高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

命名数据网络中可追溯且轻量级的细粒度访问控制机制

雒江涛 何宸 王俊霞

雒江涛, 何宸, 王俊霞. 命名数据网络中可追溯且轻量级的细粒度访问控制机制[J]. 电子与信息学报, 2019, 41(10): 2428-2434. doi: 10.11999/JEIT181160
引用本文: 雒江涛, 何宸, 王俊霞. 命名数据网络中可追溯且轻量级的细粒度访问控制机制[J]. 电子与信息学报, 2019, 41(10): 2428-2434. doi: 10.11999/JEIT181160
Jiangtao LUO, Chen HE, Junxia WANG. Traceable Lightweight and Fine-grained Access Control in Named Data Networking[J]. Journal of Electronics & Information Technology, 2019, 41(10): 2428-2434. doi: 10.11999/JEIT181160
Citation: Jiangtao LUO, Chen HE, Junxia WANG. Traceable Lightweight and Fine-grained Access Control in Named Data Networking[J]. Journal of Electronics & Information Technology, 2019, 41(10): 2428-2434. doi: 10.11999/JEIT181160

命名数据网络中可追溯且轻量级的细粒度访问控制机制

doi: 10.11999/JEIT181160
基金项目: 教育部-中国移动科研基金(MCM20170203),重庆市基础科学与前沿研究重点项目(cstc2015jcyjBX0009, CSTCKJCXLJRC20)
详细信息
    作者简介:

    雒江涛:男,1971年生,教授,研究方向为新一代网络技术、通信网络测试与优化、移动大数据等

    何宸:男,1994年生,硕士生,研究方向为新一代网络技术

    王俊霞:女,1992年生,博士生,研究方向为新一代网络技术

    通讯作者:

    雒江涛 Luojt@cqupt.edu.cn

  • 中图分类号: TP393

Traceable Lightweight and Fine-grained Access Control in Named Data Networking

Funds: Ministry of Education-China Mobile Research Fund Project (MCM20170203), The Fundamental and Frontier Research Project of Chongqing (cstc2015jcyjBX0009, CSTCKJCXLJRC20)
  • 摘要: 由于命名数据网络(NDN)具有网内缓存特点,任意用户可直接从中间路由节点获取数据,同时,内容提供商也无法得知用户的访问信息。针对这些问题,该文结合基于身份的组合公钥和Schnorr签名方法,提出了“三次握手”匿名安全认证协议,同时,采用改进的秘密共享方法来高效分发内容密钥,实现了一种可追溯且轻量级的细粒度访问控制机制(TLAC),最后,通过实验验证了TLAC机制的高效性。
  • 图  1  “三次握手”身份认证

    图  2  $x \cdot G$的计算开销

    图  3  不同用户数量规模下的内容检索时延对比

    图  4  不同文件大小的内容检索时延对比

    图  5  US, CS的计算开销

    表  1  认证时的计算开销对比

    对比项目TLAC机制SEAF机制
    U(无预计算)$5{m_0}{\rm{ + 5}}h$$3p{\rm{ + }}3e{\rm{ + 9}}{m_0}{\rm{ + }}h$
    U(预计算后)$3{m_0}{\rm{ + 4}}h$h
    R(无预计算)$5{m_0}{\rm{ + 4}}h$$5p{\rm{ + }}4e{\rm{ + 8}}{m_0}{\rm{ + }}h$
    R(预计算后)$4{m_0}{\rm{ + 4}}h$/
    下载: 导出CSV

    表  2  预计算后的时间开销对比(ms)

    对比项目TLAC机制SEAF机制
    U5.150.05
    R6.6713.75
    下载: 导出CSV
  • CISCO. Cisco visual networking index: Forecast and methodology, 2016–2021 white paper[EB/OL]. https://www.cisco.com/c/en/us/solutions/collateral/service-provider/global-cloud-index-gci/white-paper-c11-738085.html, 2018.
    GASTI P and TSUDIK G. Content-centric and named-data networking security: The good, the bad and the rest[C]. 2018 IEEE International Symposium on Local and Metropolitan Area Networks, Washington, USA, 2018: 1–6.
    TOURANI R, MISRA S, MICK T, et al. Security, privacy, and access control in information-centric networking: A survey[J]. IEEE Communications Surveys & Tutorials, 2018, 20(1): 566–600. doi: 10.1109/COMST.2017.2749508
    MISRA S, TOURANI R, and MAJD N E. Secure content delivery in information-centric networks: Design, implementation, and analyses[C]. The 3rd ACM SIGCOMM Workshop on Information-centric Networking, Hong Kong, China, 2013: 73–78.
    MISRA S, TOURANI R, NATIVIDAD F, et al. AccConF: An access control framework for leveraging in-network cached data in the ICN-enabled wireless edge[J]. IEEE Transactions on Dependable and Secure Computing, 2019, 16(1): 5–17. doi: 10.1109/TDSC.2017.2672991
    CHEN Tao, LEI Kai, and XU Kuai. An encryption and probability based access control model for named data networking[C]. The 33rd IEEE International Performance Computing and Communications Conference, Austin, USA, 2014: 1–8.
    ZHENG Qingji, WANG Guoqiang, RAVINDRAN R, et al. Achieving secure and scalable data access control in information-centric networking[C]. 2015 IEEE International Conference on Communications, London, UK, 2015: 5367–5373.
    XUE Kaiping, ZHANG Xiang, XIA Qiudong, et al. SEAF: A secure, efficient and accountable access control framework for information centric networking[C]. The IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, Honolulu, USA, 2018: 2213–2221.
    CHEN Liqun, CHENG Z, and SMART N P. Identity-based key agreement protocols from pairings[J]. International Journal of Information Security, 2007, 6(4): 213–241. doi: 10.1007/s10207-006-0011-9
    南湘浩. 组合公钥(CPK)体制标准(V5.0)[J]. 计算机安全, 2010(10): 1–2, 5. doi: 10.3969/j.issn.1671-0428.2010.10.001

    NAN Xianghao. Combined public key(CPK)cryptosystem standard(V5.0)[J]. Computer Security, 2010(10): 1–2, 5. doi: 10.3969/j.issn.1671-0428.2010.10.001
    SCHNORR C P. Efficient signature generation by smart cards[J]. Journal of Cryptology, 1991, 4(3): 161–174. doi: 10.1007/bf00196725
    NAOR M and YUNG M. Universal one-way hash functions and their cryptographic applications[C]. The 21st Annual ACM Symposium on Theory of Computing, Seattle, USA, 1989: 33–43.
    SHAMIR A. Identity-based cryptosystems and signature schemes[C]. The Workshop on the Theory and Application of Cryptographic Techniques, Berlin, Germany, 1984: 47–53.
    SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11): 612–613. doi: 10.1145/359168.359176
    IMINE Y, LOUNIS A, and BOUABDALLAH A. ABR: A new efficient attribute based revocation on access control system[C]. The 13th International Wireless Communications and Mobile Computing Conference, Valencia, Spain, 2017: 735–740.
  • 加载中
图(5) / 表(2)
计量
  • 文章访问数:  2070
  • HTML全文浏览量:  902
  • PDF下载量:  50
  • 被引次数: 0
出版历程
  • 收稿日期:  2018-12-18
  • 修回日期:  2019-06-14
  • 网络出版日期:  2019-06-24
  • 刊出日期:  2019-10-01

目录

    /

    返回文章
    返回