Yingdi Yu, Alexander Afanasyev, David Clark, kc claffy, Van Jacobson, and Lixia Zhang. “Schematizing and Automating Trust in Named Data Networking.” NDN, Technical Report NDN-0030, Revision 2: June 2, 2015.
Securing communication in networking applications involves many complex tasks that can be daunting even for secu- rity experts. The Named Data Networking (NDN) architecture builds data authentication into the narrow waist layer by requiring all applications to sign and authenticate every network-level data packet. To make this authentication usable, the decision about which keys can sign which data and the procedure of signature verification need to be automated. This paper explores the ability of NDN to enable such automation through the use of trust schemas. For data consumers, trust schemas provide an automatic way to discover which keys to use to authenticate data packets. For data producers, schemas automate the decision about which keys to use to sign data packets and, if keys are missing, how to create keys while ensuring that they are used only within a narrowly defined scope (“least privilege principle”). We have successfully applied the designed trust schema in several prototype NDN applications with trust models of different complexity, showing the potential of this approach to be generally applicable to a wide range of NDN applications.
Obsoleted by: Schematizing Trust in Named Data Networking
* * *