{"title":"金丝雀","authors":"Yong-Yoon Shin, Sae Hyong Park, Quang Tung Thai, Sung Hyuk Byun","doi":"10.1145/3357150.3357418","DOIUrl":null,"url":null,"abstract":"The per-packet signature mechanism in NDN is a basic mechanism to provide in-network security. Consumers can validate provenance and integrity with the public key-based signature attached with each Data packet. However, the creation and validation processes of signature cause significant performance bottlenecks in both of consumers and producers. The embedded manifest mechanism was proposed to ease the signing overhead for streaming data producers; a signed manifest packet being composed of digests of subsequent Data packets is inserted per bundle of Data packet while each Data packet has only its digest as SignatureInfo. For a large file, the embedded manifest mechanism still needs producers to sign multiple manifest packets. The basic idea of proposed mechanism, Canary, is to enable per-segment provenance and data integrity validation with only one signing operation of producers even for a large file by exploiting the properties of Merkle tree.","PeriodicalId":112463,"journal":{"name":"Proceedings of the 6th ACM Conference on Information-Centric Networking","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Canary\",\"authors\":\"Yong-Yoon Shin, Sae Hyong Park, Quang Tung Thai, Sung Hyuk Byun\",\"doi\":\"10.1145/3357150.3357418\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The per-packet signature mechanism in NDN is a basic mechanism to provide in-network security. Consumers can validate provenance and integrity with the public key-based signature attached with each Data packet. However, the creation and validation processes of signature cause significant performance bottlenecks in both of consumers and producers. The embedded manifest mechanism was proposed to ease the signing overhead for streaming data producers; a signed manifest packet being composed of digests of subsequent Data packets is inserted per bundle of Data packet while each Data packet has only its digest as SignatureInfo. For a large file, the embedded manifest mechanism still needs producers to sign multiple manifest packets. The basic idea of proposed mechanism, Canary, is to enable per-segment provenance and data integrity validation with only one signing operation of producers even for a large file by exploiting the properties of Merkle tree.\",\"PeriodicalId\":112463,\"journal\":{\"name\":\"Proceedings of the 6th ACM Conference on Information-Centric Networking\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-09-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 6th ACM Conference on Information-Centric Networking\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3357150.3357418\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 6th ACM Conference on Information-Centric Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3357150.3357418","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The per-packet signature mechanism in NDN is a basic mechanism to provide in-network security. Consumers can validate provenance and integrity with the public key-based signature attached with each Data packet. However, the creation and validation processes of signature cause significant performance bottlenecks in both of consumers and producers. The embedded manifest mechanism was proposed to ease the signing overhead for streaming data producers; a signed manifest packet being composed of digests of subsequent Data packets is inserted per bundle of Data packet while each Data packet has only its digest as SignatureInfo. For a large file, the embedded manifest mechanism still needs producers to sign multiple manifest packets. The basic idea of proposed mechanism, Canary, is to enable per-segment provenance and data integrity validation with only one signing operation of producers even for a large file by exploiting the properties of Merkle tree.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
