Hop-by-Hop Authentication in Content-Centric Networking/Named Data Networking
draft-li-icnrg-hopauth-01

Document Type Active Internet-Draft (individual)
Last updated 2019-11-16
Stream (None)
Intended RFC status (None)
Formats plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
On Agenda icnrg at IETF-106
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Information-Centric Networking Research Group                      R. Li
Internet-Draft                                                 H. Asaeda
Intended status: Informational                                      NICT
Expires: May 19, 2020                                  November 16, 2019

   Hop-by-Hop Authentication in Content-Centric Networking/Named Data
                               Networking
                       draft-li-icnrg-hopauth-01

Abstract

   The unpredictability of consumers, routers, copyholders, and
   publishers for the in-network data retrievals in Content-Centric
   Networking (CCN) / Named Data Networking (NDN) poses a challenge to
   design an authentication mechanism to inhibit the malicious consumers
   to flood data requests and prevent the fake data from being provided.
   Signature is adopted as the fundamental function in CCN / NDN, which
   however can only provide publisher authentication with additional
   certificate acquisition.  This document describes the the Hop-by-Hop
   Authentication mechanism (HopAuth) integrating certificate collection
   and packet forwarding potentially with the assistance from
   certificate authority to provide consumer authentication, copyholder
   authentication and path authentication to enable the in-network data
   retrieval to be trustworthy, besides the publisher authentication.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 19, 2020.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Li & Asaeda               Expires May 19, 2020                  [Page 1]
Internet-Draft             HopAuth in CCN/NDN              November 2019

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  System Descriptions . . . . . . . . . . . . . . . . . . . . .   5
   4.  HopAuth Designs . . . . . . . . . . . . . . . . . . . . . . .   7
     4.1.  Initial Trust Establishment . . . . . . . . . . . . . . .   7
     4.2.  Data-centric Certificate Management . . . . . . . . . . .   8
       4.2.1.  Certificate Exchange  . . . . . . . . . . . . . . . .   8
       4.2.2.  Certificate Update and Revocation . . . . . . . . . .   9
     4.3.  Forwarding-Integrated Authenticable Data Retrieval  . . .  10
     4.4.  Suspension-Chain Model (SCM)  . . . . . . . . . . . . . .  11
   5.  Protocol Message Format . . . . . . . . . . . . . . . . . . .  12
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  13
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  13
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  13
     7.2.  Informative References  . . . . . . . . . . . . . . . . .  13
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  15

1.  Introduction

   Information-Centric Networks in general, and Content-Centric
   Networking (CCN) [3] or Named Data Networking (NDN) [4] in
   particular, are the emerging network architectures enabling in-
   network caching and data retrievals through their names.  In CCN/NDN,
   data can be cached at the intermediate routers, close to consumers
   for reducing delay and redundant bandwidth consumption or for the
   robustness under dynamic network environment.  It has been noticed
   that CCN/NDN is a promising approach for the application scenarios in
   disaster networking [5], video streaming [6], and Internet of Things
   (IoT) [8].

   In CCN/NDN, the basic network operations and these use scenarios with
   in-network data caching and retrievals lead the network to be
   seriously vulnerable under a variety of attacks, such as the
   impersonation attack, malicious-request attack [9], [10], [11], and
Show full document text