An accountable access control scheme for hierarchical content in named data networks with revocation

Sultan, Nazatul Haque; Varadharajan, Vijay; Camtepe, Seyit; Nepal, Surya

Title: An accountable access control scheme for hierarchical content in named data networks with revocation
Creator: Sultan, Nazatul Haque; Varadharajan, Vijay; Camtepe, Seyit; Nepal, Surya
Relation: European Symposium on Research in Computer Security. Proceedings of 25th European Symposium on Research in Computer Security, ESORICS 2020 (Guildford, UK 14-18 September, 2020) p. 569-590
Publisher Link: http://dx.doi.org/10.1007/978-3-030-58951-6_28
Publisher: Springer
Resource Type: conference paper
Date: 2020
Description: This paper presents a novel encryption-based access control scheme to address the access control issues in Named Data Networking (NDN). Though there have been several recent works proposing access control schemes, they are not suitable for many large scale real-world applications where content is often organized in a hierarchical manner (such as movies in Netflix) for efficient service provision. This paper uses a cryptographic technique, referred to as Role-Based Encryption, to introduce inheritance property for achieving access control over hierarchical contents. The proposed scheme encrypts the hierarchical content in such a way that any consumer who pays a higher level of subscription and is able to access (decrypt) contents in the higher part of the hierarchy is also able to access (decrypt) the content in the lower part of the hierarchy using their decryption keys. Additionally, our scheme provides many essential features such as authentication of the consumers at the very beginning before forwarding their requests into the network, accountability of the Internet Service Provider, consumers' privilege revocations, etc. In addition, we present a formal security analysis of the proposed scheme showing that the scheme is provably secure against Chosen Plaintext Attack. Moreover, we describe the performance analysis showing that our scheme achieves better results than existing schemes in terms of functionality, computation, storage, and communication overhead. Our network simulations show that the main delay in our scheme is due to cryptographic operations, which are more efficient and hence our scheme is better than the existing schemes.
Subject: named data networking; access control; accountability; revocation; encryption; authentication; provable security
Identifier: http://hdl.handle.net/1959.13/1427985
Identifier: uon:38587
Identifier: ISBN:9783030589509
Language: eng
Reviewed

Hits: 1465
Visitors: 1454
Downloads: 0

		Thumbnail	File	Description	Size	Format