Visible to the public SEAF: A Secure, Efficient and Accountable Access Control Framework for Information Centric Networking

TitleSEAF: A Secure, Efficient and Accountable Access Control Framework for Information Centric Networking
Publication TypeConference Paper
Year of Publication2018
AuthorsXue, Kaiping, Zhang, Xiang, Xia, Qiudong, Wei, David S.L., Yue, Hao, Wu, Feng
Conference NameIEEE INFOCOM 2018 - IEEE Conference on Computer Communications
KeywordsAccess Control, authentication, authorisation, cache storage, cache-enabled routers, composability, computer network security, content delivery, content providers, cryptography, data privacy, delays, delivery service, effective access control mechanism, efficient and accountable access control framework, Encryption, ICN, in-network cache, information centric networking, Internet, Metrics, network accountability, network edge, network resources, next-generation network, privacy, privacy protection, pubcrawl, Resiliency, SEAF, secure, service accountability
AbstractInformation Centric Networking (ICN) has been regarded as an ideal architecture for the next-generation network to handle users' increasing demand for content delivery with in-network cache. While making better use of network resources and providing better delivery service, an effective access control mechanism is needed due to wide dissemination of contents. However, in the existing solutions, making cache-enabled routers or content providers authenticate users' requests causes high computation overhead and unnecessary delay. Also, straightforward utilization of advanced encryption algorithms increases the opportunities for DoS attacks. Besides, privacy protection and service accountability are rarely taken into account in this scenario. In this paper, we propose a secure, efficient, and accountable access control framework, called SEAF, for ICN, in which authentication is performed at the network edge to block unauthorized requests at the very beginning. We adopt group signature to achieve anonymous authentication, and use hash chain technique to greatly reduce the overhead when users make continuous requests for the same file. Furthermore, the content providers can affirm the service amount received from the network and extract feedback information from the signatures and hash chains. By formal security analysis and the comparison with related works, we show that SEAF achieves the expected security goals and possesses more useful features. The experimental results also demonstrate that our design is efficient for routers and content providers, and introduces only slight delay for users' content retrieval.
Citation Keyxue_seaf_2018