Border property validation for named data networks

摘要

One embodiment provides a system for distributing packets within a trust domain. During operation, the system receives, by an ingress node in the trust domain, a message. The system creates a property vector for the message, where the property vector indicates a number of properties that have been determined for the message. The system generates a first authenticator for the message based on the property vector and a secret key shared by a plurality of nodes in the trust domain. The system transmits the message, the property vector, and the first authenticator to another node in the trust domain, thereby facilitating secure and efficient distribution of messages within the trust domain without requiring intermediate nodes to determine the properties indicated in the property vector.

主权项

1. A computer-implemented method for distributing packets, the method comprising:
receiving, by an ingress node in a content-centric network (CCN) trust domain, a message associated with a name that is a hierarchically structured variable-length identifier comprising contiguous name components ordered from a most general level to a most specific level; verifying a property of the received message; creating a property vector for the message, which includes adding a vector entry indicating that the property of the received message has been verified; generating a first authenticator for the message based on the property vector and a secret key shared by a plurality of nodes in the trust domain; and transmitting the message, the property vector, and the first authenticator to another node in the trust domain, thereby facilitating secure and efficient distribution of messages within the trust domain without requiring intermediate nodes to determine the property indicated in the property vector.