상세정보
학술대회
Canary: a Scalable Content Integrity Verifying Protocol for ICN
- 발행일
- 201909
- 출처
- Conference on Information-Centric Networking (ICN) 2019, pp.167-168
- 협약과제
- 19HH1200, 초연결 지능 인프라 원천기술 연구개발, 김선미
- 초록
- The per-packet signature mechanism in NDN is a basic mechanism to provide in-network security. Consumers can validate provenance and integrity with the public key-based signature attached with each Data packet. However, the creation and validation processes of signature cause significant performance bottlenecks in both of consumers and producers. The embedded manifest mechanism was proposed to ease the signing overhead for streaming data producers; a signed manifest packet being composed of digests of subsequent Data packets is inserted per bundle of Data packet while each Data packet has only its digest as SignatureInfo. For a large file, the embedded manifest mechanism still needs producers to sign multiple manifest packets. The basic idea of proposed mechanism, Canary, is to enable per-segment provenance and data integrity validation with only one signing operation of producers even for a large file by exploiting the properties of Merkle tree.
- KSP 제안 키워드
- Content integrity, Data Integrity, Data packet, Data producers, In-network, Merkle tree, Public Key, Streaming Data, network security, performance bottleneck