, while still being able to leverage ICN's features. Our analysis and performance show that our solution is highly efficient and provable secure under the existing security model.

[1]  Giannis F. Marias,et al.  Access control enforcement delegation for information-centric networking architectures , 2012, CCRV.

[2]  Ravi S. Sandhu,et al.  An Attribute Based Framework for Risk-Adaptive Access Control Models , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[3]  Benoît Libert,et al.  Multi-use unidirectional proxy re-signatures , 2008, CCS.

[4]  Philip W. L. Fong Relationship-based access control: protection model and policy language , 2011, CODASPY '11.

[5]  Stephen Farrell,et al.  Network of Information (NetInf) - An information-centric networking architecture , 2013, Comput. Commun..

[6]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[7]  Gerardo Pelosi,et al.  Efficient and Private Access to Outsourced Data , 2011, 2011 31st International Conference on Distributed Computing Systems.

[8]  Christopher A. Wood,et al.  Flexible end-to-end content security in CCN , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[9]  Sasu Tarkoma,et al.  Publish/Subscribe for Internet: PSIRP Perspective , 2010, Future Internet Assembly.

[10]  Reihaneh Safavi-Naini,et al.  Digital Rights Management for Content Distribution , 2003, ACSW.

[11]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[12]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[13]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[14]  Pekka Nikander,et al.  Developing Information Networking Further: From PSIRP to PURSUIT , 2010, BROADNETS.

[15]  Bharat K. Bhargava,et al.  Secure and efficient access to outsourced data , 2009, CCSW '09.

[16]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[17]  Yonggang Wen,et al.  Towards end-to-end secure content storage and delivery with public cloud , 2012, CODASPY '12.

[18]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[19]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM 2007.

[20]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[21]  Asit Chakraborti,et al.  Demo overview: multi-party conference over virtual service edge router (vser) platform , 2014, ICN '14.

[22]  Scott A. DeLoach,et al.  Investigating the application of moving target defenses to network security , 2013, 2013 6th International Symposium on Resilient Control Systems (ISRCS).

[23]  Satyajayant Misra,et al.  Secure content delivery in information-centric networks: design, implementation, and analyses , 2013, ICN '13.

[24]  Asit Chakraborti,et al.  Towards software defined ICN based edge-cloud services , 2013, 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet).

[25]  Victor Boyko,et al.  On the Security Properties of OAEP as an All-or-Nothing Transform , 1999, CRYPTO.

[26]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.