UCLA

Named Data Networking (NDN) is a proposed Internet architecture, which changes the network communication model from “speaking to a host” to “retrieving data from network”. Such data-centric communication model requires a data-centric security model, which secures data directly rather than authenticating the host where data is retrieved from and securing the channel through which data is delivered, so that data can be safely distributed into arbitrary untrusted storage and retrieved over untrusted network.

The data-centric security model consists of two parts: data-centric authenticity and data-centric confidentiality. NDN achieves data-centric authenticity by mandating per packet signature, and data-centric confidentiality by data encryption. While the idea is straightforward, we observed that usability of data-centric security of NDN prevents developers from enabling security in their applications. This dissertation presents a security framework to automate data-centric security of NDN and reduce the enabling overhead. To achieve that, we designed NDN certificate system to facilitate public key distribution in NDN; we designed Trust Schema, a name-based policy language to specify trust model, in order to automate fine-grained data authentication; we designed a timestamp service DeLorean to address the authenticity problem of archival data; and we also designed an access control protocol Name-based Access Control to automate data-centric confidentiality at fine granularities.