On Certificate Management in Named Data Networking

Abstract: Named Data Networking (NDN) secures network communications by requiring all data packets to be signed when produced. This requirement necessitates efficient and usable mechanisms to handle NDN certificate issuance and revocation, making these supporting mechanisms essential for NDN operations. In this paper, we first investigate and clarify core concepts related to NDN certificates and security design in general, and then present the model of NDN certificate management and its desired properties. We proceed with the design of a specific realization of NDN's certificate management, NDNCERT, evaluate it using a formal security analysis, and discuss the challenges in designing, implementing, and deploying the system, to share our experiences with other NDN security protocol development efforts.