Project Title: Securing data objects for future Internet
Acknowledgements: We would like to thank for the Mobility grant support (2015-2016) from Swedish Foundation for Strategic Research (SSF). Also, we would like to thank for the collaboration and support from Ericsson Research, Sweden.
Background and Objectives:
ICN focuses on content retrieval from the network regardless of storage location or physical representation of this content. Thus, securing the data content itself is more important than securing the infrastructure or the end-points. Most existing ICN implementations ensure data integrity as well as authentication by signing data at creation. However, confidentiality remains to be a challenge. One interesting problem with confidentiality is how to present and enforce access control policies. Confidentiality is usually addressed by a trusted third party or by the data owner in traditional Internet architecture. Yet in ICN, data is likely replicated and disseminated in the network, making it difficult for the owner to continue to control the access to the data. A key requirement in ICN is that when the same object is made available to groups with different access credentials this should not result in multiple encrypted objects that needs to be duplicated in the caches.
In this project, we have identified and studied the following research questions.
- How appropriate the functional encryption schemes such as Attribute- or Identity-based encryption for providing data object security in ICNs?
- How to handle revocation of access rights in ICNs?
- What is the key management overhead of encryption-based access control schemes? How would it compare to current mechanisms from usability, performance and security perspectives?
- How to handle access control for dynamic or individualized content?
- Can access-control schemes help with erasing content in ICNs by revoking access to it?
Š “Experiences from a Field Test using ICN for Live Video Streaming,” A. Mohammad Malik, B. Ahlgren, B. Ohlman, A. Lindgren, E. Ngai, L. Klingsbo, and M. LĆng, Workshop on Multimedia Streaming in Information-Centric Networks (MuSIC), in conjunction with ICME, Torino, Italy, 3 July 2015.
Š “Information-centric Networking and Security,” E. Ngai and B. Ohlman and G. Tsudik and E. Uzun, Dagstuhl Reports (Dagstuhl Seminar 16251), Volume 6, Issue 6, Jun 2016, pp. 49-61.
Š “Attribute-Based Encryption on a Resource Constrained Sensor in an Information-Centric Network,” A. M. Malik, J. Borgh, and B. Ohlman, ACM Information Centric Networking Conference (ACM ICN 2016), Demo, Sep 2016, Kyoto, Japan.
Š “Can We Make a Cake and Eat it Too? A Discussion of ICN Security and Privacy,” E. Ngai, B. Ohlman, G. Tsudik, E. Uzun, M. Wahlisch, C. A. Wood, ACM Computer Communications Review, Jan 2017.
Š “Employing Attribute-Based Encryption in Systems with Resource Constrained Devices in an Information-Centric Networking Context,” J. Borgh, E. Ngai, B. Ohlman and A. M. Malik, submitted to Global IoT Summit ’17, 6-9 Jun 2017 in Geneva, Switzerland. (under review)
Edith Ngai, Uppsala University
Börje Ohlman, Ericsson Research