Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University,

Similar presentations


Presentation on theme: "Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University,"— Presentation transcript:

1 Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University, USA New Mexico State University, Las Cruces, NM, USA Satyajayant MisraReza Tourani Nahid Majd

2 Agenda Introduction and Motivation Models and Assumptions Design of Framework Testbed Results Conclusion New Mexico State University, Las Cruces, NM, USA

3 High bandwidth video makes 51% of the Internet traffic today and would rise to 54% by 2016; Sum of all video traffic would become approximately 86% of global traffic; By 2014, mobile wireless devices will account for 61% of world Internet traffic. New Mexico State University, Las Cruces, NM, USA The Cisco Visual Networking Index underlines the need for a high bandwidth content-centric Internet.

4 What does this traffic trend mean for the future of the Internet? New Mexico State University, Las Cruces, NM, USA Bandwidth Intensive

5 A typical content delivery hierarchy in today’s Internet. New Mexico State University, Las Cruces, NM, USA Content ProviderCDN Nodes ISP Nodes End Users

6 However, using CDNs does not solve the bandwidth bottleneck problem at the ISPs (the edge). New Mexico State University, Las Cruces, NM, USA Redundant/Duplicate transmissions undermine network performance Solution: In-network caching at the ISP-level.

7 In-network caching at the ISPs will help reduce bandwidth requirement at the ISP level. New Mexico State University, Las Cruces, NM, USA

8 The important concern is, how do we ensure high availability of the cached data only to legitimate users? New Mexico State University, Las Cruces, NM, USA

9 Let’s look at a simplified example of how your content is delivered to your Netflix player from the Netflix server. New Mexico State University, Las Cruces, NM, USA Microsoft’s Individualization Server Netflix Control ServerNetflix’s Regular Webserver Netflix License ServerNetflix Streaming Server (Akamai, etc.) Amazon EC2 Your Player

10 If the Cloud is down, then the service is down! New Mexico State University, Las Cruces, NM, USA

11 These conditions serve as the motivation for this work. New Mexico State University, Las Cruces, NM, USA For more than 20 million users; revocation of 1-2 million users; system re- initialization possible.

12 We use a Shamir’s secret-sharing based broadcast encryption mechanism* for content security. New Mexico State University, Las Cruces, NM, USA n: total number of users; t: maximum revocation threshold Server sends t shares, user adds one more to make t+1. * W. Tzeng and Z. Tzeng. A public-key traitor tracing scheme with revocation using dynamic shares. In Public Key Cryptography, pages 207–224, 2001.

13 The basic steps are split between the server and the client, with the operations being heavy on the server-side. New Mexico State University, Las Cruces, NM, USA  Server encrypts content using a symmetric key  It generates “n + t” shares  Gives each user one of the shares  Encrypts the key using “t” shares and makes it available  Legitimate user adds his share to create t+1 shares to decrypt the key * W. Tzeng and Z. Tzeng. A public-key traitor tracing scheme with revocation using dynamic shares. In Public Key Cryptography, pages 207–224, 2001.

14 The framework has three basic protocols: First two performed at the server and the last one at the client. New Mexico State University, Las Cruces, NM, USA  Polynomials and shares generation at the server  Enabling block generation and encryption at the server  Secret Extraction at the mobile user We perform pre-computations at the server so user has to perform only O(t) computations to obtain secret key.

15 CCN/NDN Architecture Details: User Registration, Chunk Creation, Packet Naming, Versioning, User Revocation New Mexico State University, Las Cruces, NM, USA Sequence Numbers: Sequential or Random Versioning: Content and Enabling Block can have different numbers, versions can help with expiration. User Registration and Revocation: Messages transmitted as interests.

16 We have addressed some of the questions pertaining to the handling of system dynamics in the framework. New Mexico State University, Las Cruces, NM, USA How to revoke a subscribed user at the end of the subscription? Can we handle the case where the number of revoked user is more than t the system revocation threshold? How do we handle new user(s) when the system reaches user capacity?

17 The framework was implemented in a CCNx testbed to verify its feasibility for mobile users. New Mexico State University, Las Cruces, NM, USA CCNx-0.7 codebase. 3 nodes: Intel Core i7, 8 GB RAM, 2.4 GHz. Code in C++, compiled with gcc GNU multi-precision arithmetic library MB video hosted using the ccnputfile command. n: 1 M to 20 M in increments of 5 M. t: 5 K to 40 K in increments of 5 K. Experiments were run over 100 runs.

18 We implemented two versions: No Server-side Pre- computation (SD) & Server-side Pre-computation (PSD). New Mexico State University, Las Cruces, NM, USA No server-side pre-computation => No computation of the Lagrangian interpolation at the server, requiring O(t 2 ) computations at the mobile device. Server-side pre-computation => The Lagrangian interpolation variables are partially computed at the server; only O(t) computations at the mobile device.

19 Polynomial generation and user shares generation depended on the number of users in the system. New Mexico State University, Las Cruces, NM, USA Cost increases for large number of users, however, this part can be parallelized easily.

20 The pre-computation at the server adds to the enabling block cost, however the overhead is still modest. New Mexico State University, Las Cruces, NM, USA Even in PSD, the addition of the enabling block to the content transmission adds only a 0.3% overhead for a 300 MB movie.

21 The extraction at the user with PSD is far better than in SD, hence is recommended. New Mexico State University, Las Cruces, NM, USA Even when t is 1 million it takes 4.17 seconds (0.06% of a standard Netflix movie time) to extract using one 2.4 GHz processor.

22 Conclusions: Our framework will scale to large number of mobile users New Mexico State University, Las Cruces, NM, USA Legitimate users can access content available close-by. Even when the CP is down! The framework is tailor-made for mobile users. It is efficient to scale to several million users Tested for upto 20 million subscribers. Number of revoked users upto 1 million. CCNx testbed implementation results show promise.

23 Thank You New Mexico State University, Las Cruces, NM, USA

24 New Mexico State University, Las Cruces, NM, USA


Download ppt "Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University,"

Similar presentations


Ads by Google