ETSI TS 103 458-2018 CYBER Application of Attribute Based Encryption (ABE) for PII and personal data protection on IoT devices WLAN cloud and mobile services - High level requireme.pdf

1、 ETSI TS 103 458 V1.1.1 (2018-06) CYBER; Application of Attribute Based Encryption (ABE) for PII and personal data protection on IoT devices, WLAN, cloud and mobile services - High level requirements TECHNICAL SPECIFICATION ETSI ETSI TS 103 458 V1.1.1 (2018-06)2 Reference DTS/CYBER-0020 Keywords acc

2、ess control, confidentiality, portability, privacy ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important not

3、ice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authoriz

4、ation of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be

5、aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following

6、 services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF versi

7、on shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM a

8、nd LTETMare trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 103 458 V1.1.1 (2018-06)3 Contents I

9、ntellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 9g34 Mobile use case 11g34.1 Introduction 11g34.1.1 Scenario 11g3

10、4.1.2 Preliminary considerations . 11g34.2 High level requirements . 12g34.3 Use case 13g34.3.1 Stakeholders 13g34.3.2 Preconditions 14g34.3.3 Trigger 15g34.3.4 Flow of events . 15g34.3.5 Exit Condition . 16g34.3.6 Security Aspects . 16g34.3.7 Recommended ABE scheme. 16g35 Privacy-Preserving federat

11、ed WLANs use case . 16g35.1 Introduction 16g35.1.1 Scenario 16g35.1.2 Preliminary considerations . 17g35.2 High level requirements . 17g35.3 Use case 17g35.3.1 Stakeholders 17g35.3.2 Preconditions 18g35.3.3 Trigger 18g35.3.4 Flow of events . 18g35.3.5 Exit condition 18g35.3.6 Recommended ABE scheme.

12、 18g36 Internet of Things use cases . 19g36.1 Overview 19g36.2 High level requirements . 19g36.3 Use cases 22g36.3.1 Securing and exporting data to untrusted storage . 22g36.3.1.1 General use case description . 22g36.3.1.2 Stakeholders 22g36.3.1.3 Scenario(s) 23g36.3.1.4 Information Flows . 23g36.3.

13、1.5 Operational constraints 23g36.3.2 Bundling encrypted data with access control capabilities for use in an industrial context . 24g36.3.2.1 General use case description . 24g36.3.2.2 Stakeholders 24g36.3.2.3 Scenario(s) 24g36.3.2.4 Information Flows . 24g36.3.3 Assigning new access control policie

14、s to already encrypted data . 25g36.3.3.1 General use case description . 25g36.3.3.2 Stakeholders 25g3ETSI ETSI TS 103 458 V1.1.1 (2018-06)4 6.3.3.3 Scenario(s) 25g36.3.3.4 Information Flows . 26g36.3.4 Applicability of access policies to processed data 26g36.3.4.1 General use case description . 26g

15、36.3.4.2 Stakeholders 27g36.3.4.3 Scenarios . 27g36.3.4.4 Information Flows . 27g36.3.5 Offline access control in constrained operational environments 28g36.3.5.1 General use case description . 28g36.3.5.2 Stakeholders 28g36.3.5.3 Scenario(s) 28g36.3.5.4 Information Flows . 29g36.3.5.5 Operational c

16、onstraints 29g36.3.6 Direct and indirect data access 29g36.3.6.1 General use case description . 29g36.3.6.2 Stakeholders 29g36.3.6.3 Scenario(s) 29g36.3.6.4 Information Flows . 30g36.3.7 Access control examples in the Industrial Internet of Things . 31g36.3.7.1 General use case description . 31g36.3

17、.7.2 Stakeholders 31g36.3.7.3 Scenario(s) 31g36.3.7.4 Information Flows . 33g36.3.8 Recommended ABE schema. 34g37 Cloud use case 34g37.1 Introduction 34g37.1.1 Scenario 34g37.1.2 Preliminary considerations . 35g37.2 High level requirements . 36g37.3 Use case 36g37.3.1 Stakeholders 36g37.3.2 Precondi

18、tions 37g37.3.4 Trigger 37g37.3.5 Flow of events . 37g37.3.6 Exit condition 38g37.3.7 Recommended ABE scheme. 38g3Annex A (informative): Attribute Based Encryption 39g3A.1 Early ABE constructions 39g3A.2 Key Policy Attribute Based Encryption (KP-ABE) . 39g3A.3 Ciphertext Policy Attribute Based Encry

19、ption (CP-ABE) . 40g3A.4 Key distribution protocols 40g3A.5 Attribute revocation 40g3A.6 Key expiration approach 41g3A.7 Mediator approach 41g3A.8 Relationship with Attribute Based Access Control (ABAC) . 42g3Annex B (informative): Compliance with Lawful Interception principles . 43g3History 44g3ETS

20、I ETSI TS 103 458 V1.1.1 (2018-06)5 Intellectual Property Rights Essential patents IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and

21、 can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the

22、ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trade

23、marks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Menti

24、on of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Cyber Security (CYBER). Modal verbs terminology

25、In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI d

26、eliverables except when used in direct citation. ETSI ETSI TS 103 458 V1.1.1 (2018-06)6 1 Scope The present document specifies high level requirements for the application of Attribute Based Encryption (ABE) to protect PII and personal data on IoT devices/services, cloud services, Wireless Local Area

27、 Networks and mobile services, where access to data has to be given to multiple parties and under different conditions. With a main focus on the confidentiality of data, including personal data and Personally Identifiable Information, the present document may help in supporting the General Data Prot

28、ection Regulation i.19. The following use cases are described: 1) The Mobile use case describes a situation of user access from less trusted networks. The objective is to provide user identity protection preserving disclosure to unauthorized entity. 2) The federated WLAN use case where users can acc

29、ess different WLAN networks using their credentials - issued by different authorities/domains - while preserving their privacy. 3) Many Internet of Things use cases or edge scenarios where data access mechanisms are actioned either in the network or on the device. 4) The Cloud use case where a third

30、 party accesses personal data from the Cloud Service Provider. The present document also provides recommendations on the ABE scheme to use for each use case. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version numbe

31、r) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at htt

32、ps:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. 1 ISO/IEC 17789:2014: “Information technology - Cloud computing - Reference architecture“. 2.2 Informative references The following

33、 referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. For non-specific references, the latest version of the referenced document (including any amendments) applies. i.1 Italian Digital Agency: “Three-Yea

34、r Plan for ICT in Public Administration (2017 - 2019)“. NOTE: Available at https:/pianotriennale-ict.readthedocs.io/en/latest/. i.2 National Institute of Standards and Technology NIST SP 800-122: “Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)“. i.3 ETSI TS 133

35、401: “Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture (3GPP TS 33.401)“. i.4 3GPP TR 22.864: “Feasibility study on new services and markets technology enablers for net

36、work operation; Stage 1“. ETSI ETSI TS 103 458 V1.1.1 (2018-06)7 i.5 ISO/IEC 19944:2017: “Information technology - Cloud computing - Cloud services and devices: Data flow, data categories and data use“. i.6 FP7-ICT 611659 AU2EU Deliverable D4.2.1: “Cryptographically enforced access control“. NOTE: A

37、vailable at http:/www.au2eu.eu/uploads/Publications/deliverables/AU2EU_D4.2.2_Final.pdf. i.7 5G Ensure project: “Deliverable D2.1: Use Cases“. NOTE: Available at http:/www.5gensure.eu/sites/default/files/Deliverables/5G-ENSURE_D2.1-UseCases.pdf. i.8 F. van den Broek, R. Verdult, J. de Ruiter: “Defea

38、ting IMSI Catchers“. NOTE: Available at http:/www.cs.ru.nl/rverdult/Defeating_IMSI_Catchers-CCS_2015.pdf. i.9 P. Paillier: “Public-Key Cryptosystems Based on Composite Degree Residuosity Classes“, EUROCRYPT, pages 223-238. Springer, 1999. NOTE: Available at https:/ i.10 ETSI TR 101 567: “Lawful Inte

39、rception (LI); Cloud/Virtual Services for Lawful Interception (LI) and Retained Data (RD)“. i.11 L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, W. Jonker: “Information security applications“, pages 309-323, Springer-Verlag, Berlin, Heidelberg, 2009. i.12 A. Sahai, B. Waters: “Fuzzy Identity Based En

40、cryption“, Advances in Cryptology - EUROCRYPT, Volume 3494 of LNCS, pages 457-473. Springer, 2005. i.13 V. Goyal, O. Pandey, A. Sahai, B. Waters: “Attribute-based encryption for fine-grained access control of encrypted data“, Proceedings of the 13th ACM Conference on Computer and Communications Secu

41、rity, CCS 06, pages 8-98, New York, NY, USA, 2006. ACM. i.14 J. Bethencourt, A. Sahai, B. Waters: “Ciphertext-policy attribute-based encryption“, Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP07, pages 32-334. Washington, DC, USA, IEEE Computer Society. i.15 A. Boldyreva, V. Goya

42、l, V. Kumar: “Identity based encryption with efficient revocation“, Conference on Computer and Communications Security, pages 417-416, 2008. i.16 ETSI TR 187 010: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Security; Report on issues relate

43、d to security in identity imanagement and their resolution in the NGN“. i.17 M. Piretti, P. Traynor, P. McDaniel, B. Waters: “Secure attribute-based systems“, Journal of Computer Security, 18(5), pages 799-837, 2010. i.18 Z. Xu, K. Martin: “Dynamic User Revocation and Key Refreshing for Attribute-Ba

44、sed Encryption in Cloud Storage“, Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE 11thInternational Conference, 2012, pp. 844-849. i.19 Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to

45、the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). i.20 ISO/IEC 29100:2011: “Information technology - Security techniques - Privacy framework“. i.21 ETSI TS 103 532: “CYBER; Attribute Based Encryption for Attr

46、ibute Based Access Control“. i.22 Directive 2012/18/EU of the European Parliament and of the Council of 4 July 2012 on the control of major-accident hazards involving dangerous substances, amending and subsequently repealing Council Directive 96/82/EC Text with EEA relevance. ETSI ETSI TS 103 458 V1

47、.1.1 (2018-06)8 i.23 IEEE 802.11: “IEEE Standard for Information technology-Telecommunications and information exchange between systems Local and metropolitan area networks-Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications,“ in IEEE Std

48、 802.11-2016 (Revision of IEEE Std 802.11-2012) , vol., no., pp.1-3534, Dec. 14 2016. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: cloud platform provider: cloud service provider providing identity management ser

49、vices and interfaces for third party applications using the platform services cloud platform user: cloud service user consuming one or more platform services cloud service customer: individual or organization consuming one or more cloud services provided by a Cloud Service Provider cloud service partner: individual or organization providing support to the provisioning of cloud services by the Cloud Service Provider, or to the consumption of cloud service by the Cloud