Blockchain-based Decentralized Public Key Management for Named Data Networking

Named Data Networking (NDN) uses public-key based identities and trust models to achieve data-centric security. Each NDN data packet is signed by its producer, and any data consumer can check the data integrity and authenticity by following a chain of trust to verify that the data is signed by a public key associated with the data producer. Such trust chains typically end at an application-specific trust anchor whose public key is either preconfigured into the software package or can be verified through some means outside the application. As these trust anchors play a critical role in ensuring the security of NDN applications, it is highly desirable to develop a public key management system to register, query, update, validate, and revoke their public keys. However, traditional public key management system such as Public Key Infrastructure (PKI) and Web-of-Trust (WoT) suffer from various problems. In this paper, we propose BC-PKM, a public key management system for NDN that takes advantage of the decentralized and tamper-proof design features of Blockchains. We further prove that BC-PKM can resist a variety of attacks from adversaries that compromise less than half of the public key miners. Moreover, we demonstrate a prototype that implements the proposed API of BC-PKM.