As the Internet has evolved from host-to-host communications to content distribution, data-centric networking is poised to improve networking efficiency. Especially, as the cloud computing, the Internet of Things (IoT), the fifth-generation (5G) networking become popular, there is a consensus that data is to be distributed over some potentially untrusted middleboxes (e.g., CDN servers, web caches) that mediates between data writers and data readers. While data-centric networking designs such as Edge Caching, Global Data Plane (GDP), Named Data Networking (NDN) have been active explored, there have been few studies on how to distribute and manage keys for data access control in such designs with untrusted servers (i.e., middleboxes). We present a key management framework in which symmetric and asymmetric keys are securely managed. A writer publishes his (encrypted) data along with the decryption key for the data. Likewise, an authorized reader retrieves the decryption key as well as the data of interest. To make the key distribution securely between a writer and a reader via an untrusted server, we introduce a key server running on top of the Intel SGX technology. In this way, we can manage and distribute keys for data access control in an efficient and flexible manner. We evaluate the proposed framework by prototyping, which shows some delays in key publishing and retrieval. However, the delays in real operations will be marginal as the period will become longer.
Read full abstract