Wentao Shang, Yingdi Yu, Teng Liang, Beichuan Zhang, and Lixia Zhang. NDN-ACE: Access Control for Constrained Environments over Named Data Networking. NDN, Technical Report NDN-0036.
Revision 1, Dec 21, 2015.
The access control problem, including authentication and authorization, is critical to the security and privacy of the IoT networks. In this paper we present NDN-ACE, a lightweight access control protocol for constrained environments over Named Data Networking (NDN). NDN-ACE uses symmetric cryptography to authenticate the actuation commands on the constrained devices but offloads the key distribution and management tasks to a more powerful trusted third party. It utilizes hierarchical NDN names to express fine-grained access control policies that bind the identity of the command senders to the services they are authorized to access. The key management protocol in NDN-ACE allows the senders to update their access keys periodically without requiring tight synchronization among the devices. The evaluation shows that NDN-ACE has fewer message exchange and uses fewer components in the overall network architecture compared to the IP-based alternatives. The “proof-of-concept” prototype also demonstrates the feasibility and efficiency of the NDN-ACE framework.