An accountable access control scheme for hierarchical content in named data networks with revocation

Abstract

This paper presents a novel encryption-based access control scheme to address the access control issues in Named Data Networking (NDN). Though there have been several recent works proposing access control schemes, they are not suitable for many large scale real-world applications where content is often organized in a hierarchical manner (such as movies in Netflix) for efficient service provision. This paper uses a cryptographic technique, referred to as Role-Based Encryption, to introduce inheritance property for achieving access control over hierarchical contents. The proposed scheme encrypts the hierarchical content in such a way that any consumer who pays a higher level of subscription and is able to access (decrypt) contents in the higher part of the hierarchy is also able to access (decrypt) the content in the lower part of the hierarchy using their decryption keys. Additionally, our scheme provides many essential features such as authentication of the consumers at the very beginning before forwarding their requests into the network, accountability of the Internet Service Provider, consumers’ privilege revocations, etc. In addition, we present a formal security analysis of the proposed scheme showing that the scheme is provably secure against Chosen Plaintext Attack. Moreover, we describe the performance analysis showing that our scheme achieves better results than existing schemes in terms of functionality, computation, storage, and communication overhead. Our network simulations show that the main delay in our scheme is due to cryptographic operations, which are more efficient and hence our scheme is better than the existing schemes.