2nd ACM Conference on Information-Centric Networking (ICN 2015), Sep. 30 - Oct. 2, 2015
Tutorial NDN: Security & Synchronization in Named Data Networking (NDN)
- Hila Ben Abraham (Washington University St. Louis)
- Alex Afanasyev (UCLA)
- Jeff Burke (UCLA)
- Steve DiBenedetto (Colorado State University)
- Jeff Thompson (UCLA)
- Yingdi Yu (UCLA)
- Lixia Zhang (UCLA)
Named Data Networking (NDN) is one of the most prominent ICN architectures and software platforms available to the research community. The NDN codebase is published under an open source license and widely used in experimentation; a 22+ node international testbed is available for research use. For several years, the NDN project team has presented tutorials to introduce the basics of the architecture and its software platform to researchers, both to promote related research and to encourage community contribution to the open source software platform. Previous tutorials have focused primarily on introductory material — in particular, Interest/Data exchange mechanisms and basic content verification. However, many of the field’s most interesting research challenges lie in areas that build on these basics. In particular, mechanisms for access control and trust verification, along with next-generation transport protocols building on Interest/Data exchange, are important areas of work for the NDN project team.
Type of TutorialHands-on tutorial with a lecture interlude at lunch. We expect the duration of the tutorial to be a full day, approximately 7.5 hours including a 1-hour working lunch break.
- Welcome and introduction, recap of architecture and key open challenges, motivation of tutorial topics and review of agenda. (15 minutes)
- Setup of the tutorial example. The day’s goal: Build a secure, peer-to-peer browser-based messaging system (ala Twitter) for the tutorial participants to communicate with, using NDN to provide Firebase-like features without cloud infrastructure. (15 minutes)
Recap and local testing of NDN software platform. Objective: Understand and (if applicable) verify your own NDN installation, get and install a signed certificate, and connect to the tutorial’s forwarder(s) from NDN-JS, creating a skeleton application to build upon below. Configuring a local instance of NFD is optional to complete the example. (45 minutes)
- Introduction to NDN libraries, focusing on NDN-JS
- How the NFD forwarder(s) are configured in the tutorial, including typical configuration concerns. Setting up your own forwarder (optional).
- Creating, signing, and installing certificates for use by the forwarder and NDN-JS — participants will create an identity (cert) for their forwarder, if applicable, and a “master” identity (cert) for themselves.
- Autoconfiguration (getting a local publishing prefix, including API hooks).
- Local repository: repo-ng or HTML5 equivalent.
- Multi-party Synchronization. Objective: Extend the skeleton NDN-JS application above to implement Firebase-style distributed data sharing between browsers of the tutorial participants. (90 minutes) This serves as a hands-on introduction to “sync” as a transport protocol built on NDN. Using the Chronosync-based experimental implementation in NDN-JS, build a simple browser application with features similar to Firebase. (https://www.firebase.com/)
Working lunch: Recap of high-level motivation. Two short lectures, total of 60 minutes.
- Review Sync high-level concept: Synchronization as a new transport approach, open questions, and envisioned use cases. From general sync concept to specific sync designs — example of ChronoSync and its NDN-JS experimental implementation. (30 minutes)
- Transition to afternoon — continuation of Twitter example discussion — How we will build on these basic features to provide trust verification and access control. (30 minutes)
Trust verification. Objective: Add trust verification to the Twitter/Firebase
hierarchical verification of application-specific certificates. This will demonstrate
verification for incoming Data using the security library as implemented in NDN-JS. (90
- a. Each participant will generate a certificate corresponding to their identity in this application, and sign it with the personal cert created in step #3c. Brief review of certificate format and open research questions. (30 minutes)
- Together, we’ll add code to the example application to provide verification that messages are from authorized members of the tutorial group. This session will include a brief overview of the policy configuration language as made available in NDN-JS. (45 minutes)
- Pointers to how other types of verification (e.g., “web of trust”) might be implemented using the available libraries. Discussion of open research questions. (15 minutes)
- Access control. Objective: Update the application to provide basic encryption-based access control, using the previously issued keys for asymmetric encryption. (90 minutes) This section will demonstrate basic encryption-based access control and key exchange. For example, each application instance will create a new encryption key for messages generated by that instance, which is then encrypted on-demand using the public key of other tutorial participants and stored in a repository for persistence.
Requirements for the Attendees