Automation of Named Data Networking Security by Schematized Authentication and Confidentiality Policies

Authors

Proyash PodderFollow

Document Type

Dissertation

Degree

Doctor of Philosophy (PhD)

Major/Program

Computer Science

First Advisor's Name

Alexander Afanasyev

First Advisor's Committee Title

Committee Chair

Second Advisor's Name

Deng Pan

Second Advisor's Committee Title

Committee Member

Third Advisor's Name

Leonardo Bobadilla

Third Advisor's Committee Title

Committee Member

Fourth Advisor's Name

Ananda Mondal

Fourth Advisor's Committee Title

Committee Member

Fifth Advisor's Name

Kemal Akkaya

Fifth Advisor's Committee Title

Committee Member

Keywords

Named Data Networking, Information-centric Networking, Security, Automation

Date of Defense

6-26-2023

Abstract

Named Data Networking transforms the network communication model's abstract so that instead of sending packets to hosts, secured data can be fetched by name. This modification to the networking model alters the idea of network security. In NDN, the data packets are directly secured at the network layer rather than the channel via which they are transmitted. Since security is NDN's top priority, researchers have developed many security technologies that enable secure communication. However, these security technologies are now just basic building blocks and so are not always directly usable. Therefore, the overarching goal of this research is to automate these security tools to make NDN more usable.

Trust management plays a very crucial role in NDN security. NDN uses the concept of trust schema to automate data authentication by defining and enforcing policies on cryptographic keys and data items. While a preliminary NDN trust schema was proposed in 2015, it has a few drawbacks, like not being very user-friendly to write and working only for validation, not signing. Versec is a tool that automates both signing and validation in a very user-friendly way. However, it has a few limitations that make it less suited for generic NDN use. Therefore, we have conducted a methodical analysis of Versec and proposed insights for improvements to make it better suited for generic NDN use.

Access control is another area of focus in NDN, with Name-based Access Control (NAC) considered the most promising solution. NAC assumes the existence of an access manager entity responsible for managing the access control mechanism. Still, the current NAC design lacks guidance on how the access manager learns information about the access control requirements of a system. To address this, SEANAC, a schema-based approach to automate the NAC process, was proposed to configure the necessary information for the access manager, making it more practical.

The ease of use of NDN security tools is a crucial factor in their future use. Requiring manual configuration of security measures discourages users and developers from using security primitives altogether. Therefore, the proposed research evaluates the current state of various security tools, identifies issues, and puts forward solutions to enhance the automation and usability of the overall Named Data Networking security system.

Identifier

FIDC011143

Previously Published In

[1] P. Podder and A. Afanasyev, (2023). “SEANAC: Schema Enforced Automation of
Name-based Access Control”. IEEE International Conference on Computing, Net-
working and Communications (ICNC 2023).

[2] P. Podder and A.Neishaboori, G. Somak Dutta, A. Afanasyev, (2023). “SPA: A
Scalable Pedestrian-awareness Application using NDN over CV2X”. IEEE Interna-
tional Conference on Computing, Networking and Communications (ICNC 2023).

[3] P. Podder and A. Afanasyev, (2022). “A systematic analysis to improve versatility
of versec trust schema”. 5th International Conference on Hot Information-Centric
Networking (HotICN).

[4] P. Podder and A. Afanasyev, (2022). “On improving versatility of versec trust
schema”. in Proceedings of the 9th ACM Conference on Information- Centric Net-
working.

[5] Presley, J., Wang, X., Brandel, T., Ai, X., Podder, P., Yu, T., Patil, V., Zhang, L.,
Afanasyev, A., Feltus, F.A. and Shannigrahi, S, (2022). Hydra–A Federated Data
Repository over NDN . arXiv preprint arXiv:2211.00919

Recommended Citation

Podder, Proyash, "Automation of Named Data Networking Security by Schematized Authentication and Confidentiality Policies" (2023). FIU Electronic Theses and Dissertations. 5432.
https://digitalcommons.fiu.edu/etd/5432