HOME > Detail View

Detail View

Distributed capability-based access control and SDN deployment of information-centric networking

Distributed capability-based access control and SDN deployment of information-centric networking

Material type
학위논문
Personal Author
차정환
Title Statement
Distributed capability-based access control and SDN deployment of information-centric networking / Jung-hwan Cha
Publication, Distribution, etc
Seoul :   Graduate School, Korea University,   2017  
Physical Medium
xi, 93장 : 삽화, 도표 ; 26 cm
기타형태 저록
Distributed Capability-based Access Control and SDN Deployment of Information-Centric Networking   (DCOLL211009)000000076204  
학위논문주기
학위논문(박사)-- 고려대학교 대학원: 컴퓨터·전파통신공학과, 2017. 8
학과코드
0510   6YD36   331  
General Note
지도교수: 민성기  
Bibliography, Etc. Note
참고문헌: 86-93
이용가능한 다른형태자료
PDF 파일로도 이용가능;   Requires PDF file reader(application/pdf)  
비통제주제어
Future Internet , Information Centric Networking (ICN) , Named Data Networking (NDN) , Software-Defined Networking (SDN),,
000 00000nam c2200205 c 4500
001 000045915414
005 20171012170716
007 ta
008 170626s2017 ulkad bmAC 000c eng
040 ▼a 211009 ▼c 211009 ▼d 211009
085 0 ▼a 0510 ▼2 KDCP
090 ▼a 0510 ▼b 6YD36 ▼c 331
100 1 ▼a 차정환
245 1 0 ▼a Distributed capability-based access control and SDN deployment of information-centric networking / ▼d Jung-hwan Cha
260 ▼a Seoul : ▼b Graduate School, Korea University, ▼c 2017
300 ▼a xi, 93장 : ▼b 삽화, 도표 ; ▼c 26 cm
500 ▼a 지도교수: 민성기
502 1 ▼a 학위논문(박사)-- ▼b 고려대학교 대학원: ▼c 컴퓨터·전파통신공학과, ▼d 2017. 8
504 ▼a 참고문헌: 86-93
530 ▼a PDF 파일로도 이용가능; ▼c Requires PDF file reader(application/pdf)
653 ▼a Future Internet ▼a Information Centric Networking (ICN) ▼a Named Data Networking (NDN) ▼a Software-Defined Networking (SDN)
776 0 ▼t Distributed Capability-based Access Control and SDN Deployment of Information-Centric Networking ▼w (DCOLL211009)000000076204
900 1 0 ▼a Cha, Jung-hwan, ▼e
900 1 0 ▼a Min, Sung-gi, ▼e 지도교수
900 1 0 ▼a 민성기, ▼e 지도교수
945 ▼a KLPA

Electronic Information

No. Title Service
1
Distributed capability-based access control and SDN deployment of information-centric networking (63회 열람)
View PDF Abstract Table of Contents

Holdings Information

No. Location Call Number Accession No. Availability Due Date Make a Reservation Service
No. 1 Location Science & Engineering Library/Stacks(Thesis)/ Call Number 0510 6YD36 331 Accession No. 123056935 Availability Available Due Date Make a Reservation Service B M

Contents information

Abstract

The engineering principles and architecture of today’s IP-based network were designed in 1960’s and 1970’s based on host-centric communication model. It is unsuitable to meet the requirements of current content-oriented applications such as video streaming service and peer-to-peer application. 

Information-Centric Networking (ICN) has emerged as an alternative architecture to the traditional IP-based networking. In ICN, contents are treated as primitive elements of communication instead of location of the contents. It brings many advantages over traditional Internet to ICN in terms of content dispersion through the use of in-networking caching.

However, ICN is in the early stages of research and its principle and architecture is fundamentally different the legacy IP-based network. There are still numerous challenges to be addressed such as security concerns, deployment problem, naming, name-based routing, and mobility.

In this thesis, firstly, a distributed capability-based access control scheme is presented to address the access control issue of ICN. Enforcing access control policies in ICN is difficult as there can be multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. 

The distributed capability access control scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from a content requester. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contacting access control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. 

This thesis also explains a dual naming architecture for the deployment problem of Named Data Networking (NDN), the most notable ICN architecture. Currently, most NDN is deployed over IP networks, but such an overlay deployment increases the transport network overhead due to the use of dual network control planes (NDN and IP routing). Software-Defined Networking (SDN) can be used to mitigate the network overhead by forwarding NDN packets without the use of IP routing. 

To deploy NDN over SDN, a variable NDN content name needs to be mapped to a fixed-size match field in an OpenFlow switch flow table. The proposed architecture uses dual names for content forwarding: content name and Name Tag (NT). NT is derived from the content name and is a legitimate IPv6 address. By using NT, OpenFlow-based SDN can transport an IPv6 packet that encapsulates an NDN packet with an NDN routing without IP routing.

Table of Contents

Chapter 1 Introduction	1
1.1 Background	1
1.2 Problem Statement and Objective	2
1.2.1 Access Control in Information-Centric Networking	2
1.2.2 Named Data Networking Deployment over Software-Defined Networking	3
1.3 Approaches	4
1.3.1 Distributed Capability-based Access Control Scheme	4
1.3.2 Named Data Networking Deployment over Software-Defined Networking using Fixed Size Content Names	6
1.4 Organization of the thesis	7
Chapter 2 Related Works	8
2.1 Information-Centric Networking Protocols	8
2.1.1 Named Data Networking (NDN)	8
2.1.2 Data-Oriented Network Architecture (DONA)	12
2.1.3 Publish-Subscribe Internet Technologies (PURSUIT)	13
2.1.4 Content-Centric Inter -Network Architecture (CONET)	15
2.2 Access Control Scheme in ICN	17
2.3 ICN Deployment Scheme over SDN	18
2.3.1 Software Defined Networking (SDN)	19
2.3.2 OpenFlow Protocol	21
2.3.2.1 OpenFlow Tables	23
2.3.2.2 OpenFlow Channel and Protocol	28
2.3.3 ICN Deployment Schemes over SDN	31
Chapter 3 A Distributed Capability Access Control	33
Scheme in Information-Centric Networking	33
3.1 Introduction	33
3.2 A Distributed Capability Access Control Scheme	34
3.2.1 System Overview	34
3.2.2 Packet Structure	35
3.2.3 A Distributed Capability Access Control Scheme	37
3.2.4 The Distributed Capability	41
3.2.4.1 Internal Capability	41
3.2.4.2 External Capability	42
3.2.4.3 Verification Procedure	43
3.2.4.4 Revocation of Capabilities	45
3.2.5 Preserving Consumer Privacy	46
3.3. Security Evaluation	46
3.4. Performance Evaluation	50
3.4.1 Network Model	51
3.4.2 The Proposed Scheme, PURSUIT and CCNx Messages	52
3.4.3 Analytical Investigation	54
3.4.3.1 The Distributed Capability-based Access Control Scheme	54
3.4.3.2 PURSUIT	54
3.4.3.3 CCNx	55
3.4.3.4 Analytical and Numerical Results	56
3.4.4 Simulation Investigation	57
3.4.4.1 Simulation Environment	57
3.4.4.2 Authorization Delay	58
3.4.4.3 Authorization Delay for Cached Content	59
Chapter 4 Named Data Networking over a Software-Defined Network Using Fixed-Size Content Names	61
4.1 Introduction	61
4.2 Named Data Networking over a Software-Defined Network System Architecture	62
4.2.1 NDN Consumer	63
4.2.2 NDN Node	64
4.2.3 SDN Controller	65
4.2.4 OpenFlow Switch	66
4.3 Name Tag	66
4.3.1 Analytical Investigation of NameTag	69
4.4 System Operation	71
4.4.1 Interest Forwarding	71
4.4.2 Data Forwarding	75
4.5 Experimental Implementation	77
4.6 Discussion	82
Chapter 5 Conclusions	84
Bibliography	86