NDNOTA: NDN One-Time Authentication

Abstract

Named Data Networking (NDN) stands out as a prominent architectural framework for the future Internet, aiming to address deficiencies present in IP networks, specifically in the domain of security. Although NDN packets containing requested content are signed with the publisher’s signature which establishes data provenance for content, the NDN domain still requires more holistic frameworks that address consumers’ identity verification while accessing protected contents or services using producer/publisher-preapproved authentication servers. In response, this paper introduces the NDN One-Time Authentication (NDNOTA) framework, designed to authenticate NDN online services, applications, and data in real time. NDNOTA comprises three fundamental elements: the consumer, producer, and authentication server. Employing a variety of security measures such as single sign-on (SSO), token credentials, certified asymmetric keys, and signed NDN packets, NDNOTA aims to reinforce the security of NDN-based interactions. To assess the effectiveness of the proposed framework, we validate and evaluate its impact on the three core elements in terms of time performance. For example, when accessing authenticated content through the entire NDNOTA process, consumers experience an additional time overhead of 70 milliseconds, making the total process take 83 milliseconds. In contrast, accessing normal content that does not require authentication does not incur this delay. The additional NDNOTA delay is mitigated once the authentication token is generated and stored, resulting in a comparable time frame to unauthenticated content requests. Additionally, obtaining private content through the authentication process requires 10 messages, whereas acquiring public data only requires two messages.