Provisioning Time-Based Subscription in NDN: A Secure and Efficient Access Control Scheme

TL;DR

This paper introduces a secure, efficient, and privacy-preserving access control scheme for NDN that uses time-based encryption and anonymous authentication to enable subscription-based content sharing while resisting DoS attacks.

Contribution

It presents a novel encryption and authentication scheme integrating time-based access policies and anonymous signatures for NDN, enhancing security and efficiency over existing methods.

Findings

Resists Chosen Plaintext Attacks (CPA)

Reduces communication overhead compared to related schemes

Effectively mitigates DoS attacks at network entry points

Abstract

This paper proposes a novel encryption-based access control mechanism for Named Data Networking (NDN). The scheme allows data producers to share their content in encrypted form before transmitting it to consumers. The encryption mechanism incorporates time-based subscription access policies directly into the encrypted content, enabling only consumers with valid subscriptions to decrypt it. This makes the scheme well-suited for real-world, subscription-based applications like Netflix. Additionally, the scheme introduces an anonymous and unlinkable signature-based authentication mechanism that empowers edge routers to block bogus content requests at the network's entry point, thereby mitigating Denial of Service (DoS) attacks. A formal security proof demonstrates the scheme's resistance to Chosen Plaintext Attacks (CPA). Performance analysis, using Mini-NDN-based emulation and a Charm library implementation, further confirms the practicality of the scheme. Moreover, it outperforms closely related works in terms of functionality, security, and communication overhead.