Presented for TTI Vanguard "Shift Happens" conference (http://bit.ly/TTIVshifthappens) visit to PARC, this is a basic overview of just the security aspects of our content-centric networking program.
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Content-Centric Networking: Security
1. Content-based Security
Van Jacobson
Research Fellow, PARC
TTI/Vanguard at PARC
February 25, 2010
parc ®
Palo Alto Research Center
2. Content-centric Networking (CCN)
is a communications architecture
based on dissemination
rather than conversation.
(at the lowest level, you talk about
named data, not to some server)
3. CCN offers ...
• (provably) optimal content distribution
• painless mobility, wireless, virtualization, ...
• same scalability & efficiency as TCP/IP
• simple, secure, robust configuration
• an easy, incremental, evolutionary path
• much better security
5. Files, hosts and
network connections are
containers for information
• A secured perimeter is the only way to
secure containers.
• For today’s business, any realistic perimeter
encloses the planet.
6. Forget containers –
secure the content
Do it as the final production step to minimize
attack surface.
Ron Rivest’s SDSI has shown this works if content
is augmented so any consumer can assess
from the data:
• Validity (is data intact and complete?)
• Relevance (what question does this answer?)
• Provenance (who asserts this is an answer?)
8. Evidentiary Trust
• Rich web of arises from signed content:
information
trustable, interconnected
Content
Content Content
Content
Content
Content
Content Content
Content
! Content
!
Content
! Content
Content!!
!
Key!!
Key !
Key !!Key
Key
!Key
Key
Key !Key
Key
Key Key
Key
• Attacks haveand be consistent with
information
to
links – get exponentially
harder as information base grows.
! Strong security is emergent & effortless.
9. Information on CCN is available at
www.ccnx.org
including a GPL’d open-source release
of our current research prototype.