Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Provisioning Time-Based Subscription in NDN: A Secure and Efficient Access Control Scheme

Nazatul H. Sultan, Chandan Kumar, Saurab Dulal, Vijay Varadharajan, Seyit Camtepe, Surya Nepal

TL;DR

The paper tackles secure, scalable access control for time-based subscriptions in Named Data Networking (NDN) by embedding time policies directly into ciphertext. It introduces an encryption-based mechanism using a time-based policy tree and SIFF to allow multiple subscription durations per ciphertext, coupled with an anonymous, unlinkable signature-based edge-router authentication to mitigate DoS attacks. The scheme is proven IND-CPA secure via a reduction to the Decisional Bilinear Diffie-Hellman (DBDH) assumption and is validated through Charm-based cryptographic experiments and Mini-NDN emulations, showing favorable computation, communication, and storage overhead compared with prior work. Overall, the approach enables Netflix-like subscription models in NDN with strong security and practical performance, while preserving user privacy and enabling immediate privilege revocation when necessary.

Abstract

This paper proposes a novel encryption-based access control mechanism for Named Data Networking (NDN). The scheme allows data producers to share their content in encrypted form before transmitting it to consumers. The encryption mechanism incorporates time-based subscription access policies directly into the encrypted content, enabling only consumers with valid subscriptions to decrypt it. This makes the scheme well-suited for real-world, subscription-based applications like Netflix. Additionally, the scheme introduces an anonymous and unlinkable signature-based authentication mechanism that empowers edge routers to block bogus content requests at the network's entry point, thereby mitigating Denial of Service (DoS) attacks. A formal security proof demonstrates the scheme's resistance to Chosen Plaintext Attacks (CPA). Performance analysis, using Mini-NDN-based emulation and a Charm library implementation, further confirms the practicality of the scheme. Moreover, it outperforms closely related works in terms of functionality, security, and communication overhead.

Provisioning Time-Based Subscription in NDN: A Secure and Efficient Access Control Scheme

TL;DR

The paper tackles secure, scalable access control for time-based subscriptions in Named Data Networking (NDN) by embedding time policies directly into ciphertext. It introduces an encryption-based mechanism using a time-based policy tree and SIFF to allow multiple subscription durations per ciphertext, coupled with an anonymous, unlinkable signature-based edge-router authentication to mitigate DoS attacks. The scheme is proven IND-CPA secure via a reduction to the Decisional Bilinear Diffie-Hellman (DBDH) assumption and is validated through Charm-based cryptographic experiments and Mini-NDN emulations, showing favorable computation, communication, and storage overhead compared with prior work. Overall, the approach enables Netflix-like subscription models in NDN with strong security and practical performance, while preserving user privacy and enabling immediate privilege revocation when necessary.

Abstract

This paper proposes a novel encryption-based access control mechanism for Named Data Networking (NDN). The scheme allows data producers to share their content in encrypted form before transmitting it to consumers. The encryption mechanism incorporates time-based subscription access policies directly into the encrypted content, enabling only consumers with valid subscriptions to decrypt it. This makes the scheme well-suited for real-world, subscription-based applications like Netflix. Additionally, the scheme introduces an anonymous and unlinkable signature-based authentication mechanism that empowers edge routers to block bogus content requests at the network's entry point, thereby mitigating Denial of Service (DoS) attacks. A formal security proof demonstrates the scheme's resistance to Chosen Plaintext Attacks (CPA). Performance analysis, using Mini-NDN-based emulation and a Charm library implementation, further confirms the practicality of the scheme. Moreover, it outperforms closely related works in terms of functionality, security, and communication overhead.

Paper Structure

This paper contains 46 sections, 1 theorem, 7 equations, 8 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Access Control Schemes for NDN
  4. Key Assignment Scheme (KAS)
  5. Time Specific Encryption (TSE)
  6. Attribute-Based Encryption (ABE)
  7. Preliminaries
  8. The Sibling Intractable Function Family (SIFF) Zheng1993
  9. Bilinear Pairing
  10. Complexity Assumption
  11. Decisional Bilinear Diffie-Hellman (DBDH) Assumption
  12. Our Proposed Model
  13. System Model
  14. Adversary Model
  15. Security Model
  16. ...and 31 more sections

Key Result

theorem thmcountertheorem

If a probabilistic polynomial time (PPT) adversary $\mathcal{A}$ can win the CPA security game defined in Section security-model with a non-negligible advantage $\epsilon$, then a PPT simulator $\mathcal{B}$ can be constructed to break DBDH assumption with non-negligible advantage $\frac{\epsilon}{2

Figures (8)

  • Figure 1: Our Proposed NDN Architecture SultanESORICS, SultanSRDS
  • Figure 2: Subscription Access Policy Tree
  • Figure 3: Data publication time for varied height of subscription access tree
  • Figure 4: Consumer key update time with varied revoked nodes
  • Figure 5: Average total File Transfer Time and Average Goodput with an increasing consumer number
  • ...and 3 more figures

Theorems & Definitions (6)

  • remark thmcounterremark
  • theorem thmcountertheorem
  • proof
  • definition thmcounterdefinition
  • remark thmcounterremark
  • proof