UC Santa Cruz

A key feature of the Content Centric Networking (CCN) architecture is the requirement for each piece of content to be individually signed by its publisher. Thus, CCN should, in principle, be immune to distributing fake content. However, in practice, the network cannot easily detect and drop fake content as the trust context (i.e., the public keys that need to be trusted for verifying the content signature) is an application-dependent concept. CCN provides mechanisms for consumers to request a piece of content restricted by its signer's public key or the cryptographic digest of the content object to avoid receiving fake content. However, it does not provide any mechanisms to learn this critical information prior to requesting the content. In this paper, we introduce a scalable Key Resolution Service (KRS) that can securely store and serve security information (e.g., public key certificates of publishers) for a namespace in CCN. We implement KRS as a service for CCN in ndnSIM, a ns-3 module, and discuss and evaluate such a distributed service. We demonstrate the feasibility and scalability of our design via simulations driven by real-traffic traces.