Yingdi Yu, Alexander Afanasyev, Lixia Zhang
NDN, Technical Report NDN-0034.
Revision 1, Oct 27, 2015.
This paper presents a content-based access control access control model for content stored in network storage. The model enforces the access control directly over content through encrypting content at the time of production, rather than re- lying on a third party (such as data storage) as traditional perimeter-based access control model. We present the de- sign of Name-based Access Control (NAC), which implements the content-based access control model in Named Data Networking (NDN). We demonstrate how to make use of naming convention to explicitly convey access control policy and efficiently distribute access control keys, thus enabling effective access control. We evaluate the scalability of NAC against CCN-AC, another encryption-based access control scheme. The results suggest that NAC is more suitable for large scale distributed data production and consumption.