Towards Privacy-assured Network-assisted Content Dissemination

Description

To handle the exponential growth of content dissemination, many emerging networkarchitectures along the direction of Information-Centric Networking have beenproposed. Among them, one common trend is in-network content caching, by storingdata in advanced network devices such as cache-enabled routers. The resulting benefits,including redundant network-wide traffic elimination and reduced content accesslatency, are well appreciated. However, due to the potentially wide attacking surfaces,caching data content in the increasingly untrustworthy networked environmentinevitably raises new concerns on user privacy exposure and unauthorized data access.Simply encrypting the data before distribution is unsatisfying, as it would diminish thebenefits of in-network caching by preventing network devices from accessing the datathey need to inspect for their job. Existing encrypted protocols, such as HTTPS, either donot fully leverage in-network caching, or require decrypting the traffic in the middle,which violates the end-to-end security.To address these limitations, we propose to design a new networked system for secureand efficient content dissemination through encrypted in-network caching. Forguaranteed confidentiality, we plan to encrypt all data content before distribution andkeep them encrypted when cached in the network. To achieve the benefits of caching, wewill further enable the network to securely identify and locate the cached encrypted datawithout revealing the plaintext requests or underlying content. Specifically, we plan to 1)design a compact, high-performance, yet encrypted content fingerprint index, whichaims to provide the network with fully-controlled search capability over encrypted in-networkcache, and 2) thoroughly explore its in-network deployment for building full-fledgednetwork-assisted content dissemination. To move one-step further towardspractice, we will consider the effective support of content dissemination from multipleproviders to authorised users, and study how to efficiently enable authorised searchacross encrypted in-network content from multiple providers under their own differentkeys. To broaden the applications of our architecture, we plan to support advancedcontent-aware data dissemination scenarios by incorporating the content similaritydetection into our encrypted in-network cache system. Our goal is to securely andeffectively handle the generation/transmission of large amount of redundant data. Theproposed research will greatly contribute to the roadmap of emerging Internetarchitectures and secure network function outsourcing. It provides guaranteedconfidentiality against attackers with full access to in-network devices. The results canbe easily adopted by content-intensive applications, including cloud social media, genericvideo/image distributions, and others.