1 / 24

Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses

Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses. Computer Science Department New Mexico State University , USA. Nahid Majd. Satyajayant Misra. Reza Tourani. misra@cs.nmsu.edu. Agenda. Introduction and Motivation Models and Assumptions

nayef
Download Presentation

Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University, USA NahidMajd Satyajayant Misra RezaTourani New Mexico State University, Las Cruces, NM, USA misra@cs.nmsu.edu

  2. Agenda • Introduction and Motivation • Models and Assumptions • Design of Framework • TestbedResults • Conclusion New Mexico State University, Las Cruces, NM, USA

  3. The Cisco Visual Networking Index underlines the need for a high bandwidth content-centric Internet. • High bandwidth video makes 51% of the Internet traffic today and would rise to 54% by 2016; • Sum of all video traffic would become approximately 86% of global traffic; • By 2014, mobile wireless devices will account for 61% of world Internet traffic. New Mexico State University, Las Cruces, NM, USA

  4. What does this traffic trend mean for the future of the Internet? Bandwidth Intensive In the Core At the Edge Throwing Money at the Problem: Unsustainable Current Solution: Place contents closer to the edge using CDNs New Mexico State University, Las Cruces, NM, USA

  5. A typical content delivery hierarchy in today’s Internet. Content Provider CDN Nodes End Users ISP Nodes New Mexico State University, Las Cruces, NM, USA

  6. However, using CDNs does not solve the bandwidth bottleneck problem at the ISPs (the edge). At the Edge CDN ISP Redundant/Duplicate transmissions undermine network performance Solution: In-network caching at the ISP-level. New Mexico State University, Las Cruces, NM, USA

  7. In-network caching at the ISPs will help reduce bandwidth requirement at the ISP level. At the Edge CDN ISP New Mexico State University, Las Cruces, NM, USA

  8. The important concern is, how do we ensurehigh availability of the cached data only to legitimate users? Need for security and access only to authentic users (efficiency and high availability) Plain Data-caching alone is not enough Caching does not automatically guarantee security nor Availability New Mexico State University, Las Cruces, NM, USA

  9. Let’s look at a simplified example of how your content is delivered to your Netflix player from the Netflix server. Amazon EC2 Microsoft’s Individualization Server Netflix Control Server Netflix’s Regular Webserver Netflix License Server Netflix Streaming Server (Akamai, etc.) What happens when EC2 is NOT “E” enough?!? Your Player New Mexico State University, Las Cruces, NM, USA

  10. If the Cloud is down, then the service is down! Last happened in Oct’22, 2012. So near yet so far!! Content is next door, but is inaccessible. New Mexico State University, Las Cruces, NM, USA

  11. These conditions serve as the motivation for this work. A practical security framework for trusted content delivery in ICNs High Availability Security Efficiency In-network caching Broadcast Encryption For legitimate usersonly For more than 20 million users; revocation of 1-2 million users; system re-initialization possible. Tested in a CCNxtestbed New Mexico State University, Las Cruces, NM, USA

  12. We use a Shamir’s secret-sharing based broadcast encryption mechanism* for content security. (n,t)-threshold secret sharing: Requires t+1 users to share secret to decrypt. n: total number of users; t: maximum revocation threshold Server sends t shares, user adds one more to make t+1. * W. Tzeng and Z. Tzeng. A public-key traitor tracing scheme with revocation using dynamic shares. In Public Key Cryptography, pages 207–224, 2001. New Mexico State University, Las Cruces, NM, USA

  13. The basic steps are split between the server and the client, with the operations being heavy on the server-side. Basic Steps in the framework • Server encrypts content using a symmetric key • It generates “n + t” shares • Gives each user one of the shares • Encrypts the key using “t” shares and makes it available • Legitimate user adds his share to create t+1 shares to decrypt the key * W. Tzeng and Z. Tzeng. A public-key traitor tracing scheme with revocation using dynamic shares. In Public Key Cryptography, pages 207–224, 2001. New Mexico State University, Las Cruces, NM, USA

  14. The framework has three basic protocols: First two performed at the server and the last one at the client. Basic Protocols in the framework • Polynomials and shares generation at the server • Enabling block generation and encryption at the server • Secret Extraction at the mobile user Computation at the (mobile) user needs to be minimal We perform pre-computations at the server so user has to perform only O(t)computations to obtain secret key. New Mexico State University, Las Cruces, NM, USA

  15. CCN/NDN Architecture Details: User Registration, Chunk Creation, Packet Naming, Versioning, User Revocation Sequence Numbers: Sequential or Random Versioning: Content and Enabling Block can have different numbers, versions can help with expiration. User Registration and Revocation: Messages transmitted as interests. New Mexico State University, Las Cruces, NM, USA

  16. We have addressed some of the questions pertaining to the handling of system dynamics in the framework. • How to revoke a subscribed user at the end of the subscription? • Can we handle the case where the number of revoked user is more than t the system revocation threshold? • How do we handle new user(s) when the system reaches user capacity? New Mexico State University, Las Cruces, NM, USA

  17. The framework was implemented in a CCNxtestbedto verify its feasibility for mobile users. • CCNx-0.7 codebase. • 3 nodes: Intel Core i7, 8 GB RAM, 2.4 GHz. • Code in C++, compiled with gcc 4.5.2. • GNU multi-precision arithmetic library. • 24.1 MB video hosted using the ccnputfilecommand. • n: 1 M to 20 M in increments of 5 M. • t: 5 K to 40 K in increments of 5 K. • Experiments were run over 100 runs. New Mexico State University, Las Cruces, NM, USA

  18. We implemented two versions: No Server-side Pre-computation (SD) & Server-side Pre-computation (PSD). • No server-side pre-computation => No computation of the Lagrangian interpolation at the server, requiring O(t2) computations at the mobile device. • Server-side pre-computation => The Lagrangian interpolation variables are partially computed at the server; only O(t) computations at the mobile device. New Mexico State University, Las Cruces, NM, USA

  19. Polynomial generation and user shares generation depended on the number of users in the system. Cost increases for large number of users, however, this part can be parallelized easily. New Mexico State University, Las Cruces, NM, USA

  20. The pre-computation at the server adds to the enabling block cost, however the overhead is still modest. Even in PSD, the addition of the enabling block to the content transmission adds only a 0.3% overhead for a 300 MB movie. New Mexico State University, Las Cruces, NM, USA

  21. The extraction at the user with PSD is far better than in SD, hence is recommended. Even when t is 1 million it takes 4.17 seconds (0.06% of a standard Netflix movie time) to extract using one 2.4 GHz processor. New Mexico State University, Las Cruces, NM, USA

  22. Conclusions: Our framework will scale to large number of mobile users • Legitimate users can access content available close-by. • Even when the CP is down! • The framework is tailor-made for mobile users. • It is efficient to scale to several million users • Tested for upto 20 million subscribers. • Number of revoked users upto 1 million. • CCNxtestbed implementation results show promise. New Mexico State University, Las Cruces, NM, USA

  23. Thank You New Mexico State University, Las Cruces, NM, USA misra@cs.nmsu.edu

  24. New Mexico State University, Las Cruces, NM, USA

More Related