NDN-ACE: Access Control for Constrained Environments over Named Data Networking
نویسندگان
چکیده
The access control problem, including authentication and authorization, is critical to the security and privacy of the IoT networks. In this paper we present NDN-ACE, a lightweight access control protocol for constrained environments over Named Data Networking (NDN). NDN-ACE uses symmetric cryptography to authenticate the actuation commands on the constrained devices but offloads the key distribution and management tasks to a more powerful trusted third party. It utilizes hierarchical NDN names to express fine-grained access control policies that bind the identity of the command senders to the services they are authorized to access. The key management protocol in NDN-ACE allows the senders to update their access keys periodically without requiring tight synchronization among the devices. The evaluation shows that NDN-ACE has fewer message exchange and uses fewer components in the overall network architecture compared to the IP-based alternatives. The “proof-of-concept” prototype also demonstrates the feasibility and efficiency of the NDN-ACE framework.
منابع مشابه
Securing Instrumented Environments over Content-Centric Networking: the Case of Lighting Control
Instrumented environments, such as modern building automation systems (BAS), are becoming commonplace and are increasingly interconnected with (and sometimes by) enterprise networks and the Internet. Regardless of the underlying communication platform, secure control of devices in such environments is a challenging task. The current trend is to move from proprietary communication media and prot...
متن کاملOpportunities and Challenges for Named Data Networking to Increase the Agility of Military Coalitions
The fundamental aim of this paper is to position the opportunities and challenges for adopting Named Data Networking (NDN) in the specific context of military coalition operations and tactical networks. The characteristic properties of tactical networks include high dynamics in multiple dimensions: bandwidth, network congestion, frequent topological changes, geographical mobility of assets, as ...
متن کاملForwarding strategies in named data wireless ad hoc networks: Design and evaluation
Named Data Networking (NDN) is a promising information-centric architecture for the future Internet that is also gaining momentum in wireless ad hoc networks as an alternative paradigm to traditional IP networking. NDN shares with other information-centric proposals the same innovative concepts, such as named content, name-based routing, and in-network content caching. These principles and the ...
متن کاملThe Comparison of Forwarding Strategies between Best Route, Multicast, and Access on Named Data Networking (NDN). Case Study: A Node Compromised by the Prefix Hijack
—Named Data Networking (NDN) is a new design of network architecture and becomes the leading trend of network architecture because of its packet carries the Name of data, it does not carry the information of a source or a destination address, such an IP address packet. In a network routing, a NDN network has an adaptive forwarding mechanism. A NDN router determines packets immediately which pa...
متن کاملName-Based Access Control
This paper presents a content-based access control access control model for content stored in network storage. The model enforces the access control directly over content through encrypting content at the time of production, rather than relying on a third party (such as data storage) as traditional perimeter-based access control model. We present the design of Name-based Access Control (NAC), w...
متن کامل