Abstract
Access control in information-centric networking (ICN) architectures is both a challenging and critical problem. This happens because ICN architectures are content-oriented and location-independent, therefore, a piece of content can be retrieved from multiple locations. In many cases these locations are outside the administrative realm of the content owner. Implementing access control policies in this environment requires that storage nodes are capable of interpreting complex access control policies, or even business relationships and structures. In this paper we overcome this problem by leveraging verifiable credentials (VCs). VCs are a mean for representing real world credentials in the cyber world. VCs are machine readable and self-verifiable. A user can prove that he/she is a VC holder by issuing an appropriate proof, which can be verified deterministically, without requiring any knowledge about the semantics or the business relationship behind a VC. With our solution, a content owner includes in an item’s metadata a VC “proof-request,” which represents the access control policy that protects this item. Any third party, and independently of the content owner, can use this proof-request to perform user authorization, in a secure and privacy preserving way.
Similar content being viewed by others
Notes
Interested readers can find more details in [32].
References
Ahlgren, B., Dannewitz, C., Imbrenda, C., Kutscher, D., & Ohlman, B. (2012). A survey of information-centric networking. IEEE Communications Magazine, 50(7), 26–36. https://doi.org/10.1109/MCOM.2012.6231276
Andrei Sambra ed (2019). W3c verifiable credentials implementation guidelines 1.0.
Benaloh, J., & De Mare, M.: One-way accumulators: A decentralized alternative to digital signatures. In Workshop on the theory and application of of cryptographic techniques (pp. 274–285). Springer (1993)
Bernardini, C., Marchal, S., Asghar, M. R., & Crispo, B. (2019). Privicn: Privacy-preserving content retrieval in information-centric networking. Computer Networks, 149, 13–28.
Bernstein, D. J., Duif, N., Lange, T., Schwabe, P., & Yang, B. Y. (2012). High-speed high-security signatures. Journal of Cryptographic Engineering, 2(2), 77–89.
Birgisson, A., Politz, J. G., Erlingsson, Úlfar., Taly, A., Vrable, M., & Lentczner, M.: Macaroons,. (2014). Cookies with contextual caveats for decentralized authorization in the cloud. In Network and Distributed System Security Symposium.
Blaze, M., Feigenbaum, J., & Lacy, J. (1996). Decentralized trust management. In Proceedings 1996 IEEE Symposium on Security and Privacy (pp. 164–173)
Blaze, M., Ioannidis, J., & Keromytis, A. D. (2003). Experience with the keynote trust management system: Applications and future directions. In P. Nixon & S. Terzis (Eds.), Trust management (pp. 284–300). Springer.
Bloom, B. H. (1970). Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7), 422–426.
Webber, S. L., & Sporny, M. (Eds) (2020). Authorization capabilities for linked data. https://w3c-ccg.github.io/zcap-ld/
Camenisch, J., Kohlweiss, M., Soriente, C.: An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In International Workshop on Public Key Cryptography pp. 481–500. Springer (2009)
Camenisch, J., & Lysyanskaya, A. (2003). A signature scheme with efficient protocols. Security in Communication Networks (pp. 268–289). Springer.
Camenisch, J., Herreweghen, Van, & E.:ACM,. (2002). Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security, (pp. 21–30).
Close, T.: Acls don’t. HP,. (2009). Laboratories Technical Report
D. Balfanz et al.: Web authentication: An API for accessing public key credentials (2019). https://www.w3.org/TR/webauthn/
Fotiou, N., & Polyzos, G. C. (2015). Enabling NAME-Based Security and Trust. In C. D. Jensen, S. Marsh, T. Dimitrakos, & Y. Murayama (Eds.), Trust Management IX, IFIP Advances in Information and Communication Technology (Vol. 454, pp. 47–59). Springer International Publishing.
Fotiou, N., Siris, V.A., Xylomenos, G., Polyzos, G.C., Katsaros, K.V., Petropoulos, G.: Edge-icn and its application to the internet of things. In 2017 IFIP Networking Conference (IFIP Networking) and Workshops pp. 1–6 (2017). https://doi.org/10.23919/IFIPNetworking.2017.8264880
Fotiou, N., Thomas, Y., Siris, V. A., Xylomenos, G., & Polyzos, G. C. (2021). Securing named data networking routing using decentralized identifiers. In 2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR) (pp. 1–6)
Linux foundation, T.: Hyperledger indy home page (2020). https://www.hyperledger.org/projects/hyperledger-indy
Ghodsi, A., Koponen, T., Rajahalme, J., Sarolahti, P., Shenker, S.: Naming in content-oriented architectures. In Proceedings of the ACM SIGCOMM Workshop on Information-Centric Networking, ICN ’11 (pp. 1–6). ACM (2011)
Gilbert, C., Upatising, L.: Formal analysis of browserid/mozilla persona (2013)
Group, W.C.C.: BBS+ signatures 2020 (2020). https://w3c-ccg.github.io/ldp-bbs2020/
Hamdane, B., Serhrouchni, A., Fadlallah, A., & Fatmi, S. G. E. (2012). Named-data security scheme for named data networking. In 2012 Third International Conference on The Network of the Future (NOF) (pp. 1–6).
Hyperledger: How credential revocation works (2018)
Indy, H.: Indy documentation (2018). https://hyperledger-indy.readthedocs.io/projects/plenum/en/latest/index.html
Ion, M., Zhang, J., & Schooler, E. M. (2013). Toward content-centric privacy in icn: Attribute-based encryption and routing. In Proceedings of the ACM SIGCOMM Workshop on Information-centric Networking (pp. 39–40).
Lantz, B., Heller, B., & McKeown, N. (2010). A network in a laptop: Rapid prototyping for software-defined networks. In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Hotnets-IX, (p. 19:1-19:6). ACM.
Li, B., Verleker, A. P., Huang, D., Wang, Z., & Zhu, Y. (2014). Attribute-based access control for ICN naming scheme. In Proceedings of the IEEE Conference on Communications and Network Security, (pp. 391–399).
Manu Sporny et al.: Verifiable credentials data model 1.0 (2019). https://www.w3.org/TR/verifiable-claims-data-model/
Miller, M. S., Yee, K. P., & Shapiro, J. (2003). Capability myths demolished. Tech. rep., Technical Report SRL2003-02. Johns Hopkins University Systems Research.
Nour, B., Khelifi, H., Hussain, R., Mastorakis, S., & Moungla, H. (2021). Access control mechanisms in named data networks: A comprehensive survey. ACM Computing Surveys, 54(3), 1–35.
Reed, M. J., Al-Naday, M., Thomos, N., Trossen, D., Petropoulos, G., & Spirou, S. (2016). Stateless multicast switching in software defined networks. In: 2016 IEEE International Conference on Communications (ICC) (pp. 1–7). https://doi.org/10.1109/ICC.2016.7511036
Thomas, Y., Fotiou, N., Toumpis, S., & Polyzos, G. C. (2020). Improving mobile ad hoc networks using hybrid IP-information centric networking. Computer Communications, 156, 25–34.
Tourani, R., Misra, S., Mick, T., & Panwar, G. (2018). Security, privacy, and access control in information-centric networking: A survey. IEEE Communications Surveys Tutorials, 20(1), 566–600.
Trossen, D., Sarela, M., & Sollins, K. (2010). Arguments for an information-centric internetworking architecture. SIGCOMM Computer Communication Review, 40(2), 26–33.
W3C Credentials Community Group: A primer for decentralized identifiers (2019). https://w3c-ccg.github.io/did-primer/
Wood, C. A., & Uzun, E. (2014). Flexible end-to-end content security in ccn. In 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC) (pp. 858–865)
Xylomenos, G., Vasilakos, X., Tsilopoulos, C., Siris, V. A., & Polyzos, G. C. (2012). Caching and mobility support in a publish-subscribe internet architecture. IEEE Communications Magazine, 50(7), 52–58.
Yavatkar, R., Pendarakis, D., & Guerin, R. (2000). Rfc2753: A framework for policy-based admission control.
Yu, Y., Afanasyev, A., Clark, D., & claffy, k., Jacobson, V., & Zhang, L. (2015). Schematizing trust in named data networking. In: Proceedings of the 2nd ACM Conference on Information-Centric Networking, (Vol. ACM-ICN ’15, pp. 177–86). Association for Computing Machinery.
Zhang, L., Afanasyev, A., Burke, J., Jacobson, V., & claffy, k., Crowley, P., Papadopoulos, C., Wang, L., & Zhang, B. (2014). Named data networking. SIGCOMM Computer Communication Review 44(3), 66–73.
Zhang, X., Chang, K., Xiong, H., Wen, Y., Shi, G., & Wang, G. (2011). Towards name-based trust and security for content-centric network. In 2011 19th IEEE International Conference on Network Protocols (ICNP) (pp. 1–6).
Zhang, Z., Yu, Y., Afanasyev, A., Burke, J., & Zhang, L. (2017). Nac: Name-based access control in named data networking. In Proceedings of the 4th ACM Conference on Information-Centric Networking, ICN ’17 (pp. 186–187). ACM.
Funding
This Project was funded by the Deanship of Scientific Research (DSR), at King Abdulaziz University, Jeddah, under grant no. (G: 669-611-1441). The author, therefore, acknowledge with thanks DSR for technical and financial support.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Alzahrani, B.A. Self-protected content for information-centric networking architectures using verifiable credentials. Telecommun Syst 79, 387–396 (2022). https://doi.org/10.1007/s11235-021-00874-y
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-021-00874-y