CCN-KRS: A Key Resolution Service for CCN

Abstract

One key feature of the CCN design is the requirement for each content object to be individually secured by its producer. Thus, CCN should be, in principle, immune to distributing fake content. However, in practice, the network cannot easily detect and drop fake content as the trust context, i.e., what public key(s) is/are trusted to verify which content, is an application dependent concept. CCN provides mechanisms for consumers to be able to request content restricted by its signers public key or the cryptographic digest of the content object to avoid receiving untrustworthy content. However, it does not provide any mechanisms to learn such information prior to requesting a content. In this paper, we present a scalable key resolution service (KRS) that can securely store and serve corresponding security information (e.g., public key certificates of producers) for a namespace in CCN.We implement KRS as an ndnSIM module, discuss and create the necessary methodology to evaluate such a distributed system, and evaluate the feasibility and scalability of our design via simulations.