A cache-aware mechanism to enforce confidentiality, trackability and access policy evolution in Content-Centric Networks

The Content-Centric Networking (CCN) paradigm introduces a novel communication model where any node in the network can implement caching functionalities to directly serve incoming content requests. However, such a radical change in the protocol stack poses new security challenges since the content p...

Full description

Saved in:
Bibliographic Details
Published in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2015-01, Vol.76, p.126-145
Main Authors: Mangili, Michele, Martignon, Fabio, Paraboschi, Stefano
Format: Article
Language:English
Subjects:
Access control
Access policy evolution
Cache
Computation
Computer information security
Computer Science
Confidentiality
Content-Centric Networks
Data encryption
Data integrity
Encryption
Evolution
Network security
Network topologies
Networking and Internet Architecture
Networks
Policies
Proposals
Reduction
Security architectures
Studies
Trackability
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The Content-Centric Networking (CCN) paradigm introduces a novel communication model where any node in the network can implement caching functionalities to directly serve incoming content requests. However, such a radical change in the protocol stack poses new security challenges since the content producer loses control over the data he provides to the network. Our contribution is to propose ConfTrack-CCN, an efficient encryption-based extension to the CCN proposal, designed to enforce confidential data dissemination, trackable content access and seamless support of policy evolution. ConfTrack-CCN jointly enforces all these three requirements by protecting the data with two layers of encryption, the latter of which evolves to reflect access privilege updates. A forced consumer-producer interaction makes consumers fetch keying materials, while sending back logging data on the accessed objects. To evaluate the traffic reduction that ConfTrack-CCN can guarantee, we perform thorough simulation campaigns with real network topologies, and we further study the computational overhead introduced by the encryption primitives we use to secure the communication. The results clearly show that, on average, ConfTrack-CCN ensures a 20% higher hit-rate than other security schemes, while introducing a negligible computational overhead.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2014.11.010