Project

General

Profile

Actions
History

Wiki » Design Elements »

Trust Model » History » Revision 7

« Previous | Revision 7/9 (diff) | Next »
Suravi Regmi, 11/25/2025 05:29 PM

Trust Model

Signing chain

Trust Model

trust anchor

Component identities

Root / Site CA
Identity: /ndn/md2k
Type: Self-signed root CA
Trust Anchor: md2k-trust-anchor.ndncert

All components ultimately chain to this root.

Consumers load this file so they can trust any certificate issued under /ndn/md2k.

Identities Signed by the Root CA

The root /ndn/md2k signs:

  • /ndn/md2k/mguard/controller
  • /ndn/md2k/mguard/aa
  • /ndn/md2k/mguard/dd40c (producer)
  • All consumer identities (example: /ndn/md2k/adam)

Stream Identities Signed by the Producer

The producer identity /ndn/md2k/mguard/dd40c signs all stream identities:

  • /ndn/md2k/mguard/dd40c/phone/accelerometer
  • /ndn/md2k/mguard/dd40c/phone/gyroscope
  • /ndn/md2k/mguard/dd40c/phone/gps
  • /ndn/md2k/mguard/dd40c/phone/battery
  • /ndn/md2k/mguard/dd40c/data_analysis/gps_episodes_and_semantic_location

These stream identities are used to sign manifests, encrypted DATA, and CK packets.

The producer must now serve the certificates for these streams

(interest filter on each stream's certificate prefix).

Producer Behavior

Producer validates:

  • AA public parameters (/aa/PUBPARAMS)

Producer signs:

  • Stream manifests (RSA) using stream identity certificates
  • CK packets (digest)
  • Encrypted data (digest)

Producer serves:

  • Producer certificate
  • All stream certificates

Producer no longer signs manifests with its own identity;

manifests are now signed by stream identities.

Consumer Behavior

The consumer performs the most validation.

Consumer validates:

  • AA parameters (RSA)
  • DKEY segments (RSA)
  • Controller POLICYDATA (RSA)
  • Stream manifests (RSA)
  • CK packets (digest)
  • Encrypted data segments (digest)

All rules validated using the consumers trust schema.

Consumer decrypts:

  1. Encrypted application DATA → extract CK name
  2. Fetch CK → decrypt with DKEY
  3. Decrypt DATA using CK

The consumer uses three rules:

  1. AA public parameters and DKEY validation

    /ndn/md2k/mguard/aa/* signed by AA (RSA), chaining to root.

  2. Controller POLICYDATA replies

    /ndn/md2k/mguard/controller/* signed by controller (RSA), chaining to root.

  3. Stream and producer content

    /ndn/md2k/mguard/dd40c/*

    Allows:

    • sha256 (digest) for encrypted DATA, CK, metadata
    • rsa-sha256 for manifests, stream certs
      KeyLocator must be a prefix of the Data name.

All validations ultimately chain back to /ndn/md2k.

Updated by Suravi Regmi 20 days ago · 9 revisions