A Distributed Capability Access Control Scheme in Information-Centric Networking
Summary :
Enforcing access control policies in Information-Centric Networking (ICN) is difficult due to there being multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. To address these problems, we propose a distributed capability access control scheme for ICN. The proposed scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from the consumer. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contacting access control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. The performance analysis and implementation show that the proposed scheme is feasible and more efficient than other access control schemes.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E99-B No.5 pp.1121-1130
- Publication Date
- 2016/05/01
- Publicized
- Online ISSN
- 1745-1345
- DOI
- 10.1587/transcom.2015EBP3347
- Type of Manuscript
- PAPER
- Category
- Network
Authors
Jung-Hwan CHA
Korea University
Youn-Hee HAN
Korea University of Technology and Education
Sung-Gi MIN
Korea University
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Jung-Hwan CHA, Youn-Hee HAN, Sung-Gi MIN, "A Distributed Capability Access Control Scheme in Information-Centric Networking" in IEICE TRANSACTIONS on Communications,
vol. E99-B, no. 5, pp. 1121-1130, May 2016, doi: 10.1587/transcom.2015EBP3347.
Abstract: Enforcing access control policies in Information-Centric Networking (ICN) is difficult due to there being multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. To address these problems, we propose a distributed capability access control scheme for ICN. The proposed scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from the consumer. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contacting access control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. The performance analysis and implementation show that the proposed scheme is feasible and more efficient than other access control schemes.
URL: https://globals.ieice.org/en_transactions/communications/10.1587/transcom.2015EBP3347/_p
Copy
@ARTICLE{e99-b_5_1121,
author={Jung-Hwan CHA, Youn-Hee HAN, Sung-Gi MIN, },
journal={IEICE TRANSACTIONS on Communications},
title={A Distributed Capability Access Control Scheme in Information-Centric Networking},
year={2016},
volume={E99-B},
number={5},
pages={1121-1130},
abstract={Enforcing access control policies in Information-Centric Networking (ICN) is difficult due to there being multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. To address these problems, we propose a distributed capability access control scheme for ICN. The proposed scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from the consumer. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contacting access control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. The performance analysis and implementation show that the proposed scheme is feasible and more efficient than other access control schemes.},
keywords={},
doi={10.1587/transcom.2015EBP3347},
ISSN={1745-1345},
month={May},}
Copy
TY - JOUR
TI - A Distributed Capability Access Control Scheme in Information-Centric Networking
T2 - IEICE TRANSACTIONS on Communications
SP - 1121
EP - 1130
AU - Jung-Hwan CHA
AU - Youn-Hee HAN
AU - Sung-Gi MIN
PY - 2016
DO - 10.1587/transcom.2015EBP3347
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E99-B
IS - 5
JA - IEICE TRANSACTIONS on Communications
Y1 - May 2016
AB - Enforcing access control policies in Information-Centric Networking (ICN) is difficult due to there being multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. To address these problems, we propose a distributed capability access control scheme for ICN. The proposed scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from the consumer. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contacting access control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. The performance analysis and implementation show that the proposed scheme is feasible and more efficient than other access control schemes.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
