[Ndn-interest] Secure Log-in mechanism in NDN

Lan Wang (lanwang) lanwang at memphis.edu
Sun Mar 19 12:43:30 PDT 2017

Jongdeog’s question is about access control.  Rather than emulating how the current solutions work, an NDN producer can encrypt the data and distribute the data decryption key to the user (using the user’s public key to encrypt the data decryption key).  See "Name-Based Access Control." Y. Yu, A. Afanasyev, L. Zhang.
NDN, Technical Report NDN-0034. https://named-data.net/publications/techreports/ndn-0034-2-nac/


On Mar 19, 2017, at 7:19 AM, Junxiao Shi <shijunxiao at email.arizona.edu<mailto:shijunxiao at email.arizona.edu>> wrote:

Hi Jongdeog

First of all, any NDN application, including ndnping, has a "producer and consumer model". I guess you mean "server and client model". The client can download from the server, and can upload to the server. During the upload, the client would act as a producer while the server acts as a consumer.

In web technology, "log-in" means session management. A Windows 7 era example: Alice wants to access her Hotmail mailbox. She visits hotmail.com<http://hotmail.com/>, which redirects her to Windows Live ID sign-in page. Over there, she either types her username and password, or selects a smartcard via Windows CardSpace. Windows Live ID issues a token (as a browser cookie) to Alice, which is accepted by hotmail.com<http://hotmail.com/> and Alice is able to access her mailbox. When she finishes, pressing sign-out revokes the token so that nobody else can use it.

The session token / session cookie in web technology is equivalent to certificate in NDN.
The NDN equivalent of the above, assuming using smartcard, is: Alice issues a certificate for her Hotmail session and have it signed by her smartcard, she can then access Hotmail with this certificate. Session ends when the certificate expires.
The case with username+password is more complicated in NDN, but still doable: Alice generates a key pair, and sends a certificate request along with the username+password to Windows Live ID sign-in service (the message is encrypted by Windows Live ID site's public key). After obtaining a certificate from Windows Live ID, Alice can issue herself a Hotmail session certificate.

Yours, Junxiao

On Thu, Mar 9, 2017 at 3:56 PM, Lee, Jongdeog <jlee700 at illinois.edu<mailto:jlee700 at illinois.edu>> wrote:
Dear all,

  Hope all of you are doing fine. I have a question regarding NDN log-in mechanism.

  Given that we have producer and consumer model, what would be a secure (possibly standard) log-in mechanism? Or there is no such thing in NDN world by assuming that all producer and consumer have public-private key pairs?

Best wishes,
Jongdeog Lee (JD)

Ndn-interest mailing list
Ndn-interest at lists.cs.ucla.edu<mailto:Ndn-interest at lists.cs.ucla.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20170319/6e3c6e9c/attachment-0001.html>

More information about the Ndn-interest mailing list