ACM ICN 2018, Boston, USA

Half-day Tutorial: NDN Security Concepts and Tools

This half-day tutorial on security support in Named Data Networking (NDN) aims to provide an overview of NDN security efforts and help the audience to get a quick start with NDN security concepts and tools. We plan to provide an overview of the security frameworks in NDN, introduce the mechanisms, and show how all the components function together.

In the tutorial, we will use the existing open-source NDN projects as examples of how to use NDN security concepts and tools. We will also introduce open issues and how one can explore new research questions in NDN security.

Tutorial Overview


  • Zhiyi Zhang


    • Zhiyi Zhang is a Ph.D. student in the Computer Science Department of UCLA, under the supervison of Prof. Lixia Zhang. He received his B.S. in computer science from Nankai University, China, in 2015. His main research interests are Named Data Networking and Network Security. His previous work done in NDN security includes Name-based Access Control, Attribute-based Access Control over NDN, NDN Certificate Management and DDoS Defense over NDN. He is also contributing to the development of the core NDN software, including NFD and ndn-cxx library.


  • Sanjeev Kaushik Ramani

    Florida International University

    • Sanjeev Kaushik Ramani is a Ph.D. student at the School of Computing and Information Sciences (SCIS), Florida International University (FIU) under the supervision of Dr. Niki Pissinou and Dr. Alex Afanasyev. He is also co-advised by Dr. S S Iyengar. He received his Bachelor's degree in 2014 from India. He has held various positions at IBM and Cognizant Technology Solutions in India before starting his studies at FIU. His research interests include Named Data Networking, Security, Privacy and Trust management in Wireless Sensor Networks and IoT devices.


  • Alex Afanasyev

    Florida International University

    • Alex Afanasyev is an Assistant Professor in the School of Computing and Information Sciences at Florida International University. His research focus is on the next-generation Internet architecture as part of the Named Data Networking (NDN) project. For over 8 years, he has done research in multiple fields vital for the success of NDN, including the application of NDN to Internet-of-Things, addressing challenges of next generation wireless networks, exploration of the data-centric security models, scalability of name-based routing, auto-configuration, distributed data synchronization, and prototype applications. He is also leading development effort of the overall NDN codebase, including widely used in the community NDN software forwarder (NFD), supporting libraries, and the ndnSIM simulation platform.


  • Lixia Zhang


    • Lixia Zhang is a Professor in the Computer Science Department of UCLA. She received her Ph.D. in computer science from MIT and was a member of the research staff at Xerox PARC before joining UCLA. She is a fellow of ACM and IEEE, the recipient of IEEE Internet Award, and the holder of UCLA Postel Chair in Computer Science. Since 2010 she has been leading the effort on the design and development of the NDN architecture.



People are interested in NDN’s built-in security and wondering how NDN security framework function in different application scenarios. Based on our seven-year effort to develop NDN security solutions, we have gained adequate first-hand experience of how NDN security should be developed and in which way these approaches should be used. We believe such experiences with our open-source projects, can help one clarify and deepen the conceptual understanding about this new security framework and serve as a shortcut for people who are starting their research on ICN security. Furthermore, by understanding the NDN security framework, it becomes easier for one to see its advantages, appreciate the difference between NDN security and the existing TCP/IP security, as well as identify new research challenges.

The tutorial would be most beneficial for students and other researches who want to gain further understanding of NDN security beyond reading the literature and are looking for interesting research topics to work on. The main goal of the tutorial is to offer a booster to get one started through interactive and fun mental exercises together with hands-on experiences.

Type of the Tutorial

After a short introduction of the NDN security support framework, the lecture part of the tutorial will be focused on description of the available open source prototype frameworks, their structure, and how to get started to use them. In parallel, we will run hands-on tasks implementing simple applications with security support (data authentication, confidentiality) using the frameworks. We are hoping for an active engagement with the tutorial participants, answering questions from the participants on how NDN security works, how it may help meeting their own applications needs, showing and writing of real examples of code in real-time.

Outline of the Tutorial

I) NDN Security Overview (30 minutes)

We plan to illustrate the basic concepts of the NDN security with specific examples to help both create an interactive learning atmosphere and demonstrate the key differences between the existing TCP/IP security and the NDN security. In this part, we will help audience learn how applications can utilize NDN security framework to perform security bootstrapping and ensure data authenticity, integrity, confidentiality, and availability.

II) Usable Security Support in NDN (2.5 hours)

We plan to provide an overview of the existing NDN security codebases, their capabilities, and exemplify use of the individual tools based on several examples. As part of the following subparts of the tutorial, we will include description of:

  • security framework (transformation framework, signing and validation framework, trust schema realization, NDN security command line tools) of the NDN C++ library with eXperimental eXtensions (ndn-cxx) (30 mins);
  • NDN security bootstrapping frameworks (30 mins);
  • NDN Certificate Management (NDNCERT) (30 mins);
  • Name-based Access Control (NAC) (30 mins);
  • Name-based Access Control with Attribute-based Encryption (NAC-ABE) (30 mins).

III) Q & A (30 minutes)

During the tutorial, we will set up an online board to collect questions about the basic NDN security concepts and the programming exercises. During this last section of the tutorial, we plan to break into smaller groups, with each addressing a specific area of questions that people may bring up.

Requirements for Attendees

We assume that everyone will bring a laptop or smartphone; some people will want to follow up the coding exercise; some may not. We hope that those who do not code will still be able to post questions for Q&A section of the tutorial.

Those who code, should bring a laptop capable of running Docker platform. The NDN team will prepare a set of docker environments (with online and the hand out instructions) to create unified development environment. Participants will also be able to use local or cloud-based VM or directly install tools on their laptops (only for those running Linux and macOS), but no time will be allocated for troubleshooting participants' installations. In the weeks leading up to the tutorial, we will provide a limited email support to participants willing to prepared the development environment before the tutorial starts.

The developed examples will use a variety of programming languages, including C++ (C++14), C (C99), JavaScript, Python. Participants are expected to be proficient at least in one of the listed languages and general understanding of today's TCP/IP protocol architecture.