BEAcM‐DP: A broadcast encryption anti‐censorship mechanism based on directory proxy

Abstract As a typical representative of the next generation Internet, named data networking (NDN) solves many problems in IP network by adopting content‐oriented architecture. However, NDN also faces with severe challenges in the aspect of name and content privacy. One important privacy threat is the name censorship. By maintaining a blacklist at the hijacked router, an attacker can filter the received interest packets with sensitive content names. To solve this problem, we propose a broadcast encryption anticensorship mechanism, which is based on directory proxy. In our design, a directory proxy is deployed in the network, which provides a periodic updated directory file to all authorized users. In the directory file, a one‐to‐one mapping list of fake names with the censored names is given. By obtaining the directory file, the authorized user can request the censored content with its fake name. In addition, the directory proxy plays the role of translating the received fake name and then retrieving the target with real name. To guarantee the reusability of retrieved contents, the directory proxy returns them to the authorized users through broadcast encryption. The users within one broadcast group can share the encrypted censored contents at nearby routers. Simulation results show that, compared with ANDaNA, this mechanism can effectively avoid censorship in the network, while ensuring the utilization of in‐network caching and reducing the request delay.