Abstract
As the Internet has evolved from host-to-host communications to content distribution, data-centric networking is poised to improve networking efficiency. Especially, as the cloud computing, the Internet of Things (IoT), the fifth-generation (5G) networking become popular, there is a consensus that data is to be distributed over some potentially untrusted middleboxes (e.g., CDN servers, web caches) that mediates between data writers and data readers. While data-centric networking designs such as Edge Caching, Global Data Plane (GDP), Named Data Networking (NDN) have been active explored, there have been few studies on how to distribute and manage keys for data access control in such designs with untrusted servers (i.e., middleboxes). We present a key management framework in which symmetric and asymmetric keys are securely managed. A writer publishes his (encrypted) data along with the decryption key for the data. Likewise, an authorized reader retrieves the decryption key as well as the data of interest. To make the key distribution securely between a writer and a reader via an untrusted server, we introduce a key server running on top of the Intel SGX technology. In this way, we can manage and distribute keys for data access control in an efficient and flexible manner. We evaluate the proposed framework by prototyping, which shows some delays in key publishing and retrieval. However, the delays in real operations will be marginal as the period will become longer.
Highlights
More traffic on the Internet requires fast, scalable, and efficient data delivery
Since Intel Software Guard Extension (SGX) is based on memory encryption/decryption, its performance may be of concern for commercial deployments; we seek to shed light on how many key servers should be operating for a given workload
The paper focuses on how to manage client identifiers and log decryption keys for access control in a generic data-centric networking architecture
Summary
More traffic on the Internet requires fast, scalable, and efficient data delivery. One of the possible solutions is to deliver data not from a data origin but from a closer place to a client, which may be a cache storage or a replication server nearby. This essentially means that for a content request from the client, the data content is more important rather than the origin of the data. Such a datacentric perspective inspires various existing networking solutions [1]–[6] that are gaining momentum as the Internet of Things (IoT) and the fifth-generation (5G) network evolve. The edge caching is a kind of data-centric networking by offloading data to network edges
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have