命名數(shù)據(jù)網(wǎng)絡中可追溯且輕量級的細粒度訪問控制機制

雒江濤; 何宸; 王俊霞

doi:10.11999/JEIT181160

命名數(shù)據(jù)網(wǎng)絡中可追溯且輕量級的細粒度訪問控制機制

doi: 10.11999/JEIT181160 cstr: 32379.14.JEIT181160

雒江濤^2, ,,
何宸^{1, 2},
王俊霞^{1, 2}

1.
重慶郵電大學通信與信息工程學院 ??重慶 ??400065
2.
重慶郵電大學電子信息與網(wǎng)絡工程研究院 ??重慶 ??400065

基金項目: 教育部-中國移動科研基金(MCM20170203)，重慶市基礎科學與前沿研究重點項目(cstc2015jcyjBX0009, CSTCKJCXLJRC20)

詳細信息

作者簡介:
雒江濤：男，1971年生，教授，研究方向為新一代網(wǎng)絡技術、通信網(wǎng)絡測試與優(yōu)化、移動大數(shù)據(jù)等

何宸：男，1994年生，碩士生，研究方向為新一代網(wǎng)絡技術

王俊霞：女，1992年生，博士生，研究方向為新一代網(wǎng)絡技術

通訊作者:
雒江濤　Luojt@cqupt.edu.cn

中圖分類號: TP393
計量
- 文章訪問數(shù): 2134
- HTML全文瀏覽量: 931
- PDF下載量: 50
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2018-12-18
- 修回日期: 2019-06-14
- 網(wǎng)絡出版日期: 2019-06-24
- 刊出日期: 2019-10-01

Traceable Lightweight and Fine-grained Access Control in Named Data Networking

Jiangtao LUO^{2
, ,},
Chen HE^{1, 2},
Junxia WANG^{1, 2}

1.
School of Communications and Information Engineering, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
2.
Electronic Information and Networking Research Institute, Chongqing University of Posts and Telecommunications, Chongqing 400065, China

Funds: Ministry of Education-China Mobile Research Fund Project (MCM20170203), The Fundamental and Frontier Research Project of Chongqing (cstc2015jcyjBX0009, CSTCKJCXLJRC20)

摘要

摘要: 由于命名數(shù)據(jù)網(wǎng)絡(NDN)具有網(wǎng)內緩存特點，任意用戶可直接從中間路由節(jié)點獲取數(shù)據(jù)，同時，內容提供商也無法得知用戶的訪問信息。針對這些問題，該文結合基于身份的組合公鑰和Schnorr簽名方法，提出了“三次握手”匿名安全認證協(xié)議，同時，采用改進的秘密共享方法來高效分發(fā)內容密鑰，實現(xiàn)了一種可追溯且輕量級的細粒度訪問控制機制(TLAC)，最后，通過實驗驗證了TLAC機制的高效性。
- 命名數(shù)據(jù)網(wǎng)絡 /
- 內容緩存 /
- 訪問控制 /
- 可追溯性
Abstract: Due to the feature of in-network caching in Named Data Networking (NDN), any consumer might fetch the cached contents from NDN routers, but the content producers have no idea about details of certain contents being accessed. Considering these problems, a fine-grained Traceable and Lightweight Access Control (TLAC) scheme is presented. In the TLAC scheme, an anonymous and secure " three-way handshake” authentication protocol is presented by collaboratively leveraging the combined public key and the Schnorr signature, and an improved secret sharing method is used to distribute the key efficiently. Finally, the experimental results prove the efficiency of TLAC scheme.
- Named Data Networking (NDN) /
- Content caching /
- Access control /
- Traceability

HTML全文

圖 1 “三次握手”身份認證

下載: 全尺寸圖片幻燈片

圖 2 $x \cdot G$的計算開銷

下載: 全尺寸圖片幻燈片

圖 3 不同用戶數(shù)量規(guī)模下的內容檢索時延對比

下載: 全尺寸圖片幻燈片

圖 4 不同文件大小的內容檢索時延對比

下載: 全尺寸圖片幻燈片

圖 5 US, CS的計算開銷

下載: 全尺寸圖片幻燈片

表 1 認證時的計算開銷對比

對比項目	TLAC機制	SEAF機制
U(無預計算)	$5{m_0}{\rm{ + 5}}h$	$3p{\rm{ + }}3e{\rm{ + 9}}{m_0}{\rm{ + }}h$
U(預計算后)	$3{m_0}{\rm{ + 4}}h$	h
R(無預計算)	$5{m_0}{\rm{ + 4}}h$	$5p{\rm{ + }}4e{\rm{ + 8}}{m_0}{\rm{ + }}h$
R(預計算后)	$4{m_0}{\rm{ + 4}}h$	/

下載: 導出CSV

表 2 預計算后的時間開銷對比(ms)

對比項目	TLAC機制	SEAF機制
U	5.15	0.05
R	6.67	13.75

下載: 導出CSV

參考文獻(15)

CISCO. Cisco visual networking index: Forecast and methodology, 2016–2021 white paper[EB/OL]. https://www.cisco.com/c/en/us/solutions/collateral/service-provider/global-cloud-index-gci/white-paper-c11-738085.html, 2018.

GASTI P and TSUDIK G. Content-centric and named-data networking security: The good, the bad and the rest[C]. 2018 IEEE International Symposium on Local and Metropolitan Area Networks, Washington, USA, 2018: 1–6.

TOURANI R, MISRA S, MICK T, et al. Security, privacy, and access control in information-centric networking: A survey[J]. IEEE Communications Surveys & Tutorials, 2018, 20(1): 566–600. doi: 10.1109/COMST.2017.2749508

MISRA S, TOURANI R, and MAJD N E. Secure content delivery in information-centric networks: Design, implementation, and analyses[C]. The 3rd ACM SIGCOMM Workshop on Information-centric Networking, Hong Kong, China, 2013: 73–78.

MISRA S, TOURANI R, NATIVIDAD F, et al. AccConF: An access control framework for leveraging in-network cached data in the ICN-enabled wireless edge[J]. IEEE Transactions on Dependable and Secure Computing, 2019, 16(1): 5–17. doi: 10.1109/TDSC.2017.2672991

CHEN Tao, LEI Kai, and XU Kuai. An encryption and probability based access control model for named data networking[C]. The 33rd IEEE International Performance Computing and Communications Conference, Austin, USA, 2014: 1–8.

ZHENG Qingji, WANG Guoqiang, RAVINDRAN R, et al. Achieving secure and scalable data access control in information-centric networking[C]. 2015 IEEE International Conference on Communications, London, UK, 2015: 5367–5373.

XUE Kaiping, ZHANG Xiang, XIA Qiudong, et al. SEAF: A secure, efficient and accountable access control framework for information centric networking[C]. The IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, Honolulu, USA, 2018: 2213–2221.

CHEN Liqun, CHENG Z, and SMART N P. Identity-based key agreement protocols from pairings[J]. International Journal of Information Security, 2007, 6(4): 213–241. doi: 10.1007/s10207-006-0011-9

南湘浩. 組合公鑰(CPK)體制標準(V5.0)[J]. 計算機安全, 2010(10): 1–2, 5. doi: 10.3969/j.issn.1671-0428.2010.10.001

NAN Xianghao. Combined public key(CPK)cryptosystem standard(V5.0)[J]. Computer Security, 2010(10): 1–2, 5. doi: 10.3969/j.issn.1671-0428.2010.10.001

SCHNORR C P. Efficient signature generation by smart cards[J]. Journal of Cryptology, 1991, 4(3): 161–174. doi: 10.1007/bf00196725

NAOR M and YUNG M. Universal one-way hash functions and their cryptographic applications[C]. The 21st Annual ACM Symposium on Theory of Computing, Seattle, USA, 1989: 33–43.

SHAMIR A. Identity-based cryptosystems and signature schemes[C]. The Workshop on the Theory and Application of Cryptographic Techniques, Berlin, Germany, 1984: 47–53.

SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11): 612–613. doi: 10.1145/359168.359176

IMINE Y, LOUNIS A, and BOUABDALLAH A. ABR: A new efficient attribute based revocation on access control system[C]. The 13th International Wireless Communications and Mobile Computing Conference, Valencia, Spain, 2017: 735–740.

施引文獻

資源附件(0)

訪問統(tǒng)計