Abstract
Named Data Networking (NDN) is a new promising architecture of information-centric networking. Traditional mechanisms of access control can no longer fit appropriately, because of its caching property. Hamdane et al. propose a new access control solution for both closed and open environments. In this paper, we make the very first attempt to formally analyze this access control solution. Inspired by the basic BAN logic, we adding some new notions to it to propose our BAN-like logic. It can describe the access control solution. In the form of the beliefs of principals, the procedures of the access control solution are idealized. Under several security goals with a set of logical postulates, the idealized procedures are analyzed. We give the modification to make the solution safer. Then we introduce the man-in-the-middle attack into the access control solution and check the insecurity properties. The improvement is given according to the result. Our study helps to improve security and protect against various attacks for the access control solution.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bicakci K, Baykal N (2003) One-time passwords: Security analysis using BAN logic and integrating with smartcard authentication. In: Computer and Information Sciences - ISCIS 2003, 18th International Symposium, Antalya, Turkey, November 3-5, 2003, Proceedings, pp 794–801
Burrows M, Abadi M, Needham R M (1990) A logic of authentication. ACM Trans Comput Syst 8 (1):18–36
Chen T, Lei K, Xu K (2014) An encryption and probability based access control model for named data networking. In: IEEE 33rd international performance computing and communications conference, IPCCC 2014, Austin, TX, USA, December 5-7, 2014, pp 1–8
Fei Y, Zhu H, Wang H (2018) Security analysis of the access control solution of NDN using BAN logic. In: The 30th international conference on software engineering and knowledge engineering, Hotel Pullman, Redwood City, California, USA, July 1-3, 2018, pp 659–658
Gaarder K, Snekkenes E (1990) On the formal analysis of PKCS authentication protocols. In: Advances in Cryptology - AUSCRYPT ’90, international conference on cryptology, Sydney, Australia, January 8-11, 1990, Proceedings, pp 106– 121
Golle J, DSmetters (2010) Ccnx access control specifications. Tech. rep., Xerox Palo Alto Research Center-PARC
Gong L, Needham R M, Yahalom R (1990) Reasoning about belief in cryptographic protocols. In: Proceedings of the 1990 IEEE symposium on security and privacy, Oakland, California, USA, May 7-9, 1990, pp 234–248
Hamdane B, Boussada R, Elhdhili M E, Fatmi SGE (2017) Towards a secure access to content in named data networking. In: 26th IEEE international conference on enabling technologies: infrastructure for collaborative enterprises, WETICE 2017, Poznan, Poland, June 21-23, 2017, pp 250–255
Li T, Liu X, Qin Z, Zhang X (2009) Formal analysis for security of otway-rees protocol with BAN logic. In: First international workshop on database technology and applications, DBTA 2009, Wuhan, Hubei, China, April 25-26, 2009, Proceedings, pp 590–593
Li Y, Zhang Z, Wang X, Lu E, Zhang D, Zhang L (2019) A secure sign-on protocol for smart homes over named data networking. IEEE Commun Mag 57(7):62–68
Rubin AD, Honeyman P (1994) Nonmonotonic cryptographic protocols. In: Seventh IEEE computer security foundations workshop - CSFW’94, Franconia, New Hampshire, USA, June 14-16, 1994, Proceedings, pp 100–116
Wang L, Lehman V, Hoque AKMM, Zhang B, Yu Y, Zhang L (2018) A secure link state routing protocol for NDN. IEEE Access 6:10,470–10,482
Zhang L, Estrin D, Burke J, Jacobson V, Thornton JD, Smetters DK, Zhang B, Tsudik G, claffy kc, Krioukov D, Massey D, Papadopoulos C, Abdelzaher T, Wang L, Yeh E (2010) Named data networking (NDN) project. Tech. Rep. NDN-0001, PARC
Zhang Y, Xia Z, Afanasyev A, Zhang L (2019) A note on routing scalability in named data networking. In: 17th IEEE international conference on communications workshops, ICC workshops 2019, Shanghai, China, May 20-24, 2019, pp 1–6
Zhang Z, Yu Y, Ramani S K, Afanasyev A, Zhang L (2019) NAC: Automating access control via named data. arXiv:1902.09714
Acknowledgments
This work was partly supported by National Key Research and Development Program of China (Grant No. 2018YFB2101300), National Natural Science Foundation of China (Grant No. 61872145), Shanghai Collaborative Innovation Center of Trustworthy Software for Internet of Things (Grant No. ZF1213) and the Fundamental Research Funds for the Central Universities of China.
Author information
Authors and Affiliations
Corresponding authors
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Fei, Y., Zhu, H. & Vinh, P.C. Security Analysis of the Access Control Solution of NDN Using BAN Logic. Mobile Netw Appl 25, 1162–1173 (2020). https://doi.org/10.1007/s11036-019-01435-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-019-01435-z