Rendezvous-based access control for information-centric architectures

Information-centric networking (ICN) has been in the spotlight of many research efforts as it shifts the focus from (endpoint) locations to content items themselves. By leveraging content centrism and by using content and content names as the main pillar of all (inter-)networking functions, ICN architectures are expected to overcome many of the limitations of the current Internet architecture. Information-centric networking paradigm also advocates a shift in security solutions: Instead of securing the communication channel, ICN security solutions should secure the content itself. Therefore, end users should be able to access content stored in various locations in the networkeven unsecuredin a private and secure way. Similarly, content owners should not lose the governance of their content items, no matter the network location where they are stored. In this paper, we design, implement, and evaluate an access control delegation mechanism for the publish-subscribe Internet architecture. Our solution does not introduce any new entity; instead it allows semitrusted publish-subscribe Internet rendezvous points to enforce access control policies. Moreover, our solution leverages identity-based proxy re-encryption to protect content confidentiality in the presences of malicious publishers, ie, nodes that host content items and do not respect the access control decisions of the rendezvous point.