Securing Content Sharing over ICN

TL;DR

This paper proposes an Identity-Based Proxy Re-Encryption scheme for ICN that ensures secure, flexible, and trust-minimized content sharing among dynamic user groups without key escrow or out-of-band key distribution.

Contribution

It introduces a novel IB-PRE scheme allowing users to generate their own system parameters, reducing trust in storage nodes and eliminating key escrow issues.

Findings

Provides confidentiality and access control for ICN content sharing

Prevents storage nodes from sharing content with unauthorized users

Does not require out-of-band secret key distribution

Abstract

The emerging Information-Centric Networking (ICN) paradigm is expected to facilitate content sharing among users. ICN will make it easy for users to appoint storage nodes, in various network locations, perhaps owned or controlled by them, where shared content can be stored and disseminated from. These storage nodes should be (somewhat) trusted since not only they have (some level of) access to user shared content, but they should also properly enforce access control. Traditional forms of encryption introduce significant overhead when it comes to sharing content with large and dynamic groups of users. To this end, proxy re-encryption provides a convenient solution. In this paper, we use Identity-Based Proxy Re-Encryption (IB-PRE) to provide confidentiality and access control for content items shared over ICN, realizing secure content distribution among dynamic sets of users. In contrast to similar IB-PRE based solutions, our design allows each user to generate the system parameters and the secret keys required by the underlay encryption scheme using their own Private Key Generator, therefore, our approach does not suffer from the key escrow problem. Moreover, our design further relaxes the trust requirements on the storage nodes by preventing them from sharing usable content with unauthorized users. Finally, our scheme does not require out-of-band secret key distribution.