Name-based access control (NAC) over NDN provides fine-grained data confidentiality and access control by encrypting and signing data at the time of data production. NAC utilizes specially crafted naming conventions to define and enforce access control policies. NAC-ABE, an extension to NAC, uses an attribute-based encryption (ABE) scheme to support access control with improved scalability and flexibility. However, existing NAC-ABE libraries are based on ciphertext-policy ABE (CP-ABE), which requires knowledge of the access policy when encrypting data packets. In some applications, including mHealth, the data access policy is unknown at the time of data generation, while data attributes and properties are known. In this paper, we present an extension to the existing NDN-ABE library which can be used by mHealth and other applications to enforce fine-granularity access control in data sharing. We also discuss the challenges we encountered during the application deployment, and remaining open issues together with potential solution directions.
翻译:暂无翻译