Security verification framework for NDN access control

Named Data Networking (NDN) presents a promising alternative to TCP/IP, but its access control design poses challenges for cybersecurity. Addressing this, the paper introduces the Security Verification Framework for NDN Access Control (SVF-NDN). This framework employs formal analysis to assess access control schemes, evaluating their resilience against cyberattacks. SVF-NDN verifies five crucial security properties-deadlock freedom, data availability, key authentication, data leakage protection, and data access protection. Implemented using the PAT model checking tool, the framework focuses on a data encryption-based NDN access control. Uncovering vulnerabilities such as node key pair faking and data leakage, two enhancement methods are proposed and evaluated. Recognizing the potential compromise of Access Control Manager (ACM), an innovative solution is presented. Additionally, four algorithms streamline the automatic updating of formal models. Results indicate SVF-NDN’s efficacy in fortifying access control against cyber threats, offering valuable insights for bolstering NDN security.