2nd ACM Conference on Information-Centric Networking (ICN 2015), Sep. 30 - Oct. 2, 2015
Tutorial NDN: Security & Synchronization in Named Data Networking (NDN)
Presenters
- Hila Ben Abraham (Washington University St. Louis)
- Alex Afanasyev (UCLA)
- Jeff Burke (UCLA)
- Steve DiBenedetto (Colorado State University)
- Jeff Thompson (UCLA)
- Yingdi Yu (UCLA)
- Lixia Zhang (UCLA)
Motivation
Named Data Networking (NDN) is one of the most prominent ICN architectures and software platforms available to the research community. The NDN codebase is published under an open source license and widely used in experimentation; a 22+ node international testbed is available for research use. For several years, the NDN project team has presented tutorials to introduce the basics of the architecture and its software platform to researchers, both to promote related research and to encourage community contribution to the open source software platform. Previous tutorials have focused primarily on introductory material — in particular, Interest/Data exchange mechanisms and basic content verification. However, many of the field’s most interesting research challenges lie in areas that build on these basics. In particular, mechanisms for access control and trust verification, along with next-generation transport protocols building on Interest/Data exchange, are important areas of work for the NDN project team.
This tutorial will share important architectural concepts we are exploring in these two areas, the software we have built to do so, and open challenges faced in each. In this way, we hope to engage tutorial participants in both using deeper features of the available toolset, and in considering these critical problem spaces with us. Specifically, we will conduct a hands-on tutorial that uses the creation of a modern browser-based application, built in Javascript, to cover three such topics where the ideas have progressed such that we can build experimental libraries to work with them: 1) encryption—based access control, 2) configurable trust verification, 3) multi—party synchronization.
Type of Tutorial
Hands-on tutorial with a lecture interlude at lunch. We expect the duration of the tutorial to be a full day, approximately 7.5 hours including a 1-hour working lunch break.Content Outline
- Welcome and introduction, recap of architecture and key open challenges, motivation of tutorial topics and review of agenda. (15 minutes)
- Setup of the tutorial example. The day’s goal: Build a secure, peer-to-peer browser-based messaging system (ala Twitter) for the tutorial participants to communicate with, using NDN to provide Firebase-like features without cloud infrastructure. (15 minutes)
-
Recap and local testing of NDN software platform. Objective: Understand and (if applicable) verify your own NDN installation, get and install a signed certificate, and connect to the tutorial’s forwarder(s) from NDN-JS, creating a skeleton application to build upon below. Configuring a local instance of NFD is optional to complete the example. (45 minutes)
- Introduction to NDN libraries, focusing on NDN-JS
- How the NFD forwarder(s) are configured in the tutorial, including typical configuration concerns. Setting up your own forwarder (optional).
- Creating, signing, and installing certificates for use by the forwarder and NDN-JS — participants will create an identity (cert) for their forwarder, if applicable, and a “master” identity (cert) for themselves.
- Autoconfiguration (getting a local publishing prefix, including API hooks).
- Local repository: repo-ng or HTML5 equivalent.
- Multi-party Synchronization. Objective: Extend the skeleton NDN-JS application above to implement Firebase-style distributed data sharing between browsers of the tutorial participants. (90 minutes) This serves as a hands-on introduction to “sync” as a transport protocol built on NDN. Using the Chronosync-based experimental implementation in NDN-JS, build a simple browser application with features similar to Firebase. (https://www.firebase.com/)
-
Working lunch: Recap of high-level motivation. Two short lectures, total of 60 minutes.
- Review Sync high-level concept: Synchronization as a new transport approach, open questions, and envisioned use cases. From general sync concept to specific sync designs — example of ChronoSync and its NDN-JS experimental implementation. (30 minutes)
- Transition to afternoon — continuation of Twitter example discussion — How we will build on these basic features to provide trust verification and access control. (30 minutes)
-
Trust verification. Objective: Add trust verification to the Twitter/Firebase
example, using
hierarchical verification of application-specific certificates. This will demonstrate
hierarchical trust
verification for incoming Data using the security library as implemented in NDN-JS. (90
minutes).
- a. Each participant will generate a certificate corresponding to their identity in this application, and sign it with the personal cert created in step #3c. Brief review of certificate format and open research questions. (30 minutes)
- Together, we’ll add code to the example application to provide verification that messages are from authorized members of the tutorial group. This session will include a brief overview of the policy configuration language as made available in NDN-JS. (45 minutes)
- Pointers to how other types of verification (e.g., “web of trust”) might be implemented using the available libraries. Discussion of open research questions. (15 minutes)
- Access control. Objective: Update the application to provide basic encryption-based access control, using the previously issued keys for asymmetric encryption. (90 minutes) This section will demonstrate basic encryption-based access control and key exchange. For example, each application instance will create a new encryption key for messages generated by that instance, which is then encrypted on-demand using the public key of other tutorial participants and stored in a repository for persistence.
Requirements for the Attendees
Attendees must bring a laptop capable of running the most recent version of Chrome and/or Firefox. All required examples will be in Javascript. Ideally, laptops should also have pre-installed and tested the full Named Data Networking platform, which has been tested most extensively on modern versions of Ubuntu Linux and Mac OS X. Time will not be allocated in the tutorial for troubleshooting participants’ installations. For those who wish to work with it, the NDN Platform must be installed and tested prior to the tutorial; we will provide limited email support to participants who encounter any trouble in the weeks leading up to the tutorial.
Attendees should have some reasonable conceptual and practical familiarity with the NDN architecture and the fundamentals of Interest/Data exchange. Ideally, they should be comfortable with Javascript, including the basic debugging tools available in the browser, as well as getting around in the Unix shell.
Prior to the tutorial, we will distribute key references on the architecture to the participants, as well as recommendations for hands-on examples that will build familiarity with basic functions in the NDN Javascript library and serve as a recap of the needed understanding of the language itself. Unlike previous years, this is not a basic introduction to NDN applications. It is an intermediate level tutorial that requires either some basic experience with NDN or similar ICN architectures, or a willingness to follow along with topics that build on basics that will only be covered briefly.