[ieee 2013 12th annual mediterranean ad hoc networking workshop (med-hoc-net) - ajaccio, france...

Social Network Based Security Scheme in Mobile Information-Centric Network

You Lu, Zhiyang Wang, Yu-Ting Yu, Ruolin Fan, Mario Gerla

Department of Computer Science University of California, Los Angeles

Los Angeles, CA 90095, USA {youlu, seanwangsk, yutingyu, ruolinfan, gerla}@cs.ucla.edu

Abstract—With the spread of mobile Internet, users have increased opportunities to retrieve content from the content producer via the application in mobile information-centric network. For security consideration, the content data must be encrypted and the content producer must be authenticated. Content data is signed by the producer and delivered to the requester via the public-key cryptography. A Certificate Authority (CA) generally verifies the binding between public-key and the producer identity. However, CA verification is not suitable in a mobile information-centric network where connection to a CA cannot be guaranteed. In this paper, we propose a social network based security scheme to verify the public-key and producer identity binding. The proposed scheme is evaluated on an artificial social network model first and is then validated on a real social network data.

Keywords—security; social network; information-centric network

I. INTRODUCTION With the development of mobile ad hoc network,

people have easy access to their interesting information using mobile devices. The growing requirement of the content retrieval has created increasing attention to information-centric networks (ICNs) in both academia and industry.

ICN is designed for content data search and retrieval, offering an alternative approach to IP-based computer networking. In ICN, users focus on the content they are interested in. They need not know where this content is stored and by whom it is carried. Each content data is identified by a unique name from the hierarchical naming scheme. The content retrieval follows the query-reply mode. Content requester spreads his Interest packet through the network. When matching content is found either in the content producer or at an intermediate content cache server, the content data will trace its way back to the content request along the reversed route of the incoming Interest. Several existing ICN proposals have been studied and implemented in Internet and MANET test beds. CCN

[1] and NDN [2] are two popular designs for the ICN implementation in Internet. Vehicle-NDN [3] and MANET-CCN [4] are two examples of the ICN architecture in mobile ad hoc network, and address the mobility challenge in content retrieval.

Since the purpose of ICN is to obtain the content data requested by the requester, there is a growing motivation to validate the content received from other users to avoid security breaches. For example, a malicious intermediate node may penetrate security and replace parts of the message content in a multi-hop wireless network. This is known as the man in the middle attack. In other scenarios, attackers may impersonate the sender, etc.

Security consideration for the ICN application mainly contains two aspects, the trust of the content producer and the integrity of the data. The trust authentication scheme [5] answers the question of how trustworthy the content producer is. The existing public-key cryptography [6] and PKI [7] schemes can be used in ICN to provide adequate security.

Public-key cryptography refers to a cryptographic system requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages.

The Public-Key Infrastructure (PKI) system is used to verify the binding relationship between the public-key and the user identity in public-key cryptography scheme. However, the current PKI scheme has been considered inefficient, unusable and difficult to deploy, especially for the mobile application scenario. For example, in the application scenario of vehicular network without any infrastructure, the PKI service is unusable. Mobile ICN needs a more flexible and usable mechanism to verify the binding relationship of the user identity and public-key.

978-1-4799-1004-5/13/$31.00 ©2013 IEEE

2013 12th Annual Mediterranean Ad Hoc Networking Workshop (MED-HOC-NET)

1

In this paper, we propose a social network based security scheme to solve both authenticity and integrity problem for the mobile information-centric network application. Our scheme allows user to verify the content producer identity and its public-key binding relationship by retrieving the identity bundle from a trust social network. We evaluate the scheme in a large social network and report its performance in terms of scalability and practicability.

The rest of the paper is organized as follows. Related work is briefly reviewed in section II. The proposed security scheme is described in section III. Experiment results are presented in section IV. Conclusions follow in section V.

II. RELATED WORKS In this section, we review the general idea of

information-centric network, and discuss its security consideration in ICN in terms of the public-key cryptography and PKI scheme.

A. Information-Centric Network Information-centric network is an alternative approach

to the architecture of IP-based computer networks. The basic principle is that user only needs to focus on his interested content data, rather than having to reference a specific, physical location where that data is to be retrieved from. ICN differs from IP-based routing in three aspects. First, all content is identified or named by the hierarchical naming scheme. Name becomes the object of request. Second, carefully designed caching system among the entire network helps the content distribution and provides the native features to support many applications, e.g., multicast. Third, the packet communication follows the form of query-reply mode. User (content requester) spreads his interested content name in the “Interest” packet to the network. When one “Interest” packet hits the content name in intermediate cache server or the media server (content producer), the content data packets will be forwarded back to the content requester along the reversed route of the incoming Interest.

A number of previous studies focused on the ICN with high level architectures and provided sketches of the required components. Content-Centric Network (CCN) [1] and Named Data Network (NDN) [2] are two well-known proposals for the ICN implementation in Internet. Their components including FIT, PIT, and Content Store form the caching and forwarding system for the content data transmission in the Internet application. Meanwhile, several mobile ICN architectures have been proposed for the mobile ad hoc scenario, e.g., Vehicle-NDN [3] for the traffic information dissemination in vehicular networks, and MANET-CCN [4] for the tactical and emergency application in MANETs.

Communication in ICN is driven by the receiving end, i.e., the data requester. To receive data, a requester sends out an Interest packet, which carries a name that identifies the desired data, as shown in Figure 1. For example, a requester may request /parc/videos/WidgetA.mpg. A router remembers the interface from which the request comes in, and then forwards the Interest packet by looking up the name in its Forwarding Information Base (FIB), which is populated by a name-based routing protocol. Once the Interest reaches a node that has the requested data, a Data packet is sent back, which carries both the name and the content of the data, together with a signature by the producer’s key, as shown in Figure 1. This Data packet traces in reverse the path created by the Interest packet back to the requester. Note that neither Interest nor Data packets carry any host or interface addresses (such as IP addresses); Interest packets are routed towards data producers based on the names carried in the Interest packets, and Data packets are returned based on the state information set up by the Interests at each router hop, as shown in Figure 2.

Figure 1. Packets in ICN.

Figure 2. Forwarding process in an ICN node.

ICN routers keep both Interests and Data for some period of time. When multiple Interests for the same data are received from downstream, only the first Interest is sent upstream towards the data source. The router then stores the Interest in the Pending Interest Table (PIT), where each entry contains the name of the Interest and a set of interfaces from which the matching Interests have


2

been received. When the Data packet arrives, the router finds the matching PIT entry and forwards the data to all the interfaces listed in the PIT entry. The router then removes the corresponding PIT entry, and caches the Data in the Content Store, which is basically the router’s buffer memory subject to a cache replacement policy. Data takes the exact same path as the Interest that solicited it, but in the reverse direction. One Data satisfies one Interest across each hop, achieving hop-by-hop flow balance.

To assure the authenticity and integrity of data, the consumer must trust the host who holds the data, and use secure mechanisms to identity, locate, and retrieve data from that host. Securing data directly reduces the trust we must place in network intermediaries. Applications communicating by names can seal data by the original producer at creation time. This leaves only one problem to solve: securing the link between a name and its content. ICN uses application data names to make data available as a mapping triple, as shown in (1), where is the content name, is the content data, and is the signature signed by the content producer.

(1)

In ICN, security is built into data itself, rather than being a function of where, or how, it is obtained. Each piece of data is signed together with its name, securely binding them. Data signatures are mandatory. The signature, coupled with data publisher information, enables determination of data provenance, allowing the consumer’s trust in data to be decoupled from how (and from where) data is obtained. It also supports fine-grained trust, allowing consumers to reason about whether a public key owner is an acceptable publisher for a particular piece of data in a specific context.

B. Public-Key Cryptography The existing public-key cryptography and PKI

schemes can be used in ICN to secure the data transmission.

Public-key cryptography uses asymmetric key algorithms and can also be referred to by the more generic term "asymmetric key cryptography." The algorithms used for public key cryptography are based on mathematical relationships (the most notable ones being the integer factorization and discrete logarithm problems) that presumably have no efficient solution. Although it is computationally easy for the intended recipient to use its private key to decrypt the message, and it is easy for the sender to encrypt the message using the public key, it is practically impossible for anyone to derive the private key, based only on their knowledge of the public key. This is why, unlike symmetric key algorithms, a public key algorithm does not require a secure initial exchange of one (or more) secret keys between the sender and receiver. The

use of these algorithms also allows the authenticity of a message to be checked by creating a digital signature of the message using the private key, which can then be verified by using the public key. In practice, only a hash of the message is typically encrypted for signature verification purposes.

C. PKI The Public-Key Infrastructure (PKI) system is used to

verify the public-key and the user identity binding relationship in public-key cryptography scheme.

A public-key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository, and revokes them if needed. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA). The RA ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation. Generally, a PKI system consists of the following five components: 1) A certificate authority (CA) that both issues and verifies the digital certificates. 2) A registration authority which verifies the identity of users requesting information from the CA. 3) A central directory, i.e., a secure location in which to store and index keys. 4) A certificate management system. 5) A certificate policy.

However, the current PKI scheme has some disadvantages. The centralized design of PKI system suffers from single point failure, traffic congestion, and triangle routing problems. Moreover, for the mobile application scenario, the implementation of PKI scheme is very expensive to deploy and maintain. Therefore, ICN needs a more flexible and usable mechanisms to verify the public-key and identity than the PKI scheme. Some key management methods have been proposed which have no need of PKI, such as the group key management and disclosure scheme [8]. And the web of trust [9] is also considered as no PKI system. But they are not suitable for the mobile ICN content retrieval.

[5] describes a social network based trust authentication scheme which utilize the social relationship to propagate the trust score to determine it is trustworthy or not. We are inspired that the social network can also be used in the key distribution system. In next section, we


3

describe the proposed social network based security scheme to solve this authenticity and integrity problem.

III. PROTOCOL DESIGN In this section, we propose a social network based

security scheme. The goal is to provide a public-key and identity binding method protected by the public key cryptography based on the social trust graph.

A. Assumptions Each user can generate his initial identity bundle.

The social graph is a connected graph, in which each node is connected to any other node directly or indirectly. We cannot propagate the identity bundle of an isolated node since there is no route to reach it from other users.

Trust definition: the trust is a subjective assessment by a member (i.e. a node) of the social graph. It represents the reliability and accuracy of the public-key and identity binding that can be obtained from a node in the graph.

The trust relationship between two nodes is reliable (i.e. permanent) and a node cannot betray its friends.

Based on the above assumptions, the proposed authentication provides secure public-key retrieval for a user if there is a route to connect it and propagate its identity bundle to nodes that trust it.

B. Identity Bundle Our design solves the binding relationship between the

public-key and identity. We first present the binding relationship as an Identity Bundle (IB). An identity bundle consists of two parts: identity-id and its public-key, as shown in (2).

Identity Bundle: <identity-id, public-key> (2) Identity-id could be any information identifying the

user’s identity. Each user is allowed to have multiple identity-ids as in real life each person has multiple identification numbers , e.g., passport number, social security number, Facebook account number, etc. The user who wants multiple identity-ids can generate a different identity bundle for each of his ids, as some application may need multiple verifications for some security reason. Also, if a user has multiple public-keys, he could build each identity bundle for each public-key with the same identity-id.

One identity bundle represents the binding relationship of the user identity and his public-key. As a data unit, the identity bundle can also be encrypted by one’s private-key and decrypted by the associated-public key.

C. Social Trust Graph We build a social trust graph as an overlay network

above the physical MANET to represent the trust relationship among users. Each node represents a user’s identity-id in this graph. And each link between two nodes represents an acknowledgement of the binding between the identity-id and the public-key among two friends. The link is directional. As an example, if node A has a link to node B, that means node A can verify public-key & ID bundle of node B. This authority comes from one of many possible way, e.g., node B gave his identity bundle to node A in person, or node A has obtained and confirmed node B’s identity bundle from other trustworthy friends, etc. In this way, after node A confirms node B’s identity bundle, node A will sign this identity bundle using its own private key, and keep both the signature and node B’s identity bundle into node A’s local identity bundle table, as shown in Figure 3.

A B

Node A’sIdentity Bundle Table

<B_entity, B_pub_key>, A_signature<C_entity, C_pub_key>, A_signature

…... Figure 3. Node A’s identity bundle table.

Meanwhile, if node B also keeps and signed node A’s identity bundle, there is another directional link from node B to node A. As a result, node A and node B will have a bi-directional link between each other. The number of the outgoing links for a given node is the same as the number of entries in his identity bundle table.

A user who wants to participate in this security system will have to give his identity bundle to his closest and trustworthy friends. The more neighbors he gave his identity bundle to, the better the performance of his public-key retrieval in the application will be. After this initialization phase, through path exploring and identity bundle exchange, all the participants will build directional links with some other nodes and form a social trust graph. The connections between nodes will be gradually increased, as shown in Figure 4. A unidirectional link means that only one end node has the identity bundle of the other end. A bi-directional link means that both end nodes have each other’s identity bundle.


4

C

BA

D

Figure 4. Social Trust Graph.

D. Identity Bundle Retrieval As described in section C, the user’s identity bundle is

signed and kept hop by hop in the directional social trust graph. This design makes it possible to propagate the identity bundle along the friend chain from one node to some other nodes. Consider the example in Figure 5, where node A wants to get D’s public key. Node A finds a path on the social graph to D and sends its request. We note that node C has a link to D thus it must have kept and signed the identity bundle of node D. If node B retrieves the identity bundle of node D with its signature from node C, node B can verify it using the public-key of node C which is stored in node B’s identity bundle table. And then node B will sign node D’s identity bundle using node B’s private-key and send it to node A. A will again verify this node D’s identity bundle using node B’s public-key from node A’s identity bundle table. In this way, the public-key of node D is relayed by each hop from node D’s direct neighbor in this social trust graph to the key requester which is node A.

C

BA

D

D_pub_key

Figure 5. Identity bundle propagation.

E. Identity Bundle Query In ICN, after receiving the content data with the

signature from the content producer or intermediate cache server, the content requester will verify that the public-key he has is associated with the genuine content provider. Since the identity of the content producer is already

included in the content data packet, the content requester will first look up his local identity bundle table. Since all the records in this table have been verified before, a match implies instant verification. If the local table doesn’t contain this binding relationship, the requester must send out another Interest packet with the identity’s name to retrieve the producer’s identity bundle from the social trust graph. As described in section D, if one of the friends has cached the identity bundle, and thus has previously verified the binding relationship, this belief of binding is sent back along the trust chain. This leads to a question: how to look for this verified identity bundle in the social trust graph. In this paper, we propose the shortest path to retrieve the identity bundle. Recall that in the overlay graph, a link may correspond to a MANET path of several hops. The lower the number of hops, the faster is the retrieval of the bundle. In Figure 6, node A is querying node D’s identity bundle using Dijkstra’s algorithm and calculates the shortest path from node A, for example, A-B-C-D (the yellow path). Note that Dijkstra’s algorithm’s application requires that each node maintains the MANET routes and hop counts to the social neighors.

C

BA

D

Figure 6. Different query path.

In Figure 6, there are multiple paths from node A to node D, say, the yellow path and the green path. And after some queries performed, the identity bundle of node D may have been propagated to some of other nodes. The requester will store the newly retrieved identity bundle into his local identity bundle table using the cache scheme of ICN. According to the definition of the link in the social trust graph, a new link will be generated between the requester and the node D. The more nodes keep node D’s identity bundle, the more direct links the node D has to other nodes. So, the popular content producer in the social trust network will have a relatively higher node degree than other normal nodes. Consequently, popular content producers will have a better connection and shorter hop path to the requester. With the increase of the identity bundle propagation, the social trust graph will evolve to a pattern where the popular content producers acquire high degrees and form large, highly connected components.


5

This will further speedup identity bundle queries in the future.

If the requester doesn’t have enough information to calculate the shortest path on the graph (for instance, high mobility prevents keeping up to date routes to neighbors) it will fallback to flooding the request into the MANET. The min hop path will still be found, but at a cost of higher line overhead.

IV. PERFORMANCE EVALUATION In this section, we evaluate the performance of the

proposed security scheme using two data sets: 1) an artificially generated social network and; 2) a real data set from the Epinions social network [8]. The artificial social network is generated randomly. Each link represents a directional trust relationship between two nodes where one cached and signed the other’s identity bundle. The Epinions social network dataset contains a who-trust-whom online social network of a general consumer review site Epinions.com. Members of the site can decide whether to ''trust'' each other. All the trust relationships interact and form the Web of Trust which is then combined with review ratings to determine which reviews are shown to the user.

We evaluate the performance of both artificial and Epinions graphs under two measures: 1) average number of hops; and, 2) average node degree. The average number of hops is the average hop count for a request of the identity bundle of a randomly specified, reachable content producer. The average node degree is the average degree in the social trust graph. For simplicity, we assume that the underlying physical network is always interconnected (i.e., no isolated nodes).

A. Evaluation using Artificial Data Set We start with the artificial dataset. In order to evaluate

the performance of the proposed scheme, we randomly generate a friendship in the social trust graph with 1000 nodes and 3000 links uniformly. Initially each node contains a unique content data.

The average number of hops from single content producer to all other reachable requesters is shown in Figure 7. The shortest path metric selects the minimum hop count between the content producer and each other nodes. The average value is 6.69 hops which is the average length of the path to request the identity bundle of the content producer at the first time. After the first retrieval, the content producer’s identity bundle is propagated hop by hop and stored at each intermediate node. These copies of the identity bundles make future retrievals much easier than the first time since at the very beginning the target identity bundle is only stored in one node. Then we start a random node to be another requester to retrieve the same identity bundle. Again it will build a shortest path from the

requester to the content producer. But when the query meets some intermediate nodes who stored the target identity bundle in their identity bundle table, the query will stop and return the identity bundle along the reversed query path. We increase the number of requests gradually to show the change of the average retrieval hop count for the same content producer in Figure 7. It is shown that the average number of hops decrease rapidly as the content producer’s identity bundle is cached by other nodes.

The average degree of node is shown in Figure 8. According to the definition of the link in the social trust network, a directional link from node A to node B means that node A confirmed and signed node B’s identity bundle and kept it in node A’s identity bundle table. Because of the retrieval and propagation of the identity bundle, more and more intermediate nodes cache and sign the binding so that more links pop up, increasing the nodes degree as shown in Figure 8.

Figure 7. Average number of hops.

Figure 8. Average node degree.

B. Evaluation using Epinions Data Set The Epinions social network dataset contains a who-

trust-whom online social network of a general consumer review site Epinions.com. Members of the site can decide whether to ''trust'' each other. All the trust relationships interact and form the Web of Trust which is then combined with review ratings to determine which reviews are shown to the user. The trust relationship used in the dataset is conceptually the same as in our design. This social network has 75879 nodes and 508837 edges.


6

The average number of hops from one content producer to all other reachable requesters is shown in Figure 9. With a trend similar to that observed in Figure 7, the average number of hops decrease when more retrievals propagate the identity bundle to more intermediate caches. In this realistic scenario, the larger social network community leads to better connectivity between nodes. Thus the average number of hops is smaller than that in Figure 7.

The average node degree is shown in Figure 10. Because of the larger social network community, the average node degree is much bigger than in Figure 8. Also, the large community makes the node degree grow slower than in the small community.

Figure 9. Average number of hops.

Figure 10. Average node degree.

V. CONCLUSION In the mobile information-centric network, the

authenticity and integrity of the data retrieved from the

content producer must always be questioned. The public-key cryptography is adopted to provide the security service for the data transmission. The traditional CA scheme used to verify the binding relationship between the user identity and his public-key is expensive and not suitable to deploy in the mobile application scenario. In this paper, we proposed a social network based security scheme in the mobile information-centric network to support the verification of the binding relationship. The social network (and associated graph) allows the requester to retrieve the public-key of the content producer using a trusted chain that leads to a cached identity bundle. We have validated the scheme on a small scale artificial network and have proved scalability on a large real life social network.

REFERENCES [1] V. Jacobson, M. Mosko, D. Smetters, and J. Garcia-Luna-Aceves,

"Content-centric networking," Whitepaper, Palo Alto Research Center, pp. 2-4, 2007.

[2] L. Zhang, D. Estrin, J. Burke, V. Jacobson, J. D. Thornton, D. K. Smetters, et al., "Named data networking (ndn) project," Relatório Técnico NDN-0001, Xerox Palo Alto Research Center-PARC, 2010.

[3] L. Wang, A. Afanasyev, R. Kuntz, R. Vuyyuru, R. Wakikawa, and L. Zhang, "Rapid traffic information dissemination using named data," presented at the Proceedings of the 1st ACM workshop on Emerging Name-Oriented Mobile Networking Design - Architecture, Algorithms, and Applications, Hilton Head, South Carolina, USA, 2012.

[4] S. Y. Oh, D. Lau, and M. Gerla, "Content centric networking in tactical and emergency manets," Wireless Days IFIP, pp. 1-5, 2010.

[5] Y. Lu, S. Kuan-Hao, W. Jui-Ting, and M. Gerla, "Mobile social network based trust authentication," in Ad Hoc Networking Workshop (Med-Hoc-Net), 2012 The 11th Annual Mediterranean, 2012, pp. 106-112.

[6] S. L. Garfinkel, "Public key cryptography," Computer, vol. 29, pp. 101-104, 1996.

[7] C. Adams and S. Lloyd, Understanding public-key infrastructure: concepts, standards, and deployment considerations: New Riders Pub, 1999.

[8] Y. Lu, Z. Biao, J. Fei, and M. Gerla, "Group-based secure source authentication protocol for VANETs," in GLOBECOM Workshops (GC Wkshps), 2010 IEEE, 2010, pp. 202-206.

[9] J. A. Golbeck, "Computing and applying trust in web-based social networks," 2005.

[10] http://snap.stanford.edu/data/soc-Epinions1.htm


7

[ieee 2013 12th annual mediterranean ad hoc networking workshop (med-hoc-net) - ajaccio, france...

Documents