{"title":"NDNCERT: universal usable trust management for NDN","authors":"Zhiyi Zhang, A. Afanasyev, Lixia Zhang","doi":"10.1145/3125719.3132090","DOIUrl":null,"url":null,"abstract":"The Named Data Networking (NDN) architecture builds the security primitives into the network layer: all retrieved data packets must be signed to ensure their integrity authenticity and provenance. To ensure that these primitives are used in a meaningful way without imposing undue burdens on NDN users, the management of cryptographic keys and certificates needs to work in a simple, secure, and user-friendly way. This poster introduces the NDN Trust Management system (NDNCERT) which is designed to fill this need. NDNCERT provides flexible mechanisms to delegate trust between certificates, either within a single device (managing permissions for local applications on a node to operate under a given namespace) or across devices/entities. NDNCERT features a modular design for security challenges that establish trust through out-of-band means for certificate issuing. Once a node or an application obtains a valid certificate for its namespace (or being configured with a self-signed certificate), it automatically becomes a certificate authority for its namespace, and can use the same NDNCERT protocol to produce certificates for the sub-namespaces.","PeriodicalId":394653,"journal":{"name":"Proceedings of the 4th ACM Conference on Information-Centric Networking","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 4th ACM Conference on Information-Centric Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3125719.3132090","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 18
Abstract
The Named Data Networking (NDN) architecture builds the security primitives into the network layer: all retrieved data packets must be signed to ensure their integrity authenticity and provenance. To ensure that these primitives are used in a meaningful way without imposing undue burdens on NDN users, the management of cryptographic keys and certificates needs to work in a simple, secure, and user-friendly way. This poster introduces the NDN Trust Management system (NDNCERT) which is designed to fill this need. NDNCERT provides flexible mechanisms to delegate trust between certificates, either within a single device (managing permissions for local applications on a node to operate under a given namespace) or across devices/entities. NDNCERT features a modular design for security challenges that establish trust through out-of-band means for certificate issuing. Once a node or an application obtains a valid certificate for its namespace (or being configured with a self-signed certificate), it automatically becomes a certificate authority for its namespace, and can use the same NDNCERT protocol to produce certificates for the sub-namespaces.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
