Secure Naming for a Network of Information

Several projects propose an information-centric approach to the network of the future. Such an approach makes efficient content distribution possible by making information retrieval host-independent and integrating into the network storage for caching information. Requests for particular content can, thus, be satisfied by any host or server holding a copy. The current security model based on host authentication is not applicable in this context. Basic security functionality must instead be attached directly to the data and its naming scheme. A naming scheme to name content and other objects that enables verification of data integrity as well as owner authentication and identification is here presented. The naming scheme is designed for flexibility and extensibility, e.g., to integrate other security properties like access control. At the same time, the naming scheme offers persistent IDs even though the content, content owner and/or owner's organizational structure, or location change. The requirements for the naming scheme and an analysis showing how the proposed scheme fulfills them are presented. Experience with prototyping the naming scheme is also discussed. The naming scheme builds the foundation for a secure information-centric network infrastructure that can also solve some of the main security problems of today's Internet.

[1]  Scott Shenker,et al.  A data-oriented (and beyond) network architecture , 2007, SIGCOMM 2007.

[2]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[3]  Pekka Nikander,et al.  LIPSIN: line speed publish/subscribe inter-networking , 2009, SIGCOMM '09.

[4]  Joan Feigenbaum,et al.  KeyNote : Trust management for public-key infrastructures. Discussion , 1999 .

[5]  Larry Lannom,et al.  Handle System Overview , 2003, RFC.

[6]  Scott Shenker,et al.  Internet indirection infrastructure , 2002, SIGCOMM 2002.

[7]  Michael Walfish,et al.  A layered naming architecture for the internet , 2004, SIGCOMM '04.

[8]  David Mazières,et al.  Escaping the evils of centralized control with self-certifying pathnames , 1998, EW 8.

[9]  Kostas Pentikousis,et al.  Design considerations for a network of information , 2008, CoNEXT '08.

[10]  Christian Dannewitz,et al.  Prototyping a Network of Information , 2009 .

[11]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[12]  Pekka Nikander,et al.  Host Identity Protocol (HIP) Architecture , 2006, RFC.

[13]  Jari Arkko,et al.  A Node Identity Internetworking Architecture , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[14]  C. Dannewitz Augmented Internet: An Information-Centric Approach for Real-World / Internet Integration , 2009, 2009 IEEE International Conference on Communications Workshops.

[15]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[16]  N. Paskin Digital Object Identifier (DOI) System , 2010 .