Content-Centric Networking (CCN) is an emerging network architecture designed to overcome limitations of the current IP-based Internet. One of the fundamental tenets of CCN is that content is named and addressable. Consumers request content by issuing interests with the desired content name. These interests are forwarded by routers to producers, and the requested content is returned and optionally cached at each router along the path. In-network caching makes it difficult to enforce access control policies on sensitive content since routers only use interest information for forwarding decisions. This motives our work on Interest-Based Access Control (IBAC) -- a scheme for access control enforcement using only information contained in interest messages. IBAC makes sensitive content names unpredictable to unauthorized parties. It supports both hash- and encryption-based name obfuscation. Interest replay attacks are addressed by formulating a mutual trust framework between producers and consumers that enables routers to perform authorization checks before satisfying interests from local caches. We assess computational, storage, and bandwidth costs of each IBAC variant. Proposed design is flexible and allows producers to arbitrarily specify and enforce any type of content access control, without having to deal with content encryption and key distribution. This is the first comprehensive CCN access control design that only uses information contained in interest messages.