Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Slides

advertisement 
Secure Content Delivery in Information-Centric
Networks: Design, Implementation, and Analyses
Satyajayant Misra
Reza Tourani
Nahid Majd
Computer Science Department
New Mexico State University, USA
New Mexico State University, Las Cruces, NM, USA
misra@cs.nmsu.edu
Agenda
•
•
•
•
•
Introduction and Motivation
Models and Assumptions
Design of Framework
Testbed Results
Conclusion
New Mexico State University, Las Cruces, NM, USA
The Cisco Visual Networking Index underlines the
need for a high bandwidth content-centric Internet.
• High bandwidth video makes 51% of the
Internet traffic today and would rise to 54%
by 2016;
• Sum of all video traffic would become
approximately 86% of global traffic;
• By 2014, mobile wireless devices will
account for 61% of world Internet traffic.
New Mexico State University, Las Cruces,
NM, USA
What does this traffic trend mean for the future of the
Internet?
Bandwidth
Intensive
Unsustainable
New Mexico State University, Las Cruces, NM, USA
A typical content delivery hierarchy in today’s Internet.
Content Provider
CDN Nodes
ISP Nodes
New Mexico State University, Las Cruces, NM, USA
End Users
However, using CDNs does not solve the bandwidth
bottleneck problem at the ISPs (the edge).
Redundant/Duplicate
transmissions
Solution: In-network
caching atundermine
the ISP-level.
network performance
New Mexico State University, Las Cruces, NM, USA
In-network caching at the ISPs will help reduce
bandwidth requirement at the ISP level.
New Mexico State University, Las Cruces, NM, USA
The important concern is, how do we ensure
high availability of the cached data only to legitimate users?
New Mexico State University, Las Cruces, NM, USA
Let’s look at a simplified example of how your content is
delivered to your Netflix player from the Netflix server.
Amazon EC2
Microsoft’s
Individualization Server
Netflix’s Regular
Webserver
Your Player
Netflix Control Server
Netflix License Server
Netflix Streaming Server
(Akamai, etc.)
New Mexico State University, Las Cruces, NM, USA
If the Cloud is down, then the service is down!
New Mexico State University, Las Cruces, NM, USA
These conditions serve as the motivation for this work.
For more than 20 million users; revocation of 1-2 million users; system reinitialization possible.
New Mexico State University, Las Cruces, NM, USA
We use a Shamir’s secret-sharing based broadcast
encryption mechanism* for content security.
n: total number of users;
t: maximum revocation threshold
Server sends t shares, user adds one more to make t+1.
* W. Tzeng and Z. Tzeng. A public-key traitor tracing scheme with revocation using dynamic
shares. In Public Key Cryptography, pages 207–224, 2001.
New Mexico State University, Las Cruces, NM, USA
The basic steps are split between the server and the client,
with the operations being heavy on the server-side.
Server encrypts content using a symmetric key
It generates “n + t” shares
Gives each user one of the shares
Encrypts the key using “t” shares and makes it
available
Legitimate user adds his share to create t+1
shares to decrypt the key
* W. Tzeng and Z. Tzeng. A public-key traitor tracing scheme with revocation using dynamic
shares. In Public Key Cryptography, pages 207–224, 2001.
New Mexico State University, Las Cruces, NM, USA
The framework has three basic protocols: First two
performed at the server and the last one at the client.
 Polynomials and shares generation at the server
 Enabling block generation and encryption at the server
 Secret Extraction at the mobile user
We perform pre-computations at the server so user has to perform
only O(t) computations to obtain secret key.
New Mexico State University, Las Cruces, NM, USA
CCN/NDN Architecture Details: User Registration, Chunk
Creation, Packet Naming, Versioning, User Revocation
Sequence Numbers: Sequential or Random
Versioning: Content and Enabling Block can have different numbers,
versions can help with expiration.
User Registration and Revocation: Messages transmitted as interests.
New Mexico State University, Las Cruces, NM, USA
We have addressed some of the questions pertaining to the
handling of system dynamics in the framework.
• How to revoke a subscribed user at the end of the
subscription?
• Can we handle the case where the number of revoked
user is more than t the system revocation threshold?
• How do we handle new user(s) when the system
reaches user capacity?
New Mexico State University, Las Cruces, NM, USA
The framework was implemented in a CCNx testbed to
verify its feasibility for mobile users.
•
•
•
•
•
CCNx-0.7 codebase.
3 nodes: Intel Core i7, 8 GB RAM, 2.4 GHz.
Code in C++, compiled with gcc 4.5.2.
GNU multi-precision arithmetic library.
24.1 MB video hosted using the ccnputfile
command.
• n: 1 M to 20 M in increments of 5 M.
• t: 5 K to 40 K in increments of 5 K.
• Experiments were run over 100 runs.
New Mexico State University, Las Cruces, NM, USA
We implemented two versions: No Server-side Precomputation (SD) & Server-side Pre-computation (PSD).
• No server-side pre-computation => No computation
of the Lagrangian interpolation at the server, requiring
O(t2) computations at the mobile device.
• Server-side pre-computation => The Lagrangian
interpolation variables are partially computed at the
server; only O(t) computations at the mobile device.
New Mexico State University, Las Cruces, NM, USA
Polynomial generation and user shares generation
depended on the number of users in the system.
Cost increases for large number of users, however, this part can be
parallelized easily.
New Mexico State University, Las Cruces, NM, USA
The pre-computation at the server adds to the enabling
block cost, however the overhead is still modest.
Even in PSD, the addition of the enabling block to the content
transmission adds only a 0.3% overhead for a 300 MB movie.
New Mexico State University, Las Cruces, NM, USA
The extraction at the user with PSD is far better than in SD,
hence is recommended.
Even when t is 1 million it takes 4.17 seconds (0.06% of a standard
Netflix movie time) to extract using one 2.4 GHz processor.
New Mexico State University, Las Cruces, NM, USA
Conclusions: Our framework will scale to large number
of mobile users
• Legitimate users can access content available close-by.
• Even when the CP is down!
• The framework is tailor-made for mobile users.
• It is efficient to scale to several million users
• Tested for upto 20 million subscribers.
• Number of revoked users upto 1 million.
• CCNx testbed implementation results show promise.
New Mexico State University, Las Cruces, NM, USA
Thank You
New Mexico State University, Las Cruces, NM, USA
misra@cs.nmsu.edu
New Mexico State University, Las Cruces,
NM, USA
Related documents
Basin and Range Province PowerPoint
Basin and Range Province PowerPoint
Responses to Challenges in Megacities
Responses to Challenges in Megacities
Homelessness and Poverty in Dona Ana County
Homelessness and Poverty in Dona Ana County
Egyptian Cartouche
Egyptian Cartouche
The Mexican-American War and Mexican Cession
The Mexican-American War and Mexican Cession
DfE Template (Arial) v1.0 April 2012
DfE Template (Arial) v1.0 April 2012
GBEA-E1: Employee Conflict Sample Letters
GBEA-E1: Employee Conflict Sample Letters
Forging A National Policy Framework for Local
Forging A National Policy Framework for Local
Download
advertisement