Skip to main content
SpringerLink
Log in

Self-protected content for information-centric networking architectures using verifiable credentials

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Access control in information-centric networking (ICN) architectures is both a challenging and critical problem. This happens because ICN architectures are content-oriented and location-independent, therefore, a piece of content can be retrieved from multiple locations. In many cases these locations are outside the administrative realm of the content owner. Implementing access control policies in this environment requires that storage nodes are capable of interpreting complex access control policies, or even business relationships and structures. In this paper we overcome this problem by leveraging verifiable credentials (VCs). VCs are a mean for representing real world credentials in the cyber world. VCs are machine readable and self-verifiable. A user can prove that he/she is a VC holder by issuing an appropriate proof, which can be verified deterministically, without requiring any knowledge about the semantics or the business relationship behind a VC. With our solution, a content owner includes in an item’s metadata a VC “proof-request,” which represents the access control policy that protects this item. Any third party, and independently of the content owner, can use this proof-request to perform user authorization, in a secure and privacy preserving way.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. https://joinup.ec.europa.eu/collection/ssi-eidas-bridge.

  2. Interested readers can find more details in [32].

  3. https://github.com/hyperledger/indy-sdk.

References

  1. Ahlgren, B., Dannewitz, C., Imbrenda, C., Kutscher, D., & Ohlman, B. (2012). A survey of information-centric networking. IEEE Communications Magazine, 50(7), 26–36. https://doi.org/10.1109/MCOM.2012.6231276

    Article  Google Scholar 

  2. Andrei Sambra ed (2019). W3c verifiable credentials implementation guidelines 1.0.

  3. Benaloh, J., & De Mare, M.: One-way accumulators: A decentralized alternative to digital signatures. In Workshop on the theory and application of of cryptographic techniques (pp. 274–285). Springer (1993)

  4. Bernardini, C., Marchal, S., Asghar, M. R., & Crispo, B. (2019). Privicn: Privacy-preserving content retrieval in information-centric networking. Computer Networks, 149, 13–28.

    Article  Google Scholar 

  5. Bernstein, D. J., Duif, N., Lange, T., Schwabe, P., & Yang, B. Y. (2012). High-speed high-security signatures. Journal of Cryptographic Engineering, 2(2), 77–89.

    Article  Google Scholar 

  6. Birgisson, A., Politz, J. G., Erlingsson, Úlfar., Taly, A., Vrable, M., & Lentczner, M.: Macaroons,. (2014). Cookies with contextual caveats for decentralized authorization in the cloud. In Network and Distributed System Security Symposium.

  7. Blaze, M., Feigenbaum, J., & Lacy, J. (1996). Decentralized trust management. In Proceedings 1996 IEEE Symposium on Security and Privacy (pp. 164–173)

  8. Blaze, M., Ioannidis, J., & Keromytis, A. D. (2003). Experience with the keynote trust management system: Applications and future directions. In P. Nixon & S. Terzis (Eds.), Trust management (pp. 284–300). Springer.

  9. Bloom, B. H. (1970). Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7), 422–426.

    Article  Google Scholar 

  10. Webber, S. L., & Sporny, M. (Eds) (2020). Authorization capabilities for linked data. https://w3c-ccg.github.io/zcap-ld/

  11. Camenisch, J., Kohlweiss, M., Soriente, C.: An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In International Workshop on Public Key Cryptography pp. 481–500. Springer (2009)

  12. Camenisch, J., & Lysyanskaya, A. (2003). A signature scheme with efficient protocols. Security in Communication Networks (pp. 268–289). Springer.

  13. Camenisch, J., Herreweghen, Van, & E.:ACM,. (2002). Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security, (pp. 21–30).

  14. Close, T.: Acls don’t. HP,. (2009). Laboratories Technical Report

  15. D. Balfanz et al.: Web authentication: An API for accessing public key credentials (2019). https://www.w3.org/TR/webauthn/

  16. Fotiou, N., & Polyzos, G. C. (2015). Enabling NAME-Based Security and Trust. In C. D. Jensen, S. Marsh, T. Dimitrakos, & Y. Murayama (Eds.), Trust Management IX, IFIP Advances in Information and Communication Technology (Vol. 454, pp. 47–59). Springer International Publishing.

  17. Fotiou, N., Siris, V.A., Xylomenos, G., Polyzos, G.C., Katsaros, K.V., Petropoulos, G.: Edge-icn and its application to the internet of things. In 2017 IFIP Networking Conference (IFIP Networking) and Workshops pp. 1–6 (2017). https://doi.org/10.23919/IFIPNetworking.2017.8264880

  18. Fotiou, N., Thomas, Y., Siris, V. A., Xylomenos, G., & Polyzos, G. C. (2021). Securing named data networking routing using decentralized identifiers. In 2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR) (pp. 1–6)

  19. Linux foundation, T.: Hyperledger indy home page (2020). https://www.hyperledger.org/projects/hyperledger-indy

  20. Ghodsi, A., Koponen, T., Rajahalme, J., Sarolahti, P., Shenker, S.: Naming in content-oriented architectures. In Proceedings of the ACM SIGCOMM Workshop on Information-Centric Networking, ICN ’11 (pp. 1–6). ACM (2011)

  21. Gilbert, C., Upatising, L.: Formal analysis of browserid/mozilla persona (2013)

  22. Group, W.C.C.: BBS+ signatures 2020 (2020). https://w3c-ccg.github.io/ldp-bbs2020/

  23. Hamdane, B., Serhrouchni, A., Fadlallah, A., & Fatmi, S. G. E. (2012). Named-data security scheme for named data networking. In 2012 Third International Conference on The Network of the Future (NOF) (pp. 1–6).

  24. Hyperledger: How credential revocation works (2018)

  25. Indy, H.: Indy documentation (2018). https://hyperledger-indy.readthedocs.io/projects/plenum/en/latest/index.html

  26. Ion, M., Zhang, J., & Schooler, E. M. (2013). Toward content-centric privacy in icn: Attribute-based encryption and routing. In Proceedings of the ACM SIGCOMM Workshop on Information-centric Networking (pp. 39–40).

  27. Lantz, B., Heller, B., & McKeown, N. (2010). A network in a laptop: Rapid prototyping for software-defined networks. In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Hotnets-IX, (p. 19:1-19:6). ACM.

  28. Li, B., Verleker, A. P., Huang, D., Wang, Z., & Zhu, Y. (2014). Attribute-based access control for ICN naming scheme. In Proceedings of the IEEE Conference on Communications and Network Security, (pp. 391–399).

  29. Manu Sporny et al.: Verifiable credentials data model 1.0 (2019). https://www.w3.org/TR/verifiable-claims-data-model/

  30. Miller, M. S., Yee, K. P., & Shapiro, J. (2003). Capability myths demolished. Tech. rep., Technical Report SRL2003-02. Johns Hopkins University Systems Research.

  31. Nour, B., Khelifi, H., Hussain, R., Mastorakis, S., & Moungla, H. (2021). Access control mechanisms in named data networks: A comprehensive survey. ACM Computing Surveys, 54(3), 1–35.

    Article  Google Scholar 

  32. Reed, M. J., Al-Naday, M., Thomos, N., Trossen, D., Petropoulos, G., & Spirou, S. (2016). Stateless multicast switching in software defined networks. In: 2016 IEEE International Conference on Communications (ICC) (pp. 1–7). https://doi.org/10.1109/ICC.2016.7511036

  33. Thomas, Y., Fotiou, N., Toumpis, S., & Polyzos, G. C. (2020). Improving mobile ad hoc networks using hybrid IP-information centric networking. Computer Communications, 156, 25–34.

    Article  Google Scholar 

  34. Tourani, R., Misra, S., Mick, T., & Panwar, G. (2018). Security, privacy, and access control in information-centric networking: A survey. IEEE Communications Surveys Tutorials, 20(1), 566–600.

  35. Trossen, D., Sarela, M., & Sollins, K. (2010). Arguments for an information-centric internetworking architecture. SIGCOMM Computer Communication Review, 40(2), 26–33.

    Article  Google Scholar 

  36. W3C Credentials Community Group: A primer for decentralized identifiers (2019). https://w3c-ccg.github.io/did-primer/

  37. Wood, C. A., & Uzun, E. (2014). Flexible end-to-end content security in ccn. In 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC) (pp. 858–865)

  38. Xylomenos, G., Vasilakos, X., Tsilopoulos, C., Siris, V. A., & Polyzos, G. C. (2012). Caching and mobility support in a publish-subscribe internet architecture. IEEE Communications Magazine, 50(7), 52–58.

    Article  Google Scholar 

  39. Yavatkar, R., Pendarakis, D., & Guerin, R. (2000). Rfc2753: A framework for policy-based admission control.

  40. Yu, Y., Afanasyev, A., Clark, D., & claffy, k., Jacobson, V., & Zhang, L. (2015). Schematizing trust in named data networking. In: Proceedings of the 2nd ACM Conference on Information-Centric Networking, (Vol. ACM-ICN ’15, pp. 177–86). Association for Computing Machinery.

  41. Zhang, L., Afanasyev, A., Burke, J., Jacobson, V., & claffy, k., Crowley, P., Papadopoulos, C., Wang, L., & Zhang, B. (2014). Named data networking. SIGCOMM Computer Communication Review 44(3), 66–73.

  42. Zhang, X., Chang, K., Xiong, H., Wen, Y., Shi, G., & Wang, G. (2011). Towards name-based trust and security for content-centric network. In 2011 19th IEEE International Conference on Network Protocols (ICNP) (pp. 1–6).

  43. Zhang, Z., Yu, Y., Afanasyev, A., Burke, J., & Zhang, L. (2017). Nac: Name-based access control in named data networking. In Proceedings of the 4th ACM Conference on Information-Centric Networking, ICN ’17 (pp. 186–187). ACM.

Download references

Funding

This Project was funded by the Deanship of Scientific Research (DSR), at King Abdulaziz University, Jeddah, under grant no. (G: 669-611-1441). The author, therefore, acknowledge with thanks DSR for technical and financial support.

Author information

Authors and Affiliations

  1. College of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi Arabia

    Bander A. Alzahrani

Authors
  1. Bander A. Alzahrani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bander A. Alzahrani.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alzahrani, B.A. Self-protected content for information-centric networking architectures using verifiable credentials. Telecommun Syst 79, 387–396 (2022). https://doi.org/10.1007/s11235-021-00874-y

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-021-00874-y

Keywords

Search

Navigation