ETSI TS 103 532-2018 CYBER Attribute Based Encryption for Attribute Based Access Control (V1 1 1).pdf

1、 ETSI TS 103 532 V1.1.1 (2018-03) CYBER; Attribute Based Encryption for Attribute Based Access Control TECHNICAL SPECIFICATION ETSI ETSI TS 103 532 V1.1.1 (2018-03)2 Reference DTS/CYBER-0025 Keywords access control, privacy ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +3

2、3 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available

3、 in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prev

4、ailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETS

5、I documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized

6、 in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to repro

7、duction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMare trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo i

8、s protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 103 532 V1.1.1 (2018-03)3 Contents Intellectual Property Rights 9g3Foreword . 9g3Modal verbs terminology 9g31 Scope 10g32 References 10g32.1 Normative references 1

9、0g32.2 Informative references . 11g33 Definitions and abbreviations . 13g33.1 Definitions . 13g33.2 Abbreviations 15g34 Attribute-Based Encryption Toolkit . 16g34.1 CPA-secure ciphertext-policy and key-policy attribute-based key-encapsulation mechanisms 16g34.1.1 Overview . 16g34.1.2 Ciphertext-poli

10、cy ABKEM 16g34.1.3 Key-policy ABKEM 17g34.2 Specifications of CPA-secure ciphertext-policy and key-policy ABKEMs 17g34.2.1 General . 17g34.2.1.1 Introduction 17g34.2.1.2 Random bit generation . 18g34.2.1.3 Formats for attributes and policies . 18g34.2.1.4 The map2point mapping 18g34.2.1.4.1 General

11、. 18g34.2.1.4.2 map2point_34 . 19g34.2.1.4.3 map2point_ssing23 . 19g34.2.1.4.4 map2point_23 . 19g34.2.1.5 Monotone span programs . 20g34.2.1.5.1 General . 20g34.2.1.5.2 MSP_Encode 20g34.2.1.5.3 MSP_Decode 21g34.2.2 Specification of CP-WATERS-KEM 22g34.2.2.1 General . 22g34.2.2.2 Setup 22g34.2.2.3 Se

12、cret-key generation . 23g34.2.2.4 Symmetric-key encapsulation 23g34.2.2.5 Symmetric-key decapsulation 24g34.2.3 Specification of CP-FAME-KEM and KP-FAME-KEM 24g34.2.3.1 Hash functions 24g34.2.3.2 Setup for CP-FAME-KEM and KP-FAME-KEM . 25g34.2.3.3 CP-FAME-KEM 26g34.2.3.3.1 General . 26g34.2.3.3.2 Se

13、cret-key generation . 26g34.2.3.3.3 Symmetric-key encapsulation . 27g34.2.3.3.4 Symmetric-key decapsulation . 28g34.2.3.4 KP-FAME-KEM 28g34.2.3.4.1 General . 28g34.2.3.4.2 Secret-key generation . 28g34.2.3.4.3 Symmetric-key encapsulation . 30g34.2.3.4.4 Symmetric-key decapsulation . 30g34.2.4 Specif

14、ication of KP-GSPW-KEM . 31g34.2.4.1 General . 31g34.2.4.2 Setup 31g34.2.4.3 Secret-key generation . 32g34.2.4.4 Symmetric-key encapsulation 32g34.2.4.5 Symmetric-key decapsulation 33g3ETSI ETSI TS 103 532 V1.1.1 (2018-03)4 4.3 Ciphertext-policy and key-policy attribute-based encryption 33g34.3.1 Ov

15、erview . 33g34.3.2 Ciphertext-policy ABE 34g34.3.3 Key-policy ABE 34g34.4 Specifications of CPA-secure ciphertext-policy and key-policy ABE 35g34.4.1 General . 35g34.4.1.1 Introduction 35g34.4.1.2 Pseudorandom generator 35g34.4.2 CPA-secure CP-ABE . 35g34.4.3 CPA-secure KP-ABE scheme 36g34.5 Specifi

16、cations of CCA-secure CP-ABKEMs and KP-ABKEMs, CP-ABE schemes, and KP-ABE schemes . 36g34.5.1 General . 36g34.5.1.1 Introduction 36g34.5.1.2 Collusion-resistant hash function . 37g34.5.1.3 Authenticated encryption . 37g34.5.2 CCA-secure CP-ABKEM 37g34.5.3 CCA-secure KP-ABKEM 38g34.5.4 CCA-secure CP-

17、ABE 38g34.5.5 CCA-secure KP-ABE 39g34.6 Requirements for compliant ABKEMs . 40g34.6.1 General . 40g34.6.2 Requirement 1: correctness and indistinguishability under chosen-plaintext attacks for ABKEMs 40g34.6.2.1 Correctness . 40g34.6.2.2 Indistinguishability under chosen-plaintext attacks . 40g34.6.

18、3 Requirement 2: Sufficient security levels 41g34.7 Revocation . 41g34.7.1 Attribute revocation . 41g34.7.2 Secret-key revocation 42g34.8 Recommendations . 42g34.8.1 Overview . 42g34.8.2 Efficiency considerations . 42g34.8.3 Security considerations 42g35 Trust models . 43g35.1 Overview . 43g35.2 Rol

19、es 43g35.2.1 Data Consumer 43g35.2.2 Data Controller 43g35.2.3 Data Processor . 43g35.2.4 Data Subject . 43g35.2.5 Device Manager . 43g35.2.6 Platform Provider. 43g35.2.7 Third Party Service Provider . 44g35.2.8 Platform User . 44g35.3 Models . 44g35.3.1 Long term storage 44g35.3.2 Offline access co

20、ntrol 45g35.3.3 Platform Provider . 45g35.4 Functions . 46g35.4.1 Authority function . 46g35.4.2 Assertion function 47g35.4.2.1 General. 47g35.4.2.2 Data access assertion 47g35.4.2.3 Data capture assertion 47g35.4.3 Encryption function . 47g35.4.4 Policy Management function . 47g35.4.5 Key distribut

21、ion function . 47g35.4.6 Decryption function . 48g36 Procedures for distributing attributes and keys 48g36.1 Introduction . 48g3ETSI ETSI TS 103 532 V1.1.1 (2018-03)5 6.2 Platform Provider extended with Public Key Infrastructure X.509 . 48g36.2.1 Overview . 48g36.2.2 Entities . 49g36.2.2.1 Introduct

22、ion 49g36.2.2.2 ABE Authority (ABEA) . 49g36.2.2.3 Keys associated to the Third Party Service Provider (3SP) . 50g36.2.2.4 Keys associated to the Platform Provider (PP) 50g36.2.3 ABE Key Distribution . 50g36.2.3.1 General . 50g36.2.3.2 Setup 50g36.2.3.3 ABE Public Key distribution 50g36.2.3.4 ABE se

23、cret key material distribution . 50g36.2.3.5 Attributes distribution 51g36.2.4 ABE Public Key revocation . 51g36.3 Assertions 51g36.3.1 Introduction 51g36.3.2 Types of assertions. 51g36.3.3 Mapping to SAML . 52g36.3.3.1 SAML Attributes 52g36.3.3.2 SAML Attribute Statements . 52g36.3.3.2.1 Unencrypte

24、d format 52g36.3.3.2.2 Encrypted format 52g36.3.3.3 SAML Attribute Queries 52g36.3.3.4 Key assertions 53g36.3.3.5 Security considerations 53g36.3.4 SAML binding for CoAP . 53g36.3.4.1 Message encapsulation . 53g36.3.4.2 Addressing and intermediaries . 53g36.3.4.3 Security 53g37 Attribute Based Acces

25、s Control layer 54g37.1 Overview . 54g37.2 Base ABKEM access control capabilities (“Layer 1“) 54g37.2.1 Introduction 54g37.2.2 Attributes . 54g37.2.2.1 Syntax for attribute declaration 54g37.2.2.2 Attribute types 54g37.2.2.3 Syntax for ABKEM universe declaration 55g37.2.2.4 Syntax for value assignme

26、nt in annotations . 55g37.2.3 Policies . 56g37.2.3.1 General definition of a policy and syntax 56g37.2.3.2 Relational statements . 56g37.2.3.2.1 Introduction 56g37.2.3.2.2 Relational operators for the unsigned integer attribute type . 56g37.2.3.2.3 Relational operators for the boolean attribute type

27、 . 57g37.2.3.2.4 Relational operators for the string attribute type 57g37.2.3.3 Logical operators 57g37.2.3.4 Threshold gates 57g37.2.3.5 Top-level statements 58g37.2.4 ABKEM bindings 58g37.2.4.1 Introduction 58g37.2.4.2 Binding rules for value assignment to attributes in annotation 58g37.2.4.2.1 Co

28、mmon translation rules . 58g37.2.4.2.2 Unsigned integer . 58g37.2.4.2.3 Boolean . 59g37.2.4.2.4 String 59g37.2.4.3 Binding rules for policy translation 59g37.2.4.3.1 Common translation rules . 59g37.2.4.3.2 Integer . 60g37.2.4.3.2.1 “ operator. 60g37.2.4.3.2.3 “=“ operator 60g3ETSI ETSI TS 103 532 V

29、1.1.1 (2018-03)6 7.2.4.3.2.4 “!=“ operator . 61g37.2.4.3.2.5 “=“ operator 62g37.2.4.3.3 Boolean . 63g37.2.4.3.4 String 63g37.3 Intermediate access control layer (“Layer 2“) . 64g37.3.1 Introduction (informative) . 64g37.3.2 Additional attribute types . 64g37.3.2.1 Double 64g37.3.2.1.1 Definition 64g

30、37.3.2.1.2 Relational operators for doubles . 64g37.3.2.2 Time measurement . 65g37.3.2.2.1 Timestamp 65g37.3.2.2.1.1 Definition 65g37.3.2.2.1.2 Relational operators 65g37.3.2.2.2 Duration 66g37.3.2.2.2.1 Definition 66g37.3.2.2.2.2 Relational operators 66g37.3.2.2.3 Cycles . 66g37.3.2.2.3.1 Definitio

31、n 66g37.3.2.2.3.2 Relational operators 67g37.3.2.3 Location . 67g37.3.2.3.1 Zone 67g37.3.2.3.1.1 Definition 67g37.3.2.3.1.2 Relational operators 67g37.3.2.3.2 Grid . 67g37.3.2.3.2.1 Definition 67g37.3.2.3.2.2 Relational operators 68g37.3.2.3.3 1d point . 68g37.3.2.3.3.1 Definition 68g37.3.2.3.3.2 Re

32、lational operators 68g37.3.2.3.4 2d point . 69g37.3.2.3.4.1 Definition 69g37.3.2.3.4.2 Relational operators 69g37.3.2.3.5 3d point . 70g37.3.2.3.5.1 Definition 70g37.3.2.3.5.2 Relational operators 70g37.3.2.3.6 Circle perimeter 71g37.3.2.3.6.1 Definition 71g37.3.2.3.6.2 Relational operators 71g37.3.

33、2.3.7 Sphere surface 71g37.3.2.3.7.1 Definition 71g37.3.2.3.7.2 Relational operators 72g37.3.2.4 Abstract string types . 72g37.3.2.4.1 Free string . 72g37.3.2.4.1.1 Definition 72g37.3.2.4.1.2 Relational operators 72g37.3.2.4.2 Clearance 73g37.3.2.4.2.1 Definition 73g37.3.2.4.2.2 Relational operators

34、 73g37.3.2.4.3 Role 73g37.3.2.4.3.1 Definition 73g37.3.2.4.4 User 73g37.3.2.4.4.1 Definition 73g37.3.2.4.4.2 Relational operators 74g37.3.2.4.5 Device . 74g37.3.2.4.5.1 Definition 74g37.3.2.4.5.2 Relational operators 74g37.3.2.4.6 Function 74g37.3.2.4.6.1 Definition 74g37.3.2.4.6.2 Relational operat

35、ors 74g37.3.2.4.7 Datatype 74g3ETSI ETSI TS 103 532 V1.1.1 (2018-03)7 7.3.2.4.7.1 Definition 74g37.3.2.4.7.2 Relational operators 75g37.3.2.4.8 Origin . 75g37.3.2.4.8.1 Definition 75g37.3.2.4.8.2 Relational operators 75g37.3.3 Support for foreign data types 75g37.3.3.1 Introduction 75g37.3.3.2 Datat

36、ypes identified in annex C . 75g37.3.3.2.1 Primitive data types from XML Schema 75g37.3.3.2.2 Time data types from XML Schema 76g37.3.3.2.3 Resource identifiers 76g37.4 ABKEM operations . 76g37.4.1 General . 76g37.4.2 Time-based implicit secret key revocation 76g37.4.2.1 Implementation in KP-ABKEM .

37、 76g37.4.2.2 Implementation in CP-ABKEM. 77g37.4.3 Counter-based implicit secret key revocation 77g37.4.3.1 Implementation in KP-ABKEM . 77g37.4.3.2 Implementation in CP-ABKEM. 78g37.4.4 Simple Mandatory access control 78g37.4.4.1 Implementation in KP-ABKEM . 78g37.4.4.2 Implementation in CP-ABKEM.

38、78g37.4.5 Role-based access control 79g37.4.5.1 Implementation in KP-ABKEM . 79g37.4.5.2 Implementation in CP-ABKEM. 79g37.4.6 Location-based access control (informative) . 79g37.4.7 Reduced access control based on the emergency level 81g37.4.7.1 Implementation in KP-ABKEM . 81g37.4.7.2 Implementati

39、on in CP-ABKEM. 81g37.4.8 Access control based on service tier 81g37.4.8.1 Implementation in KP-ABKEM . 81g37.4.8.2 Implementation in CP-ABKEM. 82g37.5 Translation rules for XACML . 82g37.5.1 Introduction (informative) . 82g37.5.2 General requirements . 82g37.5.3 Implementation in KP-ABKEM 82g37.5.3

40、.1 KP-ABKEM specific requirements 82g37.5.3.2 Issuance of secret keys . 83g37.5.3.3 Processing of Permission element . 83g37.5.4 Implementation in CP-ABKEM 83g37.5.4.1 CP-ABKEM specific requirements 83g37.5.4.2 Preparation of policies for ciphertexts 84g37.5.4.3 Processing of Permission element . 84

41、g37.5.4.4 Encapsulation into ciphertext . 84g37.5.5 Combining algorithms and functions . 84g37.6 Authentication using ABKEM 86g37.6.1 Introduction 86g37.6.2 Principles . 86g37.6.3 Common messages 88g37.6.3.1 Resource identification . 88g37.6.3.2 Claimant identification . 88g37.6.4 Implementation in

42、KP-ABKEM 88g37.6.5 Implementation in CP-ABKEM 88g3Annex A (informative): ABE schemes from the cryptographic literature 89g3Annex B (informative): Applicable features of traditional ABAC 91g3Annex C (informative): Common semantics 92g3C.1 Introduction 92g3C.2 Primitive data types 92g3ETSI ETSI TS 103

43、 532 V1.1.1 (2018-03)8 C.3 Time . 92g3C.4 Location 93g3C.5 Identifiers for resources 93g3C.6 Domain specific ontologies 93g3C.6.1 Introduction . 93g3C.6.2 OneM2M Base Ontology 94g3C.6.3 ISO/IEC 19944 94g3Annex D (normative): Grammars for the attribute based access control layer . 95g3D.1 Introductio

44、n 95g3D.2 Universe and attribute declarations 95g3D.3 Policy declarations . 96g3D.4 Attribute assignments at Layer 1 97g3D.5 ABKEM attribute encoding 97g3Annex E (informative): Bibliography . 98g3History 99g3ETSI ETSI TS 103 532 V1.1.1 (2018-03)9 Intellectual Property Rights Essential patents IPRs e

45、ssential or potentially essential to normative deliverables may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or pot

46、entially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI.

47、No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted an

48、d/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI

49、 of products, services or organizations associated with those trademarks. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Cyber Security (CYBER). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 103 532 V