An authentication and authorization approach for the network of knowledge architecture

Several projects propose an knowledge centric approach to the network of the future. Such an approach makes efficient content distribution possible by making knowledge retrieval host-independent and integration into the network storage for caching knowledge. Requests for particular content can, thus, be satisfied by any host or server holding a copy. One well-established approach of knowledge centric networks is the Network of Knowledge (Network knowledge architecture) architecture, the approach is based on the Publish/Subscribe model, where hosts can join a network, publish data, and subscribe to publications. The Network knowledge architecture introduces two main stages namely, the Publication and Data Retrieval through which hosts publish and retrieve data. Also, a distributed Name Resolution System (NRS) has been introduced to map the data to its Originators. The NRS is vulnerable to masquerading and content poisoning attacks through invalid data registration. Therefore, the paper proposes a Registration stage to take place before the publication and data retrieval stage. This new stage will identify and authenticate hosts before being able to access the Network knowledge architecture system. Furthermore, the Registration stage uses (cap) abilities-based access policy to mitigate the issue of unauthorized access to data objects. The proposed solutions have been formally verified using formal methods approach.