Manifest Design¶

Manifest¶

A manifest in Named Data Networking (NDN) is a specialized data packet designed to carry meta-information about groups of related data objects within a data stream. Instead of individually signing and verifying each data packet, which is computationally intensive, manifests streamline this process by bundling data object references into a single, verifiable entity.
Each manifest holds the complete names of multiple data objects, allowing subscriber applications to efficiently verify data integrity and authenticity by only needing to verify the manifest itself. This reduces computational overhead significantly, particularly beneficial in scenarios with high-frequency data production.

Manifest Format¶

The manifest format is defined as follows:

<data_stream_name>/MANIFEST/<sequence_number>

Components:

<data_stream_name> — Semantic naming structure identifying the data stream.

MANIFEST — Literal keyword distinguishing manifest objects.

<sequence_number> — Sequential number assigned to each manifest object for ordered tracking and retrieval.

Each manifest includes:

A list of full data object names, typically including prefixes and implicit digests. - The cryptographic signature of the manifest creator for authenticity and integrity.

Processing Rules¶

Producer Side¶

Data Collection :Data objects are continuously collected and named following the NDN naming convention.
Manifest Creation :Names of the collected data objects are aggregated into a manifest after reaching a predefined limit (e.g., maximum object count or elapsed time).
Signing: The manifest is cryptographically signed by the stream specific certificate that it belongs to to ensure authenticity.

Storage & Advertisement :The signed manifest is stored in the NDN repository and advertised via PSync to notify subscribers of new data availability.

Subscriber Side¶

Notification: Subscribers are informed about new manifests through PSync synchronization.
Fetch & Verify:Subscribers retrieve and verify the manifest using public key cryptography.
Retrieve Data:Data objects referenced in the manifest are fetched, and digests are computed to confirm integrity.
Decrypt Data:Subscribers obtain the associated content keys (CKs) to decrypt data objects.
Deliver to User:Verified and decrypted data is delivered to the requesting user.

Benefits¶

Reduced Computational Overhead:Only one manifest is signed and verified instead of each data packet.
Improved Efficiency:Fewer network exchanges result in lower latency and higher throughput.
Enhanced Synchronization:PSync provides efficient real-time synchronization for manifest updates.

https://gitlab.com/netlab-memphis/mguard-group/documentation/manifest