Access control method based on CP-ABE in NDN

Abstract

Abstract: Information caching technology in NDN improves data distribution efficiency. However, information caching decouples data publishers from data. The data in the storage node is at risk due to lack of security controls.Therefore, an access control method based on CP-ABE is proposed in NDN, which combines the improved CPABE algorithm with symmetric encryption, and introduces a re-encryption module in the edge router for protected data access coordination and privilege revocation. At the same time, a hash table-based interest packet filtering mechanism is built, implementing fine-grained access control and privilege revocation on a semi-trusted cache router. Theoretical analysis and experimental simulation results show that the proposed method reduces the overhead of data publishing and data request processing and improves data access efficiency.

Key words: NDN, CP-ABE, access control, re-encryption, Hash table

CLC Number:

TP393

WU Zhijun, XU Enzhong. Access control method based on CP-ABE in NDN[J]. Journal of Civil Aviation University of China, 2020, 38(2): 18-24.

References 12

[1]	HAMDANE B, MSAHLI M, SERHROUCHNA A. Data-based access controlin named data networking[C]//International Conference on Collaborative Computing Networking, Austin, USA, IEEE, 2013: 531-536.
[2]	周自飞, 谭小彬, 牛玉坤, 等. 信息中心网络中授权视频访问控制[J].电信科学, 2014, 30（9）: 53-60.
[3]	BETHENCOURTJ,SAHAIA, WATERS B. Ciphertext-policy attributebased encryption[C]//2007 IEEE Symposium on Security and Privacy,Berkeley, California, USA, IEEE Computer Society, 2007: 321-334.
[4]	TOURANI R , MICK T , MISRA S, et al. Security, privacy, and access control in information-centric networking: a survey[J]. IEEE Communications Surveys & Tutorials, 2018(20): 566-600.
[5]	LI BING, VERLEKER A P, HUANG DIJIANG, et al. Attribute-based access control for ICN naming scheme[C]//Proceedings of 2014 IEEE Conference on Communications and Network Security(CNS), San Francisco, CA, USA, IEEE, 2014: 391-399.
[6]	WOOD C A, UZUN E. Flexible end-to-end content security in CCN[C]// 2014 IEEE 11th Consumer Communications and Networking Conference. Las Vegas, Nevada, USA, IEEE, 2014: 858-865.
[7]	TAO FENG, GUOJIAQI.A new access control system based on CP-ABE in named data networking[J]. International Journal of Network Security,2018, 20(4): 710-720.
[8]	SIMOES DA, SILVA R, DONIZETTI ZORZO S. An access control mechanism to ensure privacy in named data networking using attribute based encryption with immediate revocation of privileges[C]//Consumer Communications and Networking Conference(CCNC), Las Vegas, NV,USA, IEEE, 2015: 128-133.
[9]	JAHID S, MITTTAL P, BORISOV N. EASiER: Encryption-based access control in social networks with efficient revocation[C]//ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, DBLP, 2011: 411-415.
[10]	SO W, NARAYANAN A, ORAN DAVE, et al. Toward fast NDN software forwarding lookup engine based on Hash tables[C]//Proceedings of 8thACM/IEEE Symposium on Architectures for Networking Communications Systems, Austin, Texas, USA, ACM, 2012: 85-86.
[11]	ZHANG XINWEN, CHANG KATHARINE, XIONG HUIJUN. Towards namebased trust and security for content-centric network[C]//2011 19th IEEE International Conference on Network Protocols, Vancouver, BC Canada,IEEE, 2011: 1-6.
[12]	JACOBSON V, SMETTERS D K, THORNTON J D. Networking named content[C]//Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, New York, USA, ACM,2009: 1-12.