Name-based access control (NAC) over NDN provides fine-grained data confidentiality and access control by encrypting and signing data at the time of data production. NAC utilizes specially crafted naming conventions to define and enforce access control policies. NAC-ABE, an extension to NAC, uses an attribute-based encryption (ABE) scheme to support access control with improved scalability and flexibility. However, existing NAC-ABE libraries are based on ciphertext-policy ABE (CP-ABE), which requires knowledge of the access policy when encrypting data packets. In some applications, including mHealth, the data access policy is unknown at the time of data generation, while data attributes and properties are known. In this paper, we present an extension to the existing NDN-ABE library which can be used by mHealth and other applications to enforce fine-granularity access control in data sharing. We also discuss the challenges we encountered during the application deployment, and remaining open issues together with potential solution directions.

翻译：基于NDN的命名访问控制（NAC）通过在数据生产时加密和签名数据，实现细粒度的数据机密性与访问控制。NAC利用特殊设计的命名约定来定义并执行访问控制策略。作为NAC的扩展，NAC-ABE采用基于属性的加密（ABE）方案，以提升可扩展性和灵活性来支持访问控制。然而，现有的NAC-ABE库基于密文策略属性基加密（CP-ABE），这要求加密数据包时已知访问策略。在某些应用（包括mHealth）中，数据生成时访问策略未知，而数据属性和特性已知。本文提出对现有NDN-ABE库的扩展，该扩展可用于mHealth及其他应用在数据共享中实施细粒度访问控制。此外，我们探讨了应用部署中遇到的挑战，以及尚未解决的问题与潜在解决方案方向。