To address security and timeliness requirements for service access control in Named Data Networking (NDN), this paper proposes a time-subscription–enabled encrypted access control mechanism. The method embeds time-based policies directly into ciphertext structures, enabling producers to pre-encrypt content and consumers to decrypt only within their subscription validity periods. It further introduces an anonymous and unlinkable signature authentication scheme, allowing edge routers to perform real-time verification and block malicious requests—thereby mitigating DoS and chosen-plaintext attacks. Built upon attribute-based encryption (ABE) and time-bound key derivation, the scheme is implemented using the Charm cryptographic library and evaluated on Mini-NDN. Formal analysis proves its CPA security, while experiments demonstrate superior performance over state-of-the-art approaches in functional completeness, security strength, and communication overhead—confirming practical deployability.

This paper proposes a novel encryption-based access control mechanism for Named Data Networking (NDN). The scheme allows data producers to share their content in encrypted form before transmitting it to consumers. The encryption mechanism incorporates time-based subscription access policies directly into the encrypted content, enabling only consumers with valid subscriptions to decrypt it. This makes the scheme well-suited for real-world, subscription-based applications like Netflix. Additionally, the scheme introduces an anonymous and unlinkable signature-based authentication mechanism that empowers edge routers to block bogus content requests at the network's entry point, thereby mitigating Denial of Service (DoS) attacks. A formal security proof demonstrates the scheme's resistance to Chosen Plaintext Attacks (CPA). Performance analysis, using Mini-NDN-based emulation and a Charm library implementation, further confirms the practicality of the scheme. Moreover, it outperforms closely related works in terms of functionality, security, and communication overhead.