Abstract: A system performs a setup function which outputs a master secret key associated with a content producing device and public parameters. The system generates a secret key for a user in a content centric network (CCN) based on a master secret key associated with the content producing device, and a schema associated with the user. In response to an interest from the user that includes a name that matches the schema, the system encrypts a payload of a content object based on the name and the public parameters. The system transmits the content object to the user. The encrypted payload is configured such that it can only be decrypted by the secret key of the user and cannot be decrypted by the user if the name in the interest does not match the schema, thereby facilitating schematized access control to content objects in the CCN.

Abstract: One embodiment provides a transport stack updating system that facilitates updating a component of a transport stack of a computer system. During operation, the system sets, by a component of the transport stack, a state of the component as quiesced in response to receiving a pause message. A component in the quiesced state is precluded from processing an interest or a content object. The system determines whether the pause message triggers a rejection passes an acknowledgment message of the pause message up the transport stack. The acknowledgment message indicates that the pause message has been successfully processed by a respective component of the transport stack.

Abstract: One embodiment provides a system that facilitates efficient communication based on a forwarding information base (FIB). The system receives, by an intermediate node, a first interest which includes a name and maximum interest information which indicates whether to forward a subsequent interest with a same name prefix as the first interest. In response to obtaining a first entry from a FIB based on the name for the first interest, the system adds to the first entry, for an outgoing interface corresponding to an arrival interface of the first interest, the maximum interest information included in the first interest as an interest limit for the first entry. In response to determining that the interest limit for the first entry is reached, the system refrains from forwarding the subsequent interest, thereby facilitating the intermediate node to manage traffic based on information in the forwarding information base provided by a content producer.

Abstract: One embodiment provides a system that facilitates mutating and caching content in a CCN. During operation, the system receives, by an intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level. The system re-encrypts the content object based on the encrypted payload and the parameter to obtain a new encrypted payload and a new signature, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload. The system transmits the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object and verify the new signature.

Abstract: A CCN network node use reputation values for one or more interfaces to determine how to forward an Interest. During operation, the network node can receive an Interest or Content Object via a network interface, determines one or more candidate outbound faces for forwarding the Interest by performing a longest-prefix-matching lookup in a forwarding information base (FIB) using the Interest's name or name prefix as input. A respective FIB entry maps a name prefix to a forwarding rule that includes a corresponding outbound face for the name prefix. The node can determine a reputation value for each of the candidate outbound faces based on reputation information stored in association with the Interest's name or name prefix, and selects a candidate outbound face with a reputation value exceeding a first predetermined threshold. The node can then forward the received Interest via the selected outbound face.

Abstract: One embodiment provides a system that facilitates secure communication between computing entities. During operation, the system generates a first interest that indicates a vote for a value associated with a group prefix and a round number. In response to the first interest, the system receives a first content object that indicates an acknowledgment of the vote and has a payload that includes a nonce validator. In response to a second interest that indicates an acknowledgment of the first content object, the system receives a second content object that indicates a decision for the value and has a payload that includes a nonce which is used as a pre-image of the nonce validator. The system verifies the second content object based on the nonce and the nonce validator.

Abstract: A replica management system facilitates maintaining a distributed and fault-tolerant state for a variable over an Information Centric Network (ICN) by replicating the variable across a set of ICN nodes. During operation, a variable-hosting ICN node can receive an Interest that includes a value-updating command for a replica instance of the variable, current values for a set of replicas of the variable, and a new value for the variable. The ICN node can determine, based on the current values for the set of replica variables, whether the current value for the local replica variable is an authoritative value. If so, the ICN node updates the local replica variable to the new value. However, if the current local value is not the authoritative value, the ICN node rolls back a state of the local replica variable to a previous state, and updates the local replica variable to the new value.

Abstract: One embodiment provides a system that facilitates content closures in a CCN. During operation, the system generates, by a client computing device, an initial interest with a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level, wherein the initial interest indicates a request for a result of a computation. The system receives from a content producing device a content object which indicates a function that outputs the requested result and data to be used as input to the function. The system performs the function based on the indicated data, which outputs the requested result, thereby facilitating a content producing device to offload computation of the function to the client computing device.

Abstract: One embodiment provides a system that facilitates secure communication between computing entities. During operation, the system generates a first interest that indicates a vote for a value associated with a group prefix and a round number. In response to the first interest, the system receives a first content object that indicates an acknowledgment of the vote and has a payload that includes a nonce validator. In response to a second interest that indicates an acknowledgment of the first content object, the system receives a second content object that indicates a decision for the value and has a payload that includes a nonce which is used as a pre-image of the nonce validator. The system verifies the second content object based on the nonce and the nonce validator.

Abstract: One embodiment provides an interface discovery system that facilitates interface discovery and authentication. During operation, the system receives a message from an unregistered interface via a local interface of a link adapter. The message can include a name. If the system determines that a source identifier of the message is not configured for a channel, the system generates a control message comprising the source identifier and an identifier of the local interface and sends the control message via a transport stack of the system.

Abstract: A replica management system facilitates maintaining a distributed and fault-tolerant state for a variable over an Information Centric Network (ICN) by replicating the variable across a set of ICN nodes. During operation, a variable-hosting ICN node can receive an Interest that includes a value-updating command for a replica instance of the variable, current values for a set of replicas of the variable, and a new value for the variable. The ICN node can determine, based on the current values for the set of replica variables, whether the current value for the local replica variable is an authoritative value. If so, the ICN node updates the local replica variable to the new value. However, if the current local value is not the authoritative value, the ICN node rolls back a state of the local replica variable to a previous state, and updates the local replica variable to the new value.

Abstract: One embodiment provides a system for facilitating efficient communication of an interest group packet indicating a collection of interests. During operation, the system receives, by an intermediate node, a first packet which has a name and indicates a set of member interests, wherein a member interest has a name, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. In response to obtaining a content object which satisfies a member interest, the system removes the indicated member interest from the first packet. The system adds an entry in a pending interest table for the first packet, wherein the entry indicates the name for the first packet, the name for each member interest, and an indicator of whether each member interest is satisfied. The system transmits the first packet to another node.

Abstract: One embodiment provides a system for facilitating efficient communication of an interest group packet indicating a collection of interests. During operation, the system receives, by an intermediate node, a first packet which has a name and indicates a set of member interests, wherein a member interest has a name, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. In response to obtaining a content object which satisfies a member interest, the system removes the indicated member interest from the first packet. The system adds an entry in a pending interest table for the first packet, wherein the entry indicates the name for the first packet, the name for each member interest, and an indicator of whether each member interest is satisfied. The system transmits the first packet to another node.

Abstract: One embodiment provides a system that facilitates efficient communication based on a forwarding information base (FIB). The system receives, by an intermediate node, a first interest which includes a name and maximum interest information which indicates whether to forward a subsequent interest with a same name prefix as the first interest. In response to obtaining a first entry from a FIB based on the name for the first interest, the system adds to the first entry, for an outgoing interface corresponding to an arrival interface of the first interest, the maximum interest information included in the first interest as an interest limit for the first entry. In response to determining that the interest limit for the first entry is reached, the system refrains from forwarding the subsequent interest, thereby facilitating the intermediate node to manage traffic based on information in the forwarding information base provided by a content producer.

Abstract: One embodiment provides a system that facilitates dynamic adjustment of forwarding information in a CCN. During operation, the system receives, by forwarding circuitry, an interest with a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level. The system identifies in a first data structure an entry for one or more name components of the name, wherein the entry includes a list of outgoing interfaces associated with the one or more name components. The system determines network properties in response to forwarding the interest to a first interface of the list. The system reorders the list in order of priority based on the network properties, thereby facilitating the forwarding circuitry to dynamically adjust a likelihood of using a respective interface for forwarding interests associated with the one or more name components.

Abstract: A network-configuring system creates stable virtual interfaces for groups of neighboring network nodes. During operation, the system can obtain network-neighborhood information from one or more network neighbors. This network-neighborhood information includes duplex-neighborhood information that indicates at least a set of neighboring devices to the network neighbor, and a set of remote network nodes which are accessible via a respective neighbor. The system can use the network-neighborhood information to determine one or more groups of network neighbors with common network characteristics, such that a respective group includes one or more mutually-connected network peers. The system can then define a virtual interface for a respective group of stable network neighbors, such that the virtual interface's member nodes include the local network node and the respective group's mutually-connected network peers.

Abstract: One embodiment provides a system that facilitates efficient management of a forwarding information base (FIB). During operation, the system receives, by an intermediate node, a first interest which includes a name and a condition for removing a first entry from a FIB, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. In response to obtaining the first entry from the FIB based on the name for the first interest, the system adds to the first entry the condition included in the first interest as a lifetime value for the first entry. In response to determining that the lifetime value is satisfied, the system removes the first entry from the FIB, thereby facilitating the intermediate node to efficiently manage the FIB based on information provided by a content producing device.

Abstract: An identity management and initialization scheme, along with a naming scheme for a transport stack and its components, facilitates directly addressing each component in the transport stack. During operation, the system receives, by a forwarder, a packet that corresponds to an interest, where the interest includes a name. In response to determining that the interest is destined for a component of a stack of communication modules, the forwarder sends the interest to the destined component based on the name for the interest, where the stack does not require a respective communication module to communicate only with a layer above or below thereof. In response to determining that the interest is not destined for a component of the stack, the forwarder sends the interest to a network element based on the name for the interest. This facilitates directly addressing individual components of the stack.

Abstract: One embodiment provides a system that facilitates routable prefix queries in a CCN. During operation, the system generates, by a client computing device, a query for one or more indices based on a name for an interest, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. An index indicates a number of the contiguous name components beginning from the most general level that represent a routable prefix needed to route the interest to a content producing device that can satisfy the interest. In response to the query, the system receives the one or more indices, which allows the client computing device to determine a remaining number of name components of the interest name which can be encrypted, thereby facilitating protection of private communication in a content centric network.

Abstract: One embodiment provides a system that facilitates querying of historical network information. During operation, the system generates a query for historical information associated with interest and content object packets, wherein a name for an interest is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level, wherein the query is based on a name prefix that includes one or more contiguous name components. The system transmits the query to a responding entity. In response to receiving the historical information from the responding entity, the system performs an operation that increases network efficiency based on the historical information, thereby facilitating a protocol for querying the historical information to increase network efficiency.