[Ndn-interest] Regarding NDN packet security

kundan saha kundansaha at gmail.com
Mon Dec 25 03:09:10 PST 2023 

Hi Shashank,

Welcome to the NDN world. Glad that you are studying in NITK, my alma
mater. To answer your question:

1. You need to understand how public keys are secure and how PKI works.
Imagine a public key as your email ID and password as your private key.
Anyone can send you a message using your email ID. But only you can read it
with your password. Although not exactly the same, they work in similar
fashion. So the public key itself is not enough to decrypt data. You need
the private key as well.

2. It is computationally hard to decipher the private key due to the
Discrete Logarithm Problem. All the known algorithms require exponential
time with respect to the number of bits of the private key. With
sufficiently large keys, it would take so much time to compute one key that
the world would end before that! And the private key usually doesn't leave
the owner's machine, unless he or she accesses it in a public computer with
keyloggers installed or someone is shoulder surfing. For such situations,
nowadays multifactor authentication is used. There are other attacks but
with many layers of security they are prevented. An anomaly in the user
behavior such as access from unusual IP indicates compromised keys. In such
situations new key pairs are easily generated and updated.

Hope this answers your question.

Best,
-Kundan

On Mon, Dec 25, 2023 at 12:32 PM Shashank G via Ndn-interest <
ndn-interest at lists.cs.ucla.edu> wrote:

> Hi all,
>
> I am Shashank, a sophomore at National Institute of Technology, Karnataka
> from India. I recently began exploring NDN and have been fascinated by its
> data security aspect. However, since I am new to the field, I have quite a
> few doubts regarding the same, and I was hoping for your patience and
> guidance to clarify them.
>
> 1) I was trying to understand how cryptographically signing packets works,
> and have got a certain grasp of it's advantages, however, I had a doubt -
> If the public keys themselves are named, then with the right naming
> convention, couldn't an attacker get access to data that he is not supposed
> to view. How is this prevented?
>
> 2) Is there any mechanism to detect if the producer of data has been
> compromised, i.e, his private key has been obtained by a third party? If
> so, since the certificates are cached, how do we detect if the producer is
> safe or not?
>
> I look forward to learning a lot here and eagerly await your response.
> Thank you.
>
> Yours sincerely,
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> https://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20231225/678fc5ad/attachment.html>

More information about the Ndn-interest mailing list