Applications for NDN James Kasten University of Michigan Network - - PowerPoint PPT Presentation

applications for ndn
SMART_READER_LITE
LIVE PREVIEW

Applications for NDN James Kasten University of Michigan Network - - PowerPoint PPT Presentation

Feb 13, 2024 281 likes •391 views

Applications for NDN James Kasten University of Michigan Network Authentication Public Key Infrastructure Pairing Keys with Identity or Authority Major Challenges Management Distribution Revocation Renewal Lets

slide-1
SLIDE 1

Applications for NDN

James Kasten University of Michigan

slide-2
SLIDE 2

Network Authentication

 Public Key Infrastructure

 Pairing Keys with Identity or Authority

 Major Challenges

 Management  Distribution  Revocation  Renewal

slide-3
SLIDE 3

Let’s Encrypt

 New Certificate Authority

 Open source  Simple  Automated

 ACME (new protocol)

 Verification  Issuance  Renewal  Revocation

 One command to enable TLS

 sudo letsencrypt

slide-4
SLIDE 4

challenge

chal allen lenge

Let’s Encrypt Trust Model

 Domain validation (DV)

 Similar to trust on first use

example.com

example.com

Let’sEncrypt

slide-5
SLIDE 5

Quick Demo

slide-6
SLIDE 6

Benefits for NDN

 Authority instantiated out of the box

 A framework to receive automated authorizations

 Open mHealth

 Individual service CAs can grant various authorizations  Automatically place authorizations in local IdentityManager

 EBAMS

 Large computing base with few resources

 ACME is lightweight  Local CAs/controllers can propagate trust downwards automatically

slide-7
SLIDE 7

High-level ACME Overview

Client Server Identifier Challenges Account Public Key Responses Verify Responses Authorization Certificate Request Certificate

slide-8
SLIDE 8

High-level ACME Overview

Client Server Identifier Challenges Account Public Key Responses Verify Responses Authorization Certificate Request Certificate

slide-9
SLIDE 9

Potential NDN Challenge Types

 Prove ownership

 resource being verified

 Can be flexible to the organization/application

 Organization or university

 Demonstrate control of associated email address

 Localized CAs - EBAMS

 Simple publishing/receiving content on a particular interface at a particular time

 previous account or “authorized key”

 Publish content under known existing key  Provide proof of ownership of a trusted account or authorization  Recovery Contact (email address)  Bearer Token

slide-10
SLIDE 10

Integrating ACME into NDN

 Define a suitable set of challenges for NDN  Define trust models/verification requirements for

authorization in applications

 Implementation

 Code in progress

 Battle-tested CA source code  Extensible client written in Python

 Necessary Changes

 Redefine CSR/Signing procedure (different format)  Redefine networking code  Define NDN specific challenges