Securing named data networks: Challenges and theway forward

Elisa Bertino, Mohamed Nabeel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Despite decades of research on the Internet security, we constantly hear about mega data breaches and malware infections affecting hundreds of millions of hosts. The key reason is that the current threat model of the Internet relies on two assumptions that no longer hold true: (1)Web servers, hosting the content, are secure, (2) each Internet connection starts from the original content provider and terminates at the content consumer. Internet security is today merely patched on top of the TCP/IP protocol stack. In order to achieve comprehensive security for the Internet, we believe that a clean-slate approach must be adopted where a content based security model is employed. Named Data Networking (NDN) is a step in this direction which is envisioned to be the next generation Internet architecture based on a content centric communication model. NDN is currently being designed with security as a key requirement, and thus to support content integrity, authenticity, confidentiality and privacy. However, in order to meet such a requirement, one needs to overcome several challenges, especially in either large operational environments or resource constrained networks. In this paper, we explore the security challenges in achieving comprehensive content security in NDN and propose a research agenda to address some of the challenges.

Original languageEnglish
Title of host publicationSACMAT 2018 - Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies
PublisherAssociation for Computing Machinery
Pages51-59
Number of pages9
VolumePart F137153
ISBN (Electronic)9781450356664
DOIs
Publication statusPublished - 7 Jun 2018
Event23rd ACM Symposium on Access Control Models and Technologies, SACMAT 2018 - Indianapolis, United States
Duration: 13 Jun 201815 Jun 2018

Other

Other23rd ACM Symposium on Access Control Models and Technologies, SACMAT 2018
CountryUnited States
CityIndianapolis
Period13/6/1815/6/18

Fingerprint

Internet
Slate
Servers
Network protocols
Communication

Keywords

  • Access control
  • Confidentiality
  • Edge computing
  • Integrity
  • Named data networks
  • Privacy
  • Security

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Cite this

Bertino, E., & Nabeel, M. (2018). Securing named data networks: Challenges and theway forward. In SACMAT 2018 - Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies (Vol. Part F137153, pp. 51-59). Association for Computing Machinery. https://doi.org/10.1145/3205977.3205996

Securing named data networks : Challenges and theway forward. / Bertino, Elisa; Nabeel, Mohamed.

SACMAT 2018 - Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies. Vol. Part F137153 Association for Computing Machinery, 2018. p. 51-59.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Bertino, E & Nabeel, M 2018, Securing named data networks: Challenges and theway forward. in SACMAT 2018 - Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies. vol. Part F137153, Association for Computing Machinery, pp. 51-59, 23rd ACM Symposium on Access Control Models and Technologies, SACMAT 2018, Indianapolis, United States, 13/6/18. https://doi.org/10.1145/3205977.3205996
Bertino E, Nabeel M. Securing named data networks: Challenges and theway forward. In SACMAT 2018 - Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies. Vol. Part F137153. Association for Computing Machinery. 2018. p. 51-59 https://doi.org/10.1145/3205977.3205996
Bertino, Elisa ; Nabeel, Mohamed. / Securing named data networks : Challenges and theway forward. SACMAT 2018 - Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies. Vol. Part F137153 Association for Computing Machinery, 2018. pp. 51-59
@inproceedings{53f7898ef2dc4ec7a01c28df06d2de51,
title = "Securing named data networks: Challenges and theway forward",
abstract = "Despite decades of research on the Internet security, we constantly hear about mega data breaches and malware infections affecting hundreds of millions of hosts. The key reason is that the current threat model of the Internet relies on two assumptions that no longer hold true: (1)Web servers, hosting the content, are secure, (2) each Internet connection starts from the original content provider and terminates at the content consumer. Internet security is today merely patched on top of the TCP/IP protocol stack. In order to achieve comprehensive security for the Internet, we believe that a clean-slate approach must be adopted where a content based security model is employed. Named Data Networking (NDN) is a step in this direction which is envisioned to be the next generation Internet architecture based on a content centric communication model. NDN is currently being designed with security as a key requirement, and thus to support content integrity, authenticity, confidentiality and privacy. However, in order to meet such a requirement, one needs to overcome several challenges, especially in either large operational environments or resource constrained networks. In this paper, we explore the security challenges in achieving comprehensive content security in NDN and propose a research agenda to address some of the challenges.",
keywords = "Access control, Confidentiality, Edge computing, Integrity, Named data networks, Privacy, Security",
author = "Elisa Bertino and Mohamed Nabeel",
year = "2018",
month = "6",
day = "7",
doi = "10.1145/3205977.3205996",
language = "English",
volume = "Part F137153",
pages = "51--59",
booktitle = "SACMAT 2018 - Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies",
publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - Securing named data networks

T2 - Challenges and theway forward

AU - Bertino, Elisa

AU - Nabeel, Mohamed

PY - 2018/6/7

Y1 - 2018/6/7

N2 - Despite decades of research on the Internet security, we constantly hear about mega data breaches and malware infections affecting hundreds of millions of hosts. The key reason is that the current threat model of the Internet relies on two assumptions that no longer hold true: (1)Web servers, hosting the content, are secure, (2) each Internet connection starts from the original content provider and terminates at the content consumer. Internet security is today merely patched on top of the TCP/IP protocol stack. In order to achieve comprehensive security for the Internet, we believe that a clean-slate approach must be adopted where a content based security model is employed. Named Data Networking (NDN) is a step in this direction which is envisioned to be the next generation Internet architecture based on a content centric communication model. NDN is currently being designed with security as a key requirement, and thus to support content integrity, authenticity, confidentiality and privacy. However, in order to meet such a requirement, one needs to overcome several challenges, especially in either large operational environments or resource constrained networks. In this paper, we explore the security challenges in achieving comprehensive content security in NDN and propose a research agenda to address some of the challenges.

AB - Despite decades of research on the Internet security, we constantly hear about mega data breaches and malware infections affecting hundreds of millions of hosts. The key reason is that the current threat model of the Internet relies on two assumptions that no longer hold true: (1)Web servers, hosting the content, are secure, (2) each Internet connection starts from the original content provider and terminates at the content consumer. Internet security is today merely patched on top of the TCP/IP protocol stack. In order to achieve comprehensive security for the Internet, we believe that a clean-slate approach must be adopted where a content based security model is employed. Named Data Networking (NDN) is a step in this direction which is envisioned to be the next generation Internet architecture based on a content centric communication model. NDN is currently being designed with security as a key requirement, and thus to support content integrity, authenticity, confidentiality and privacy. However, in order to meet such a requirement, one needs to overcome several challenges, especially in either large operational environments or resource constrained networks. In this paper, we explore the security challenges in achieving comprehensive content security in NDN and propose a research agenda to address some of the challenges.

KW - Access control

KW - Confidentiality

KW - Edge computing

KW - Integrity

KW - Named data networks

KW - Privacy

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85049315434&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85049315434&partnerID=8YFLogxK

U2 - 10.1145/3205977.3205996

DO - 10.1145/3205977.3205996

M3 - Conference contribution

AN - SCOPUS:85049315434

VL - Part F137153

SP - 51

EP - 59

BT - SACMAT 2018 - Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies

PB - Association for Computing Machinery

ER -