SNDS

Secure Named Data Sharing

Coach Name

Marc Sanso

EU Organization

Athens University of Economics and Business (AUEB), Greece

Members

  • George XYLOMENOS
  • Yannis THOMAS
  • Iakovos PITTARAS
  • Vasilis KALOS
  • Athanasia Maria PAPATHANASIOU
  • Chalima Dimitra Nassar KYRIAKIDOU
  • Fotios BISTAS

US Organization

University of Memphis (UMemphis), USA

Members

  • Christos PAPADOPOULOS

Project Overview

The SNDS project is developing a secure, scalable content delivery and storage system based on Named Data Networking (NDN), with the primary goal of supporting distributed data spaces for seamless, secure content exchange. The architecture enables query-based content retrieval and decentralized access control, which is ideal for applications that require privacy-preserving and resilient data delivery, such as Internet of Things (IoT) deployments and smart city networks.

SNDS uses a unique data brokering service over NDN, incorporating enhanced security mechanisms through Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to ensure content integrity, authenticity, and fine-grained access control.

This architecture allows data to be exchanged efficiently, securely, and with minimal reliance on centralized systems, making it a sustainable, privacy-respecting alternative for data-centric applications.

SNDS is a collaboration between the Mobile Multimedia Laboratory at the Athens University of Economics and Business in Greece and the University of Memphis in the US. The EU partner contributed the design and implementation of SNDS, focusing on decentralization and privacy, while the US partner contributed the use cases and its deep knowledge of the NDN protocols, focusing on efficiency.

Methods and approaches

NDN-Based Data Spaces Integration

SNDS extends the NDN protocol with flexible queries compatible with the NGSI-LD API, facilitating efficient data retrieval and supporting advanced queries based on content types and attribute values. The integration provides data producers and consumers with a uniform interface, bridging NDN with traditional IP-based systems. This structure supports secure and privacy-focused data sharing within a data space, including caching and native multicast functionalities for bandwidth-efficient delivery.

Zero-Knowledge Proofs for Selective Content Disclosure

SNDS introduces a selective revelation mechanism, enabling users to share only authorized pieces of their data with specific consumers. By implementing Zero-Knowledge Proofs (ZKPs) with BBS+ digital signatures, SNDS can provide different subsets of the same content depending on consumer permissions, while maintaining privacy and content integrity.

Decentralized Security through DIDs and VCs

Content authenticity and secure access in SNDS are managed through DIDs and VCs, providing cryptographic assurance that each data request and retrieval adheres to the content owner’s defined permissions. This method enables users to maintain control over their data across diverse applications, with enhanced privacy safeguards, by avoiding the need for centralized identity providers.

Digital Twin (DT) Integration for IoT Compatibility

SNDS introduces Digital Twins for IoT devices, allowing data to be collected, managed, and shared securely. Digital Twins serve as proxies for intermittently connected devices, securely managing data through cryptographic attestations. This is particularly beneficial in IoT applications like smart cities, where sensors and devices are frequently mobile and have limited connectivity.

Key Achievements

Deployment of NGSI-LD-Compliant NDN Data Space Interface

SNDS successfully deployed an NDN-backed data brokering service that supports NGSI-LD queries over a networked data space on the worldwide NDN testbed. This feature allows NDN to function as a reliable underlay for data spaces, enhancing data interoperability and control across decentralized systems without compromising security.

Implementation of Advanced Security and Privacy Controls

By integrating DIDs, VCs, and selective content disclosure mechanisms, SNDS establishes robust privacy-preserving controls, securing content exchanges without sacrificing data availability. This framework empowers data owners to regulate access based on ZKP-verified credentials, offering granular control over sensitive data.

Public and Open-Source Code Contributions

SNDS has made its core modules available as open-source software, including its NDN-to-NGSI-LD gateway and selective disclosure mechanisms. This contribution supports broader adoption of secure data spaces and NDN technologies, with potential applications across various sectors.

Impact & Results

Scientific Impact

SNDS advances content-centric networking by providing a query-enabled, decentralized data space over NDN. Its integration of digital identities and content security mechanisms sets a precedent for secure, resilient content distribution in a fully decentralized manner, highlighting how NDN can serve as a scalable and privacy-respecting alternative to centralized content delivery networks.

Environmental Impact

By leveraging NDN’s native multicast and caching capabilities, SNDS reduces energy consumption in content distribution, avoiding repetitive long-distance data transfers. Additionally, selective content revelation enables efficient storage and retrieval, as cached data can serve multiple requests, without regenerating or re-encrypting content separately for each consumer.

Economic Impact

SNDS democratizes access to secure, decentralized data spaces, enabling smaller providers to manage and distribute content securely, without high infrastructure costs. By bypassing traditional centralized CDN solutions, SNDS offers a viable alternative for entities seeking control over their data, facilitating market entry for smaller providers.

Social Impact

With decentralized access control mechanisms, SNDS returns data control to individuals, allowing users to manage their privacy independently of centralized providers. The project supports users’ rights to control who accesses their data, promoting ethical data management practices and addressing growing concerns over data sovereignty.

Publications and Open-Source Contributions

SNDS has contributed to various academic conferences and workshops, including:

“Named Data Networking for Data Spaces”
IEEE Symposium on Computers and Communications 2024, introducing SNDS’s NDN integration and query capabilities.

“Certificate Management for Cloud-Hosted Digital Twins”
IEEE MoCS Workshop 2024, detailing SNDS’s secure DT framework for IoT devices.

“Data Integrity Protection for Data Spaces”
ACM EuroSec 2024, describing SNDS’s selective content revelation mechanism.

All code and documentation are available here, supporting broader adoption and refinement by the research community.

Future directions

SNDS aims to further refine its features to address scalability, interoperability, and user privacy:

Advanced Filtering Mechanism

We are planning to implement supplier-side filters for more efficient content retrieval, reducing data transfer overhead in applications with high data demands.

Subscription-Based Content Delivery

We will introduce a subscription model to notify consumers of new content, enabling proactive data delivery in real-time, enhancing the utility of data spaces for IoT and smart city applications.

Expanded Support for Verifiable Credentials

Future developments will extend VC usage within the NDN network, further enhancing in-network authentication and content access control, essential for sensitive data environments.

By adding these capabilities, SNDS aims to become a foundational framework for secure, decentralized data spaces, fostering adoption across IoT, smart cities, and industries that demand privacy-preserving, resilient content distribution solutions.