Schematized access control for data cubes and trees

Abstract

In classic ICN where delivery of named data cannot be guarded, access control is usually implemented by first encrypting the data and secondly by providing the corresponding data encryption keys (DEKs) to authorized users only: Authorized users will obtain DEKs in encrypted form, wrapped with their public key. This approach has three shortcomings which we address in this paper. (a) Key management is tedious if it has to be done on a per-principle basis, (b) access granularity for single documents should be extended to document collections (e.g. namespace sub-trees) and data cubes (sub-elements within data records), (c) there needs to be support for access right propagation across data aggregation and derivation chains.