CertRevoke: a certificate revocation framework for named data networking
Published in ICN 22, 2022
Recommended citation: Tianyuan Yu, Hongcheng Xie, Siqi Liu, Xinyu Ma, Xiaohua Jia, and Lixia Zhang. 2022. CertRevoke: a certificate revocation framework for named data networking. In Proceedings of the 9th ACM Conference on Information-Centric Networking (ICN '22). Association for Computing Machinery, New York, NY, USA, 80–90. https://doi.org/10.1145/3517212.3558079
Named Data Networking (NDN) secures network communications by requiring all data packets to be signed upon production. This requirement makes usable and efficient NDN certificate issuance and revocation essential for NDN operations. In this paper, we first investigate and clarify core concepts related to NDN certificate revocation, then proceed with the design of CertRevoke, an NDN certificate revocation framework. CertRevoke utilizes naming conventions and trust schema to ensure certificate owners and issuers legitimately produce in-network cacheable records for revoked certificates. We evaluate the security properties and performance of CertRevoke through case studies. Our results show that deploying CertRevoke in an operational NDN network is feasible.