資料命名網路是資料核心網路架構的其中一種，該架構的核心概念在於資料本身而非其位址，因此在資料命名網路中，使用者可以在未得知檔案位址的情況之下輕易地發送出資料請求封包來獲取目標檔案。儘管如此，資料命名網路為新穎的網路架構，因此目前仍有尚待解決之議題。綜觀現有的研究文獻，欲達到針對每一個使用者進行權限控管並且同時支援潛在接收者的安全機制尚未被提出，所以我們提出了符合資料命名網路基本特性 (資料私密性、潛在接收者以及移動性) 之精細權限控管機制。除此之外，與先前的研究相較之下，此機制達到在 DBDH 假設之下的可證明安全性。

NDN is one of the most promising Informat-ion-Centric Networking (ICN) architectures, where the core concept is to focus on the named data (or contents) themselves. Users in NDN can easily send a request packet to get the desired content regardless of its address. The routers in NDN have cache functionality to make the users instantly retrieve the desired file. Thus, the user can immediately get the desired file from the nearby nodes instead of the remote host. Nevertheless, NDN is a novel proposal and there are still some open issues remained to be solved. In view of the previous researches, it is a challenge to achieve access control on a specific user and support potential receivers simultaneously. In order to solve it, we present a fine-grained access control mechanism tailored for NDN, supporting data confidentiality, potential receivers and mobility. Compared to the previous works, this is the first work to support fine-grained access control and potential receivers. Furthermore, the proposed scheme achieves provable security under the DBDH assumption.

[論文審定書 + i]
[Acknowledgements + iv]
[Abstract + v]
[List of Figures + ix]
[List of Tables + x]
[Chatper 1 Introduction + 1]
[1.1 Organization + 3]
[Chatper 2 Preliminaryies + 4]
[2.1 Named Data Network + 4]
[2.2 The Architecture of Name Data Network + 5]
[2.3 Bilinear Mapping + 10]
[2.4 Identity-Based Cryptography + 10]
[2.5 Complexity Assumption + 12]
[Chapter 3 Related Works + 13]
[3.1 Hamdane et al.’s Scheme (2012) + 13]
[3.2 Hamdane et al.’s Scheme (2013) + 16]
[3.3 Hamdane et al.’s Scheme (2015) + 17]
[3.4 Fan et al.’s Scheme (2016) + 21]
[Chapter 4 Our Construction + 25]
[4.1 Overview + 25]
[4.2 The Proposed Scheme + 26]
[4.2.1 Setup ( λ) + 26]
[4.2.2 Joining (param;MK; ID_i) + 26]
[4.2.3 Encrypt-upload (param; ID_p;m) + 27]
[4.2.4 Encrypt (param; ID_i;m) + 27]
[4.2.5 Decrypt (param; d_{ID_i} ;CT) + 28]
[4.2.6 Authorizing + 28]
[Chapter 5 Security Models and Proofs + 29]
[5.1 Security Model + 29]
[5.2 Security Proofs + 30]
[Chapter 6 Comparisons + 36]
[6.1 Properties Comparison + 36]
[6.2 Performance Comparison + 38]
[Chapter 7 Conclusion + 39]
[Bibliography + 40]

[1] D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. In Proceedgins of Advances in Cryptology CRYPTO 2001, pages 213–229, 2001.
[2] Xavier Boyen. Multipurpose identity-based signcryption. In Proceedings of Advances in Cryptology CRYPTO 2003, pages 383–399. Springer Berlin Heidelberg, 2003.
[3] Wei Koong Chai, Diliang He, Ioannis Psaras, and George Pavlou. Cache “less for more” in information-centric networks. In IFIP’12 Proceedings of the 11th international IFIPTC 6 conference on Networking - Volume Part I, pages 27–40. ACM, 2012.
[4] Basil Etfia, Mario Gerla, and Lixia Zhang. Supporting military communications with
named data networking: An emulation analysis. In Proceedings of MILCOM 2012 MILITARY COMMUNICATIONS CONFERENCE, pages 1–6, 2012.
[5] Chun-I Fan, I-Te Chen, Chen-Kai Cheng, Jheng-Jia Huang, and Wen-Tsuen Chen. Ftpndn: File transfer protocol based on re-encryption for named data network supporting non-designated receivers. IEEE Systems Journal, 2016.
[6] Craig Gentry and Alice Silverberg. Hierarchical id-based cryptography. In Proceedings of Advances in Cryptology — ASIACRYPT 2002, pages 548–566. Springer Berlin Heidelberg, 2002.
[7] J. T. Philippe Golle and D. Smetters. Ccnx access control specifications. In Technical report. Xerox Palo Alto Research Center-PARC, 2010.
[8] Giulio Grassi, Davide Pesavento, Lucas Wang, Giovanni Pau, Rama Vuyyuru, Ryuji Wakikawa, and Lixia Zhang. Vehicular inter-networking via named data. In ACM SIGMOBILE Mobile Computing and Communications, pages 23–24. ACM, 2013.
[9] Balkis Hamdane and Sihem Guemara El Fatmi. A credential and encryption based access control solution for named data networking. In IFIP/IEEE International Symposium on Integrated Network Management (IM), pages 1234–1237. IEEE, 2015.
[10] Balkis Hamdane, Ahmed Serhrouchni, Ahmad Fadlallah, and Sihem Guemara El Fatmi. Named-data security scheme for named data networking. In 2012 Third International Conference on the Network of the Future (NOF), pages 1–7. IFIP - IEEE, 2012.
[11] Balkis Hamdane, Ahmed Serhrouchni, and Sihem Guemara El Fatmi. Access control enforcement in named data networking. In Proceedings of 8th International Conference for Internet Technology and Secured Transactions (ICITST), pages 576–581. IEEE, 2013.
[12] Van Jacobson. A new way to look at networking. Google Talk, 2006.
[13] Van Jacobson, Diana K. Smetters, James D. Thornton, Michael F. Plass, Nicholas H. Briggs, and Rebecca L. Braynard. Networking named content. In Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies, pages 1–12. ACM, 2009.
[14] Neal Koblitz, Alfred Menezes, and Scott Vanstone. The state of elliptic curve cryptography. In Designs, Codes and Cryptography, pages 173–193, 2000.
[15] Allison Lewko, Amit Sahai, and BrentWaters. Revocation systems with very small private keys. In Proceedings of IEEE Symposium on Security and Privacy (SP), pages 273–285. IEEE, 2010.
[16] P. Mahadevan. Ccnx 1.0 tutorial. In Technical report. Xerox Palo Alto Research Center-PARC, 2014.
[17] Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of applied cryptography. In CRC Press. Inc. Boca Raton, 2001.
[18] Ioannis Psaras, Wei Koong Chai, and George Pavlou. Probabilistic in-network caching for information-centric networks. In ICN ’12 Proceedings of the second edition of the ICN workshop on Information-centric networking, pages 55–60. ACM, 2012.
[19] Michael Scott. Implementing cryptographic pairings. In Proceedings of the Pairing-Based Cryptography, pages 177–196, 2007.
[20] Adi Shamir. Identity-based cryptosystems and signature schemes. In Proceedings of Advances in Cryptology (Santa Barbara, Calif., 1984), pages 47–53. Springer, Berlin, 1985.
[21] Diana K. Smetters and Van Jacobson. Securing network content. In Technical report. PARC, 2009.
[22] Brent Waters. Dual system encryption: Realizing fully secure ibe and hibe under simple assumptions. In Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology CRYPTO 2009, pages 619–636. Springer, Heidelberg, 2009.
[23] George Xylomenos, Christopher N. Ververidis, Vasilios A. Siris, Nikos Fotiou, Christos
Tsilopoulos, Xenofon Vasilakos, Konstantinos V. Katsaros, and George C. Polyzos. A
survey of information-centric networking research. In Proceedings of IEEE Communications Surveys and Tutorials, pages 1024–1049. IEEE, 2014.
[24] Lixia Zhang, Deborah Estrin, Jeffrey Burke, Van Jacobson, James D. Thornton, and Diana K. Smetters. Named data networking(ndn) project. In Technical report, pages ndn–0001. PARC, 2010.
[25] Yanchao Zhang, Wei Liu, Wenjing Lou, and Yuguang Fang. Securing mobile ad hoc networks with certificateless public keys. In IEEE Transactions on Dependable and Secure Computing, pages 386–399. IEEE, 2006.