D-NAC: Distributed access control for named data networks
Abstract
Named Data Networking (NDN) offers a secure and optimized alternative for content distribution applications, a primary activity on the Internet. One of the main requirements for those applications is access control. Access control specifies authorization and accounting rules for certain entities when requesting content. Name-based Access Control (NAC) solutions utilize NDN’s semantically meaningful naming to express the access policy and granularity. The Access Manager, one of the components of the NAC solution, centralizes the access control policies and key management process. However, the centralized design of Access Manager contrasts with NDN’s distributed architecture, which can lead to bottleneck and availability issues due to individual failures. In this paper, we present the design and evaluation of D-NAC, which enhances NAC architecture by making the access manager fully distributed. Experimental results demonstrate the resilience and performance of D-NAC compared to standard NAC solution, with minimal overhead to the network.References
Ben Abraham, H. and Crowley, P. (2013). Performance measurement of the ccnx syn-chronization protocol. In Architectures for Networking and Communications Systems, pages 121–122.
Brito, I. and Sampaio, L. (2021). Roteamento em Redes de Dados Nomeados com NDVR: um protocolo leve e eficiente para disseminação de informações de alcançabilidade. In Anais do XXXIX SBRC, pages 574–587, Porto Alegre, RS, Brasil. SBC.
Fu, W., Abraham, H. B., and Crowley, P. (2015). Synchronizing namespaces with invertible bloom filters. In 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pages 123–134.
Ghasemi, C., Yousefi, H., Shin, K. G., and Zhang, B. (2018). Muca: New routing for named data networking. In 2018 IFIP Networking Conference (IFIP Networking) and Workshops, pages 289–297. IEEE.
Hoque, A. K. M. M., Amin, S. O., Alyyan, A., Zhang, B., Zhang, L., and Wang, L. (2013). Nlsr: Named-data link state routing protocol. ICN ’13, page 15–20, New York, NY, USA. Association for Computing Machinery.
Li, T., Kong, Z., Mastorakis, S., and Zhang, L. (2019). Distributed dataset synchronization in disruptive networks. In 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), pages 428–437.
Li, T., Shang, W., Afanasyev, A., Wang, L., and Zhang, L. (2018). A brief introduction to ndn dataset synchronization (ndn sync). In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), pages 612–618.
Liang, T., Huang, W., Ma, X., Zhang, W., Zhang, Y., and Zhang, B. (2023). PCLive: Bringing Named Data Networking to Internet Livestreaming. In Proceedings of the 10th ACM Conference on Information-Centric Networking, page 36–45, New York, NY, USA. Association for Computing Machinery.
Nour, B., Khelifi, H., Hussain, R., Mastorakis, S., and Moungla, H. (2021). Access control mechanisms in named data networks: A comprehensive survey. ACM Comput. Surv., 54(3).
Philipp Moll, Varun Patil, N. S. and Zhang, L. (2021). A Brief Introduction to State Vector Sync. NDN Technical Report.
Sampaio, L., Freitas, A., Brito, I., Araújo, F., and Ribeiro, A. (2021). Revisitando as icns: Mobilidade, segurança e aplicações distribuídas através das redes de dados nomeados. Minicursos do Simpósio Brasileiro de Redes de Computadores - SBRC.
Shang, W., Afanasyev, A., and Zhang, L. (2017). Vectorsync: Distributed dataset synchronization over named data networking. page 192–193. Association for Computing Machinery.
Tehrani, P. F., Osterweil, E., Schmidt, T. C., and Wählisch, M. (2022). Sok: Public key and namespace management in ndn. In Proceedings of the 9th ACM Conference on Information-Centric Networking, ICN ’22, page 67–79, New York, NY, USA. Association for Computing Machinery.
Thelagathoti, R. K., Mastorakis, S., Shah, A., Bedi, H., and Shannigrahi, S. (2020). Named Data Networking for Content Delivery Network Workflows. In 2020 IEEE 9th International Conference on Cloud Networking (CloudNet), pages 1–7.
Zhang, L. (2019). The Role of Data Repositories in Named Data Networking. In 2019 IEEE International Conference on Communications Workshops, pages 1–5.
Zhang, L., Afanasyev, A., Burke, J., Jacobson, V., Claffy, K., Crowley, P., Papadopoulos, C., Wang, L., and Zhang, B. (2014). Named Data Networking. SIGCOMM Comput. Commun. Rev., 44(3):66–73.
Zhang, Z., Yu, Y., Ramani, S. K., Afanasyev, A., and Zhang, L. (2018). NAC: Automating Access Control via Named Data. In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), pages 626–633.
Brito, I. and Sampaio, L. (2021). Roteamento em Redes de Dados Nomeados com NDVR: um protocolo leve e eficiente para disseminação de informações de alcançabilidade. In Anais do XXXIX SBRC, pages 574–587, Porto Alegre, RS, Brasil. SBC.
Fu, W., Abraham, H. B., and Crowley, P. (2015). Synchronizing namespaces with invertible bloom filters. In 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pages 123–134.
Ghasemi, C., Yousefi, H., Shin, K. G., and Zhang, B. (2018). Muca: New routing for named data networking. In 2018 IFIP Networking Conference (IFIP Networking) and Workshops, pages 289–297. IEEE.
Hoque, A. K. M. M., Amin, S. O., Alyyan, A., Zhang, B., Zhang, L., and Wang, L. (2013). Nlsr: Named-data link state routing protocol. ICN ’13, page 15–20, New York, NY, USA. Association for Computing Machinery.
Li, T., Kong, Z., Mastorakis, S., and Zhang, L. (2019). Distributed dataset synchronization in disruptive networks. In 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), pages 428–437.
Li, T., Shang, W., Afanasyev, A., Wang, L., and Zhang, L. (2018). A brief introduction to ndn dataset synchronization (ndn sync). In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), pages 612–618.
Liang, T., Huang, W., Ma, X., Zhang, W., Zhang, Y., and Zhang, B. (2023). PCLive: Bringing Named Data Networking to Internet Livestreaming. In Proceedings of the 10th ACM Conference on Information-Centric Networking, page 36–45, New York, NY, USA. Association for Computing Machinery.
Nour, B., Khelifi, H., Hussain, R., Mastorakis, S., and Moungla, H. (2021). Access control mechanisms in named data networks: A comprehensive survey. ACM Comput. Surv., 54(3).
Philipp Moll, Varun Patil, N. S. and Zhang, L. (2021). A Brief Introduction to State Vector Sync. NDN Technical Report.
Sampaio, L., Freitas, A., Brito, I., Araújo, F., and Ribeiro, A. (2021). Revisitando as icns: Mobilidade, segurança e aplicações distribuídas através das redes de dados nomeados. Minicursos do Simpósio Brasileiro de Redes de Computadores - SBRC.
Shang, W., Afanasyev, A., and Zhang, L. (2017). Vectorsync: Distributed dataset synchronization over named data networking. page 192–193. Association for Computing Machinery.
Tehrani, P. F., Osterweil, E., Schmidt, T. C., and Wählisch, M. (2022). Sok: Public key and namespace management in ndn. In Proceedings of the 9th ACM Conference on Information-Centric Networking, ICN ’22, page 67–79, New York, NY, USA. Association for Computing Machinery.
Thelagathoti, R. K., Mastorakis, S., Shah, A., Bedi, H., and Shannigrahi, S. (2020). Named Data Networking for Content Delivery Network Workflows. In 2020 IEEE 9th International Conference on Cloud Networking (CloudNet), pages 1–7.
Zhang, L. (2019). The Role of Data Repositories in Named Data Networking. In 2019 IEEE International Conference on Communications Workshops, pages 1–5.
Zhang, L., Afanasyev, A., Burke, J., Jacobson, V., Claffy, K., Crowley, P., Papadopoulos, C., Wang, L., and Zhang, B. (2014). Named Data Networking. SIGCOMM Comput. Commun. Rev., 44(3):66–73.
Zhang, Z., Yu, Y., Ramani, S. K., Afanasyev, A., and Zhang, L. (2018). NAC: Automating Access Control via Named Data. In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), pages 626–633.
Published
2024-09-16
How to Cite
BRITO, Italo Valcy S.; SCHRAMM, Katharine; SAMPAIO, Leobino.
D-NAC: Distributed access control for named data networks. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 165-180.
DOI: https://doi.org/10.5753/sbseg.2024.241766.
