Content-centric networks have demonstrated an entirely new type of network topology, which offers a new way to distribute information in the data-driven network. Unlike the TCP/IP network topology, which is address-driven, content-centric networks do not require any address. Based on the content-to-consumer paradigm, content-centric networking architecture was proposed for the content to be provided efficiently with great convenience to users. As the content-centric network is not address-driven, when a data packet is delivered it cannot be encrypted with any encryption key of a node. Therefore, data confidentiality in content-centric network is a challenging problem. Motivated to solve this problem, we introduce a new cryptosystem for content-based encryption, where the encryption key is associated with the content. We propose a content-based encryption scheme (CBE), which is proven to be semantically secure in the random oracle model. We apply the CBE to construct a secure content delivery protocol in a content-centric network.