Content privacy is one of the key issues in named data networking. Implementing content access control by encrypting the content key with the user's public key is the major method currently. However, this method brings extra retrieving delay because the user needs to obtain the encrypted key from the producer after requesting data packet. Focusing on this problem, this paper proposes an edge re‐encryption‐based access control (ERE‐AC), in which the content is encrypted using a symmetric key, and the content key will be encrypted twice by the producer and edge router. Using edge re‐encryption, only the authorized user can decrypt the re‐encrypted content key with its own private key and thus obtaining the plaintext of content. This mechanism makes the encrypted content and content key stored in the network that are available for all users. It achieves two advantages, one is that the user does not need to fetch content key from the producer and can shorten the retrieving time; another is that no replica redundancy exists in the network. The simulation results of ndnSIM show that compared with encryption and probability‐based access control model, ERE‐AC can effectively shorten the content retrieving delay while slightly increasing the hit rate.
As a typical representative of the next generation Internet, named data networking (NDN) solves many problems in IP network by adopting content‐oriented architecture. However, NDN also faces with severe challenges in the aspect of name and content privacy. One important privacy threat is the name censorship. By maintaining a blacklist at the hijacked router, an attacker can filter the received interest packets with sensitive content names. To solve this problem, we propose a broadcast encryption anticensorship mechanism, which is based on directory proxy. In our design, a directory proxy is deployed in the network, which provides a periodic updated directory file to all authorized users. In the directory file, a one‐to‐one mapping list of fake names with the censored names is given. By obtaining the directory file, the authorized user can request the censored content with its fake name. In addition, the directory proxy plays the role of translating the received fake name and then retrieving the target with real name. To guarantee the reusability of retrieved contents, the directory proxy returns them to the authorized users through broadcast encryption. The users within one broadcast group can share the encrypted censored contents at nearby routers. Simulation results show that, compared with ANDaNA, this mechanism can effectively avoid censorship in the network, while ensuring the utilization of in‐network caching and reducing the request delay.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.