On Certificate Management in Named Data Networking
This addresses certificate management challenges for NDN security protocol developers, but appears incremental as it builds on existing NDN security design.
The paper tackles the problem of certificate management in Named Data Networking (NDN), which requires efficient and usable mechanisms for certificate issuance and revocation to secure network communications. It presents NDNCERT, a specific realization of NDN certificate management, and evaluates it using formal security analysis.
Named Data Networking (NDN) secures network communications by requiring all data packets to be signed when produced. This requirement necessitates efficient and usable mechanisms to handle NDN certificate issuance and revocation, making these supporting mechanisms essential for NDN operations. In this paper, we first investigate and clarify core concepts related to NDN certificates and security design in general, and then present the model of NDN certificate management and its desired properties. We proceed with the design of a specific realization of NDN's certificate management, NDNCERT, evaluate it using a formal security analysis, and discuss the challenges in designing, implementing, and deploying the system, to share our experiences with other NDN security protocol development efforts.