A distributed capability access control scheme in information-centric networking

Jung Hwan Cha, Youn Hee Han, Sung-Gi Min

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Enforcing access control policies in Information-Centric Networking (ICN) is difficult due to there being multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. To address these problems, we propose a distributed capability access control scheme for ICN. The proposed scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from the con-sumer. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contactingaccess control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. The performance analysis and implementation show that the proposed scheme is feasible and more efficient than other access control schemes.

Original languageEnglish
Pages (from-to)1121-1130
Number of pages10
JournalIEICE Transactions on Communications
VolumeE99B
Issue number5
DOIs
Publication statusPublished - 2016 May 1

Fingerprint

Access control
Servers

Keywords

  • Access control
  • Capability-based access control
  • Information-centric networking (ICN)
  • Privacy preservation

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Networks and Communications
  • Software

Cite this

A distributed capability access control scheme in information-centric networking. / Cha, Jung Hwan; Han, Youn Hee; Min, Sung-Gi.

In: IEICE Transactions on Communications, Vol. E99B, No. 5, 01.05.2016, p. 1121-1130.

Research output: Contribution to journalArticle

@article{d6c0dc7efdc843f49f64b8ebe9dbaad2,
title = "A distributed capability access control scheme in information-centric networking",
abstract = "Enforcing access control policies in Information-Centric Networking (ICN) is difficult due to there being multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. To address these problems, we propose a distributed capability access control scheme for ICN. The proposed scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from the con-sumer. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contactingaccess control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. The performance analysis and implementation show that the proposed scheme is feasible and more efficient than other access control schemes.",
keywords = "Access control, Capability-based access control, Information-centric networking (ICN), Privacy preservation",
author = "Cha, {Jung Hwan} and Han, {Youn Hee} and Sung-Gi Min",
year = "2016",
month = "5",
day = "1",
doi = "10.1587/transcom.2015EBP3347",
language = "English",
volume = "E99B",
pages = "1121--1130",
journal = "IEICE Transactions on Communications",
issn = "0916-8516",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "5",

}

TY - JOUR

T1 - A distributed capability access control scheme in information-centric networking

AU - Cha, Jung Hwan

AU - Han, Youn Hee

AU - Min, Sung-Gi

PY - 2016/5/1

Y1 - 2016/5/1

N2 - Enforcing access control policies in Information-Centric Networking (ICN) is difficult due to there being multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. To address these problems, we propose a distributed capability access control scheme for ICN. The proposed scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from the con-sumer. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contactingaccess control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. The performance analysis and implementation show that the proposed scheme is feasible and more efficient than other access control schemes.

AB - Enforcing access control policies in Information-Centric Networking (ICN) is difficult due to there being multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. To address these problems, we propose a distributed capability access control scheme for ICN. The proposed scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from the con-sumer. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contactingaccess control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. The performance analysis and implementation show that the proposed scheme is feasible and more efficient than other access control schemes.

KW - Access control

KW - Capability-based access control

KW - Information-centric networking (ICN)

KW - Privacy preservation

UR - http://www.scopus.com/inward/record.url?scp=84969921649&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84969921649&partnerID=8YFLogxK

U2 - 10.1587/transcom.2015EBP3347

DO - 10.1587/transcom.2015EBP3347

M3 - Article

VL - E99B

SP - 1121

EP - 1130

JO - IEICE Transactions on Communications

JF - IEICE Transactions on Communications

SN - 0916-8516

IS - 5

ER -