Access control enforcement in Named Data Networking

Named Data Networking (NDN) represents one of the major Information Centric Networking (ICN) candidates for future Internet architectures. It treats data as the central element and it leverages in-network caching. Access control is a fundamental security feature in this project. It limits data access to only authorized entities. However, it can no longer be tied to a content location or to a particular host, since multiple copies of a same data can reside in various network locations. Therefore, a data-oriented access control model must be adopted. In this paper, we propose an encryption-based access control scheme for NDN that allows encrypted content to freely reside anywhere in the network. This proposal represents an enhancement of the solution already implemented in the actual NDN prototype, CCNx. It is based on a new cryptographic model for access rights management and on an adaptation of the naming system. It mitigates identified attacks and it reduces the overhead cost.