• Tidak ada hasil yang ditemukan

Forward Secrecy Enhancement for Named Data Networking Access Control over Mobile Ad-Hoc Networks

N/A
N/A
Info
Unduh - Bebas
Nguyễn Gia Hào

Academic year: 2023

Membagikan "Forward Secrecy Enhancement for Named Data Networking Access Control over Mobile Ad-Hoc Networks"

Copied!
80
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 80 Halaman )

Teks penuh

INTRODUCTION

Research Motivation

Objectives

Scope

Dissertation Outline

Abbreviations

BACKGROUND AND RELATED WORK

Named Data Networking (NDN)

  • Brief Introduction to NDN
  • Types of Packets
  • Router Architecture
  • Names

When the NDN network nodes (eg, Satellite, Aircraft Gateway, and Squad Gateway) receive the interest packet, each node uses the name of the content in an interest packet to query the potential location in the NDN network of the corresponding content. A data packet of UAV A with a name similar to the name in the packet of interest may exist in the NDN network or in the units of UAV A, it is returned to the soldier by following the reverse route of the packet of interest.

Figure 2 The packet format of NDN interest packet and data packet
Figure 2 The packet format of NDN interest packet and data packet

Security Design in NDN

This means that the names in NDN replace the IP address in the classic Internet and that mapping systems (e.g. DNS) are no longer needed.

The Trust Model in NDN

  • Automated Certificate Issuance
  • Hierarchical Naming System
  • Obtaining Trust Anchors
  • Using Trust Model to Define Trust Policies
  • NDN Certificate Management Process

For our example, as shown in Figure 5, the certificate name “/military/UAVA/KEY/” is only allowed to define a data package name under the “/military/UAVA” prefix. As shown in Figure 6, the manufacturer must set the name of its certificate used to sign this content in the "KeyLocator" field [41] during data packet generation.

Figure 7 In our battlefield example to authenticate the data packet authenticity 2.3.5 NDN Certificate Management Process
Figure 7 In our battlefield example to authenticate the data packet authenticity 2.3.5 NDN Certificate Management Process

Signed Interest

To enable the secure trust model, a trust anchor can export its own certificate under the file name “root.ndncert” and install it on the UAV A machine.

The Benefits of NDN

By naming data instead of data locations and securing the content directly, it means that the network nodes can store a copy of the trusted data packets in the local caches to serve future requests for the same content. Any content can be cached in the NDN node. All entities can resend an interest to find the credible content in the cache.

NDN Research Challenges

All entities can simply request content using names, built into applications, from other encountered devices, with no additional configuration or need for IP address assignment or DNS services to translate names used by applications into addresses which is used by IP for delivery. Therefore, caching and allowing all entities to share their content is critical as battlefield applications, where the entities have limited capabilities and intermittent connectivity to forward the content. For example, allowing storage everywhere enables all entities to store and share their data, meaning more than one aircraft, battleships, and UAV A share the same data without relying on a central server.

Access Control

  • General Concepts
  • Granularity in Access Control

Granularity in access control is the level or scale of detail for defining access control. Access control is coarse-grained if the authorization rule to access a resource is based only on a specific check (such as related roles). Access control is fine-grained if the authorization rule to access the resource requires more details about the end users, the current environment (such as time, date).

Why NDN needs Access Control

Therefore, granularity in access control is the evaluation of the decision to grant or deny access to insert authorization rules for all entities in the system to access the resource. For example, as shown in Figure 1, the following sets of permissions define access based on the role assigned to entities. A typical FGAC decision is an attribute-based access control (ABAC) decision [50], which uses the identity of entities or attributes for authorization to perform some action on a resource.

NDN Access Control Model

  • PKI-based Access Control
  • Attribute-based Access Control
  • Interest-based Access Control
  • Proxy Re-encryption-based Access Control

Only the authorized consumers who have the corresponding access keys and attributes can decrypt the encrypted content. All soldiers in team A can then use the same access key they received from the command center to decrypt the encrypted CK, and use the CK to access the contents. For our example, the soldier in squad A (the authorized consumer) needs to send the signed interest to UAV A (the producer).

Access Control Mechanism over the Classical Internet and NDN

For our example, this model scheme is in contrast to the PKI-based access control. For this access control model, a piece of encrypted content is re-encrypted [57] by the intermediate nodes (proxy servers or NDN routers) for each authorized consumer. The encryption-based access control is an effective way of access control [4, 7] in NDN.

Device Compromise

Thus, NDN access control requires the implementation of per-packet authentication, schematized trust (using name relationships to manage trust), and name-based access control [8]. In particular, the concept of access control is shifting from securing communication channels to securing the content/data. Therefore, the NDN is more suitable to establish the access control system when the underlying network situation in the battlefield is unstable.

Perfect Forward Secrecy

The attacker can easily access a content inside network cache as long as the NDN network has cached the content. While the aforementioned attacks attack in classic IP, the attacker must perform real-time presence eavesdropping by an attacker who must also be physically close to the victim.

Related Works

8] proposed an access control scheme to provide data confidentiality and access control over NDN architecture. This method achieves access control because the authorized consumer can access the small part by using the access key corresponding to the attribute to decrypt the small part. The neighbor caches can service the request by verifying the authorized consumer with the access control structure information.

Summary of Previous Studies on Access Control Schemes for NDN

Access Control Model of NAC and NAC-ABE

  • NAC and NAC-ABE Assumptions
  • NAC and NAC-ABE Overview
  • NAC and NAC-ABE Schemes
  • The Advantages of NAC and NAC-ABE
  • The Disadvantages of NAC and NAC-ABE

After obtaining the consumer's certificate, the command center verifies the authenticity of the certificate using the NDN trust model. For example, if the signed interest is authenticated by a command center certificate. Therefore, in step 4 of the EKAC scheme, the command center can distribute this access control policy within the NDN network.

Figure 10 NAC and NAC-ABE schemes
Figure 10 NAC and NAC-ABE schemes

RESEARCH METHODOLOGY

Introduction

First, we analyze the NDN access control problems and the previous work, especially in the intermittent network. In Section 3.2, we describe the analysis of NDN access control problems and previous work, especially in a discontinuous network. In Section 3.4, we describe performance evaluation techniques to evaluate the proposed NDN access control scheme and compare it with the previous one.

Analyzing the Problems of NDN Access Control and Previous Work

The purpose of this dissertation is to describe the mechanism of access control over NDN and evaluate previous access control schemes and propose a new access control scheme for NDN to better solve the problems of previous access control schemes. This solution is not suitable for intermittent connectivity, such as in a battlefield scenario, if there is a communication breakdown between the access manager and the consumer. In another solution, a short-lived policy key requires the access manager to communicate frequently to extend access control policies.

Proposing a New NDN Access Control Scheme

Performance Evaluation Techniques

  • Implementation Testbed
  • Network Emulation
  • PFS and Efficiency Analysis
  • Result Analysis and Confidence Interval

We define NP as the number of producer operations to produce the encoded content. Wood, "An encryption-based access control framework for content-centric networking," in Proceedings of the IFIP Networking Toulouse, France, 2015. Wood, "Interest-based access control for content-centric networking," in Proceedings of the 2nd ACM Conference on Information-Centric Networks, 2015 p.

OUR ACCESS CONTROL SCHEME

The Design of EKAC

The design of EKAC was achieved as design goals by using the Diffie-Hellman (DH) key exchange protocol [28] to establish short-lived key shares between producer and consumer to enable Perfect Forward Secrecy (PFS) properties. EKAC achieves fine-grained access control by exploiting the NDN naming convention to define naming conventions for expressing key and access key policy access rights, supporting access control with the extensibility of access control policies.

EKAC Assumptions

Like normal NDN data packets, a certificate carrying the public key information can be cached and retrieved like any other content. So the command center and UAV A can produce all data packets where the soldier can authenticate a content received from the command center or UAV A when needed via the NDN trust model as described in [38]. Furthermore, since EKAC uses the DH key exchange protocol to establish the volatile key shares, EKAC needs an addition mechanism to agree on the public parameters p and g.

EKAC Design Overview

The manufacturer then publishes the Ephemeral Access Keys (EAK) data packet, which carries the encrypted CK and its own DH_P. The manufacturer also publishes encrypted content by wrapping it in a data packet with the EAK name. If its corresponding EAK name has never been used to calculate EK, the consumer uses its own DH_C to calculate the EK with DH_P of the producer in EAK.

EKAC Naming Conventions

In this way, the producer and the consumer can always carry out a communication, as long as there is a copy of the keys on the network even with broken connections. Likewise, the producer may revoke access to network-published content by sending a signed interest carrying the revoked command to internal network memories. Transient Entry Keys (EAKs): After receiving the request, the manufacturer obtains the corresponding ESK using the ESK interest to generate an EAK.

EKAC Scheme

After obtaining the EAK, the consumer can find out the name of the manufacturer's certificate from the received EAK and create an interest package to obtain the manufacturer's certificate from the network. After obtaining the manufacturer's certificate, the consumer verifies the authenticity of the certificate and the EAK using the NDN trust model. The consumer uses the NDN trust model where they can use the certificate from step 25 to verify the authenticity of the encrypted content.

Figure 14 EKAC scheme
Figure 14 EKAC scheme

EKAC Access Revocation

After obtaining an ACK data packet, the command center or manufacturer uses the NDN trust model to verify the authenticity of an ACK data packet.

EKAC Properties

Zhang, "Sharing mHealth Data via Named Data Networking," in Proceedings of the 3rd ACM Conference on Information-Centric Networking, 2016, pp. Loo, "A formeel geverifieerde toegangsbeheermeganisme vir inligtingsentriese netwerke," in Proceedings of the International Conference on Security and Cryptography, 2015, pp. Zhang, "A Brief Introduction to Named Data Networking," in Proceedings of the IEEE Military Communications Conference (MILCOM), Los Angeles, CA, 2018, pp.

PERFORMANCE EVALUATION

Introduction

Experimental Setup

  • Experimental Parameters
  • Size of Data Packet Transmission
  • Access Revocation Cost
  • Cryptographic Operations

NDN data packets: The size of all necessary data packets depends on each application testbed. We define the lifetime of all data packets as 10,000 milliseconds (ms) only to cache these data packets with a 10 second network cache. We define the lifetime of all data packets as 10,000 milliseconds (ms) only to cache these data packets in the 10 second cache in the network.

Table 4 Comparison of data packet sizes
Table 4 Comparison of data packet sizes

Evaluation

  • Computation Cost
  • Communication Cost
  • Revocation Complexity

We define N as a number of communication costs that the access manager will use to establish the policy keys. We define NC as a number of operations for the consumer to access the encrypted content. The recall complexity of the EKAC, lazy recall and immediate recall are shown in Table 8.

Table 6 Summary of computation cost
Table 6 Summary of computation cost

Security Assessment

Name confidentiality: EKAC's design uses the naming convention to establish fine-grained access control. AUTHORIZED/military/SquadA/Soldier1/KEY/”, which implies that the encrypted content may be related to the soldier and produced by UAV A. To solve this problem, we suggest that the system can hide the name of the data package using the technique, as seen by some papers [85, 86].

Discussion

  • Efficiency for Threat Mitigation from Consumer Compromise
  • Performance and Resource Consumption
  • Suitability for Intermittent Connectivity
  • Effective Consumer Revocation
  • EKAC with Better Scalability
  • Effective Access Control and Robust Privacy
  • Efficient of NDN Architecture Usage

Fatmi, "Access control enforcement in named data networking," i Proceedings of International Conference for Internet Technology and Secured Transactions (ICITST), 2013, s. Zhang, "NAC: Automating Access Control via Named Data," i Proceedings of the IEEE Military Communications Conference (MILCOM), Los Angeles, CA, 2018, s. Azgin, "Achieving secure and scalable data access control in information-centric networking," i Proceedings of IEEE International Conference on Communications (ICC), London, 2015, pp.

CONCLUSIONS AND FUTURE WORK

Summary

Thus, the access control scheme cannot rely on securing channels or hosts, but rather the scheme must move towards securing the content. So, several previous studies have proposed various access control schemes [3-14] by encrypting the content for authorized consumers. So, this PhD thesis evaluated the NDN access control problems, especially for the battlefield scenario.

Dissertation Achievement

Future Work

Waters, "Cypher Policy Attribute-Based Encryption," in Proceedings of the IEEE Symposium on Security and Privacy, 2007. Networking," in Proceedings of ACM Conference on Information-Centric Networking (ICN), San Francisco, CA, USA , 30 September- October 2015, pp. Tsudik, "Cache Privacy in Named Data Networking," in Proceedings of IEEE 33rd International Conference on Distributed Computing Systems, 2013, p.

Gambar

Figure 1 A battlefield scenario
Figure 2 The packet format of NDN interest packet and data packet
Figure 3 The communication paradigm of NDN network
Figure 4 An example of a structured name in NDN
+7

Referensi

Unduh sekarang ( PDF - 80 Halaman - 2.06 MB )

Garis besar

Related Works NAC and NAC-ABE Schemes The Disadvantages of NAC and NAC-ABE Performance Evaluation Techniques Experimental Setup Discussion Future Work

Dokumen terkait

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING SONARGAON UNIVERSITY (SU)

Page | vi LIST OF ABBREVIATIONS ACL Access Control List DHCP Dynamic Host Configuration Protocol DNS Domain Naming System OSPF Open shortest Path First RIP Routing Information