1. Field
This disclosure is generally related to data security. More specifically, this disclosure is related to secure synchronization of collections in a network using exact match names.
2. Related Art
In many computing applications, it is often important for peers on a network to synchronize their respective collections of data. The proliferation of digital content creates a vast number of collections which require reconciliation. Content-Centric Network (CCN) architectures have been designed to facilitate accessing and processing such digital content. A CCN includes entities, or nodes, such as network clients, forwarders (e.g., routers), and content producers, which communicate with each other by sending “interest” packets for various content items and receiving “content object” packets in return. CCN interests and content objects are identified based on a unique name, which is typically a hierarchically structured variable length identifier (HSVLI) comprising contiguous name components ordered from a most general level to a most specific level.
In many computing applications, it is often important for devices in a network to express interests for their respective collections of data. The proliferation of digital content creates a vast number of collections which require reconciliation. CCN architectures have been designed to facilitate accessing such digital content. These networks include entities, or nodes, such as network clients, forwarders (e.g., routers and switches), and content producers, which communicate with each other by sending “interest” packets for various content items and receiving “response” packets comprising content objects in return. Unlike a traditional Internet Protocol (IP) network, where an object is tied to its location and its IP address, the content objects in a CCN are identified based on a specific name, which is location-independent and typically is an HSVLI.
For example, a border router that is connected to multiple areas of a computer network can subscribe to namespaces for those areas (e.g., “Area 1” and “Area 2”). Other routers that are not border routers may only subscribe to a single area. This way, a router that subscribes to the namespace “Area 1” only obtains network-configuration items for Area 1, and a router that subscribes to the namespace “Area 2” only obtains network-configuration items for Area 2. The border router that subscribes to both namespaces can obtain network-configuration items for Area 1 and Area 2.
Because a network-configuration item's structured name is unique and persistent, a node in a CCN can generate a hash value for each network-configuration item based on the structured name, without having to process the data for each content item. The node can also generate an additive hash for each routing-data collection, based on the hashes for the individual network-configuration items of a routing-data collection, so that the additive hash represents the contents of the routing-data collection. For example, the node can generate the additive hash by using an addition operation (or some other mathematical function) to process the hashes for the individual network-configuration items of the routing-data collection.
A typical CCN synchronization protocol uses a longest-prefix match method, where an interest in “/parc/events/” matches both “/parc/events/calendar.txt” and “/parc/events/conference.txt.” As CCN architectures evolve, the synchronization protocol also evolves to allow the use of exact name match, rather than the current longest-prefix match. During synchronization, a node hosting a collection advertises the collection using its name. Any other node needing to synchronize the collection sends a request with the exact name and receives a response back comprising the collection. However, an adverse node can send a malicious advertisement. As a result, the node receiving the advertisement needs assurance that the advertisement is a valid one. Though CCN brings many desirable features to a network, some issues remain unsolved for secure synchronization of collections.