Project

General

Profile

History

Wiki » Design Elements »

Trust Model » History » Revision 6

Revision 5 (Suravi Regmi, 11/25/2025 05:27 PM) → Revision 6/9 (Suravi Regmi, 11/25/2025 05:29 PM) 

# Trust Model 

 ## Signing chain 

 ![](cert signing chain.png) 

 --- 


 ## Trust Model 
 ![trust anchor](Group 71.png) 

 ---- 

 ### Component identities 


 ## 1. Root Identity 

 **Root / Site CA** 
 **Identity:** `/ndn/md2k` 
 **Type:** Self-signed root CA 
 **Trust Anchor:** `md2k-trust-anchor.ndncert` 

 All components ultimately chain to this root.   
 Consumers load this file so they can trust any certificate issued under `/ndn/md2k`. 

 --- 

 **Identities Signed by the Root CA** 

 The root `/ndn/md2k` signs: 

 - `/ndn/md2k/mguard/controller` 
 - `/ndn/md2k/mguard/aa` 
 - `/ndn/md2k/mguard/dd40c` (producer) 
 - All consumer identities (example: `/ndn/md2k/adam`) 

 --- 

 **Stream Identities Signed by the Producer** 

 The producer identity `/ndn/md2k/mguard/dd40c` signs all stream identities: 

 - `/ndn/md2k/mguard/dd40c/phone/accelerometer` 
 - `/ndn/md2k/mguard/dd40c/phone/gyroscope` 
 - `/ndn/md2k/mguard/dd40c/phone/gps` 
 - `/ndn/md2k/mguard/dd40c/phone/battery` 
 - `/ndn/md2k/mguard/dd40c/data_analysis/gps_episodes_and_semantic_location` 

 These stream identities are used to sign **manifests**, **encrypted DATA**, and **CK packets**. 

 The producer must now serve the certificates for these streams   
 (interest filter on each stream's certificate prefix). 

 --- 

 **Producer Behavior** 

 Producer validates: 
 - AA public parameters (`/aa/PUBPARAMS`) 

 Producer signs: 
 - Stream manifests (RSA) using stream identity certificates   
 - CK packets (digest)   
 - Encrypted data (digest) 

 Producer serves: 
 - Producer certificate   
 - All stream certificates   

 Producer no longer signs manifests with its own identity;   
 manifests are now signed by stream identities. 

 --- 

 **Consumer Behavior** 

 The consumer performs the most validation. 

 Consumer validates: 
 - AA parameters (RSA) 
 - DKEY segments (RSA) 
 - Controller POLICYDATA (RSA) 
 - Stream manifests (RSA) 
 - CK packets (digest) 
 - Encrypted data segments (digest) 

 All rules validated using the consumers trust schema. 

 Consumer decrypts: 
 1. Encrypted application DATA → extract CK name   
 2. Fetch CK → decrypt with DKEY   
 3. Decrypt DATA using CK 


 The consumer uses three rules: 

 1. **AA public parameters and DKEY validation**   
    `/ndn/md2k/mguard/aa/*` signed by AA (RSA), chaining to root. 

 2. **Controller POLICYDATA replies**   
    `/ndn/md2k/mguard/controller/*` signed by controller (RSA), chaining to root. 

 3. **Stream and producer content**   
    `/ndn/md2k/mguard/dd40c/*`   
    Allows: 
    - `sha256` (digest) for encrypted DATA, CK, metadata   
    - `rsa-sha256` for manifests, stream certs   
    KeyLocator must be a prefix of the Data name. 

 All validations ultimately chain back to `/ndn/md2k`.