دانلود رایگان مقاله بازیابی کلیدی Up-to-date برای اطلاعات شبکه محور

Abstract

Information Centric Networking (ICN) leverages in-network caching to provide efficient data distribution and better performance by replicating contents in multiple nodes to bring content nearer the users. Since contents are stored and replicated into node caches, the content validity must be assured end-to-end. Each content object carries a digital signature to provide a proof of its integrity, authenticity, and provenance. However, the use of digital signatures requires a key management infrastructure to manage the key life cycle. To perform a proper signature verification, a node needs to know whether the signing key is valid or it has been revoked. This paper discusses how to retrieve up-to-date signing keys in the ICN scenario. In the usual public key infrastructure, the Certificate Revocation Lists (CRL) or the Online Certificate Status Protocol (OCSP) enable applications to obtain the revocation status of a certificate. However, the push-based distribution of Certificate Revocation Lists and the request/response paradigm of Online Certificate Status Protocol should be fit in the mechanism of named-data. We consider three possible approaches to distribute up-to-date keys in a similar way to the current CRL and OCSP. Then, we suggest a fourth protocol leveraging a set of distributed notaries, which naturally fits the ICN scenario. Finally, we evaluate the number and size of exchanged messages of each solution, and then we compare the methods considering the perceived latency by the end nodes and the throughput on the network links.

7. Conclusion

This paper deals with the problem of content freshness and revocation in ICN scenario. In particular, it compares different centralized, P1 and P2, and distributed, P3 and P4, approaches to distribute up-to-date keys in a NDN-friendly way. We provide the NDN framework with a trust management infrastructure. However, our approach can be straightforwardly extended to other ICN approaches. In particular, we present a proactive method that periodically distributes updated keys to the nodes, two reactive protocols that allow the TA or an intermediate node to send the up-to-date status of the key upon request, and a method where some trusted nodes provide keys on behalf of the TA. Our results show that, even if the communication model undergoes a change, it is possible to maintain the benefits of an NDN network in terms of latency. On the one hand,both P1 and P2 are centralized methods because only one node, the Trusted Authority, can provide the requested key. These methods can be used when the access network is overloaded, however, the TA could become a bottleneck. To overcome this issue, a key delegation scheme could be defined to allow a TA to entrust some other network entities to certify keys. This is a possible direction for an evolution of our work. On the other hand, both P3 and P4 are distributed methods because any cache in the network can send the relevant key. The difference is that P4 further reduces the load towards the Trusted Authority and makes the system more robust to network partitioning. The advantages of P4 come at the expense of additional peerto-peer traffic in the network. As such, P4 works best when the bottleneck is farther from the user, such as in our mesh topology. When the bottleneck link is near to the user, a solution with no peer-to-peer traffic would have better performance.