An interest‐based access control scheme via edge verification in Named Data Networking

Abstract

SummaryNamed Data Networking (NDN) is a disruptive future architecture, in which content delivery can be significantly improved through named routing and distributed caching. However, distributed caching also leads to serious access control problems. Once a content is disseminated to the network, any entity can fetch it regardless of owning the access permission or not. To protect the authorized content, current solutions are mainly designed based on data packet encryption, but redundant in‐network traffic is still a challenge due to illegal interest‐data exchange. Focus on this problem, an Interest‐Based Access Control scheme via Edge Verification (IBAC‐EV) is proposed in this paper. In IBAC‐EV, the producer authorizes the user to sign interest packet. By checking the signature, the edge router can forbid unsubscribed users to enter network through discarding interest packets. Simulation results show that IBAC‐EV can effectively reduce the in‐network traffic. Moreover, by using proxy signature algorithm, it simplifies the complexity of key management and alleviates the storage overhead on the edge router.