[Ndn-interest] Secure Log-in mechanism in NDN

Sun Mar 19 12:54:37 PDT 2017

The same general approach was explored earlier in this paper (in the 
context of CCNx, but applicable to NDN):

J. Kurihara, C. A. Wood, and E. Uzun,
An Encryption-Based Access Control Framework for Content-Centric 
Networking <http://sprout.ics.uci.edu/projects/ndn/papers/ccnac15.pdf>,
/in IFIP Networking/, Toulouse, France, 2015.

Cheers,
Gene Tsudik

On 3/19/17 12:43 PM, Lan Wang (lanwang) wrote:
> Jongdeog’s question is about access control.  Rather than emulating 
> how the current solutions work, an NDN producer can encrypt the data 
> and distribute the data decryption key to the user (using the user’s 
> public key to encrypt the data decryption key).  See "Name-Based 
> Access Control." Y. Yu, A. Afanasyev, L. Zhang.
> NDN, Technical Report NDN-0034. 
> https://named-data.net/publications/techreports/ndn-0034-2-nac/
>
> Lan
>
>> On Mar 19, 2017, at 7:19 AM, Junxiao Shi 
>> <shijunxiao at email.arizona.edu <mailto:shijunxiao at email.arizona.edu>> 
>> wrote:
>>
>> Hi Jongdeog
>>
>> First of all, any NDN application, including ndnping, has a "producer 
>> and consumer model". I guess you mean "server and client model". The 
>> client can download from the server, and can upload to the server. 
>> During the upload, the client would act as a producer while the 
>> server acts as a consumer.
>>
>> In web technology, "log-in" means session management. A Windows 7 
>> era example: Alice wants to access her Hotmail mailbox. She visits 
>> hotmail.com <http://hotmail.com/>, which redirects her to Windows 
>> Live ID sign-in page. Over there, she either types her username and 
>> password, or selects a smartcard via Windows CardSpace. Windows Live 
>> ID issues a token (as a browser cookie) to Alice, which is accepted 
>> by hotmail.com <http://hotmail.com/> and Alice is able to access her 
>> mailbox. When she finishes, pressing sign-out revokes the token so 
>> that nobody else can use it.
>>
>> The session token / session cookie in web technology is equivalent to 
>> certificate in NDN.
>> The NDN equivalent of the above, assuming using smartcard, is: Alice 
>> issues a certificate for her Hotmail session and have it signed by 
>> her smartcard, she can then access Hotmail with this certificate. 
>> Session ends when the certificate expires.
>> The case with username+password is more complicated in NDN, but still 
>> doable: Alice generates a key pair, and sends a certificate request 
>> along with the username+password to Windows Live ID sign-in service 
>> (the message is encrypted by Windows Live ID site's public key). 
>> After obtaining a certificate from Windows Live ID, Alice can issue 
>> herself a Hotmail session certificate.
>>
>> Yours, Junxiao
>>
>> On Thu, Mar 9, 2017 at 3:56 PM, Lee, Jongdeog <jlee700 at illinois.edu 
>> <mailto:jlee700 at illinois.edu>> wrote:
>>
>>     Dear all,
>>
>>       Hope all of you are doing fine. I have a question regarding NDN
>>     log-in mechanism.
>>
>>       Given that we have producer and consumer model, what would be a
>>     secure (possibly standard) log-in mechanism? Or there is no such
>>     thing in NDN world by assuming that all producer and consumer
>>     have public-private key pairs?
>>
>>     Best wishes,
>>     Jongdeog Lee (JD)
>>
>>
>>
>> _______________________________________________
>> Ndn-interest mailing list
>> Ndn-interest at lists.cs.ucla.edu <mailto:Ndn-interest at lists.cs.ucla.edu>
>> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
>
>
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20170319/d84c9878/attachment.html>