A Systematic Analysis to Improve Versatility of Versec Trust Schema

Named Data Networking, by design, provides built-in security features to build a secured network. In NDN, every Data packet is signed at the time of production by the producer. Therefore, a data consumer can verify its legitimacy by checking the signature. However, there need to be rules about which key is authorized to sign which Data packet(s), and a trust schema defines this relationship. However, for any security tool to be used effectively, it should be user-friendly. Therefore, to ensure the proper use of trust schema, it should be easy to define and, most importantly, automated. Recently proposed Versec—a declarative language to express and restrict structural relationships between data and key names and complementary binary representation of the “compiled” schema — is a promising next step towards automation and user-friendliness of the NDN security. Versec is designed to ensure versatile security, but the primary design choices focus on local environments. However, we want to use Versec in a universal environment. Therefore, we perform a systematic analysis to decide whether the current binary encoding can achieve the versatility we desire in the present form or not. Specifically, the paper's focus is on the overall design aspect of Versec, the structure of the binary output format, and implementation details for the binary encoding. The paper also suggests two potential simplified variants of Versec binary encoding that, while providing a compact representation can overcome the limitations we identified to achieve more versatility.