mGuard

Here are the discussion notes regarding the security bootstrapping.

Goal:

• Enabling md2k data consumers and the mguard controller communicating securely.
• The mguard controller here refers to an NDN entity that consists of Attribute Authority, Data Publisher and Trust Zone Controller as logical modules.

Assumption:

1. md2k data consumers have already obtained identities from other trust zones.

Requirements:

1. The mguard controller and md2k data consumers need to mutually authenticate each other.
2. md2k data consumers need to accept mguard controller's self-signed certificate as its trust anchor.
3. md2k data consumers need to obtain certificate that can be used to represent the identity inside the mguard trust zone.
4. md2k data consumers need to obtain trust policies in mguard trust zone so that it can validate mguard controller's Data.
5. mguard controller need to obtain trust policies in md2k data consumers' trust zones so that it can validate md2k data consumer's certificate.

Initial Design for the Testbed Deployment Scenario

1. md2k data consumers obtain identities and Testbed certificate through Testbed NDNCERT system.
2. md2k data consumers authenticate mguard controller through software installation. md2k data users obtain the software distribution point from out-of-band shared git URL and download through HTTPS. The software package embeds the trust policies together with the mguard controller's self-signed certificate, which is also the mguard trust zone's trust anchor.
3. md2k data consumers obtain mguard trust zone's trust anchor and trust policies as above described.
4. mguard controller obtains Testbed trust policies and trust anchor through manual configuration.