<div dir="ltr"><div dir="ltr">Hi Shashank,<div><br></div><div>Welcome to the NDN world. Glad that you are studying in NITK, my alma mater. To answer your question:</div><div><br></div><div>1. You need to understand how public keys are secure and how PKI works. Imagine a public key as your email ID and password as your private key. Anyone can send you a message using your email ID. But only you can read it with your password. Although not exactly the same, they work in similar fashion. So the public key itself is not enough to decrypt data. You need the private key as well.</div><div><br></div><div>2. It is computationally hard to decipher the private key due to the Discrete Logarithm Problem. All the known algorithms require exponential time with respect to the number of bits of the private key. With sufficiently large keys, it would take so much time to compute one key that the world would end before that! And the private key usually doesn't leave the owner's machine, unless he or she accesses it in a public computer with keyloggers installed or someone is shoulder surfing. For such situations, nowadays multifactor authentication is used. There are other attacks but with many layers of security they are prevented. An anomaly in the user behavior such as access from unusual IP indicates compromised keys. In such situations new key pairs are easily generated and updated.</div><div><br></div><div>Hope this answers your question.</div><div><br></div></div>Best,<div>-Kundan</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Dec 25, 2023 at 12:32 PM Shashank G via Ndn-interest <<a href="mailto:ndn-interest@lists.cs.ucla.edu">ndn-interest@lists.cs.ucla.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi all,<br><br></div>I am Shashank, a sophomore at National Institute
of Technology, Karnataka from India. I recently began exploring NDN and
have been fascinated by its data security aspect. However, since I am
new to the field, I have quite a few doubts regarding the same, and I
was hoping for your patience and guidance to clarify them.<br><br><div>1)
I was trying to understand how cryptographically signing packets works,
and have got a certain grasp of it's advantages, however, I had a doubt
- If the public keys themselves are named, then with the right naming
convention, couldn't an attacker get access to data that he is not
supposed to view. How is this prevented?<br><br></div><div>2) Is there
any mechanism to detect if the producer of data has been compromised,
i.e, his private key has been obtained by a third party? If so, since
the certificates are cached, how do we detect if the producer is safe or
not?<br><br></div><div>I look forward to learning a lot here and eagerly await your response. Thank you.<br></div><div><br></div><div>Yours sincerely,</div></div>
_______________________________________________<br>
Ndn-interest mailing list<br>
<a href="mailto:Ndn-interest@lists.cs.ucla.edu" target="_blank">Ndn-interest@lists.cs.ucla.edu</a><br>
<a href="https://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest" rel="noreferrer" target="_blank">https://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest</a><br>
</blockquote></div></div></div>