user-centric privacy- preserving techniques for cloud
TRANSCRIPT
![Page 1: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/1.jpg)
USER-CENTRIC PRIVACY-PRESERVING TECHNIQUES FOR CLOUD-ASSISTED IOTAPPLICATIONS
Nesrine KaanicheTélécom SudParis, Polytechnic Institute of Paris
Chair Values and Policies of Personal Information of IMT
![Page 2: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/2.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 2
GENERAL CONTEXTWHAT THEY KNOW ABOUT US?
User
Paris AreaAuckland Area
Location Data Location Data
![Page 3: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/3.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 3
GENERAL CONTEXTWHO CONTROL OUR DATA?
![Page 4: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/4.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 4
GENERAL CONTEXT
Privacy is not only being anonymous. It is beyond that!
Privacy is not for criminals only! But, It is Hard to achieve!
WHO CARES?
Needed Fast enough to be useful Not «generally usable» yet
Advanced Cryptography can Help!
![Page 5: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/5.jpg)
Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 5
General Context
Attribute based Signatures for Anonymous Authentication
Attribute based Encryptions for Fine Grained Access Control
Real-world Applications
Takeaways and Perspectives
PLAN
03/02/2021
![Page 6: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/6.jpg)
AUTHENTICATIONATTRIBUTE BASED SIGNATURES FOR ANONYMOUS AUTHENTICATION
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 6
![Page 7: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/7.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 7
CLASSICAL IDENTITY MANAGEMENTHOW IT WORKS TODAY?
❶ I am Bob
❷ Age?
❸ Confirm I am > 18!
Identity Provider
User
Service Provider
❹ Yes, >18!
❺ yes, > 18!
Certified attributes giveconfidence to SP, but…
03/02/2021
How cryptograhy can help?
![Page 8: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/8.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 8
ATTRIBUTE BASED SIGNATURE
Verifier
Attribute Authority
User
Attributes
(1)
Se
nd
Att
rib
ute
s
(2)
Issu
e S
ecr
et
Ke
ys
AND
OR
AND
A
B
C D
(4) Send the Signing Policy and the message
(6) Send Signature
(5) Generate Signature w.r.t. to Access Policy (7) Verify Signature Using Public Parameters
Sig does it verify mySigning Policy ??
(3) Define Signing Policy and a message
![Page 9: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/9.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 9
ABS FOR ANONYMOUS AUTHENTICATIONHOW IT WORKS?
Passport
Driver’s license
Passport: birth date = 1973/01/26 Driver’s license = vehicle cat B
User
Service Provider
Attribute Authority
Attribute Authority
Issue Obtain
Certified attributes
Show Verify
Malleable operations over attribute-sets
How can we provide privacy preserving
access to data in dynamic environments?
![Page 10: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/10.jpg)
ACCESS CONTROLATTRIBUTE BASED ENCRYPTION FOR FINE GRAINED ACCESS
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 10
![Page 11: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/11.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 11
ACCESS CONTROL IN THE CLOUD CHALLENGES?
• Reliance on the cloud server
• Confidentiality against SP
• Privacy
Access Control List (ACL):
Save users identities in ACL Check ACL to authorise users Managed by a trusted party
Role Based Access Control (RBAC):
Identify users by roles Users’ roles match data roles Managed by a trusted party
Attribute-Based Access Control (ABAC):
Identify users by attributes Users’ attributes match data
roles Managed by a trusted party
!
![Page 12: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/12.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 12
ATTRIBUTE BASED ENCRYPTION
Data Owner
Attribute Authority
Users
Attributes
(6)
Sen
d A
ttri
bu
tes
(5)
Issu
e Se
cre
t K
eys
(1) Define Access Policy
(2) Encrypt Data w.r.t to the access policy
AND
OR
AND
A
B
C D
(7) Retrieve Data
Service Provider
{A, C, D}
![Page 13: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/13.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 13
ATTRIBUTE BASED ENCRYPTION
Data Owner
Attribute Authority
Users
Attributes
(6)
Sen
d A
ttri
bu
tes
(5)
Issu
e Se
cre
t K
eys
(1) Define Access Policy
(2) Encrypt Data w.r.t to the access policy
AND
OR
AND
A
B
C D
(7) Retrieve Data
Service Provider
Drawbacks:
o Leakage of users’ attributes
o High processing over-head
o No access policy update
![Page 14: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/14.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 14
ATTRIBUTE BASED ENCRYPTIONABE WITH HIDDEN ACCESS POLICY
Cloud
Attribute Authority
Key GenerationKey Generation
Users
Data Owner
AND
OR
AND
A
B
C D
{A, C, D}
AND
OR
AND
A’
B’
C’ D’
Belguith S, Kaaniche N., Laurent, M, Jemai, A. , Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT, Computer Networks
![Page 15: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/15.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 15
ATTRIBUTE BASED ENCRYPTION
Data Owner
Attribute Authority
Users
Attributes
(6)
Sen
d A
ttri
bu
tes
(5)
Issu
e Se
cre
t K
eys
(1) Define Access Policy
(2) Encrypt Data w.r.t to the access policy
AND
OR
AND
A
B
C D
(7) Retrieve Data
Service Provider
Drawbacks:
o No leakage of users’ attributes
o High processing over-head
o No access policy update
Belguith S, Kaaniche N., Laurent, M, Jemai, A. , Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT, Computer Networks
![Page 16: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/16.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 16
ATTRIBUTE BASED ENCRYPTIONABE WITH OUTSOURCED DECRYPTION
Cloud
Attribute Authority
Key GenerationKey Generation
Users
Semi Trusted Edge Server
Ou
sto
urc
eci
ph
erte
xt
Ret
urn
the
par
tial
lyd
ecry
pte
dci
ph
erte
xt
Data Owner
AND
OR
AND
A
B
C D
{A, C, D}
![Page 17: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/17.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 17
ATTRIBUTE BASED ENCRYPTION
Data Owner
Attribute Authority
Users
Attributes
(6)
Sen
d A
ttri
bu
tes
(5)
Issu
e Se
cre
t K
eys
(1) Define Access Policy
(2) Encrypt Data w.r.t to the access policy
AND
OR
AND
A
B
C D
(7) Retrieve Data
Service Provider
Drawbacks:
o No leakage of users’ attributes
o Less processing over-head
o No access policy update
Belguith S, Kaaniche N., Hammoudeh, M,, Dargahi, T. , PROUD: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications, Future Generation Computer Networks
![Page 18: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/18.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 18
ATTRIBUTE BASED ENCRYPTIONABE WITH ACCESS POLICY UPDATE
Cloud
Attribute Authority
Key GenerationKey Generation
Users
Data Owner
AND
OR
AND
C D
AND
A EAND
F B
{A, E, F, B}
AND
OR
AND
A
B
C D
AND
OR
AND
A
B
C D
![Page 19: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/19.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 19
ATTRIBUTE BASED ENCRYPTION
Data Owner
Attribute Authority
Users
Attributes
(6)
Sen
d A
ttri
bu
tes
(5)
Issu
e Se
cre
t K
eys
(1) Define Access Policy
(2) Encrypt Data w.r.t to the access policy
AND
OR
AND
A
B
C D
(7) Retrieve Data
Service Provider
Drawbacks:
o No leakage of users’ attributes
o Less processing over-head
o Access policy update
Belguith S, Kaaniche N., Hammoudeh, M,, Dargahi, T. , PROUD: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications, Future Generation Computer Networks
![Page 20: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/20.jpg)
FOR REAL WORLD APPLICATIONS
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 20
![Page 21: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/21.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 21
DATA AGGREGATION IN CLOUD-ASSISTED IOTSMART HOME USE CASE
Cloud
Attribute Authority
Key GenerationKey Generation
UsersData Owner
IoT devices
Agregator
AND
OR
AND
A
B
C D
{A, E, F, B}
Belguith S, Kaaniche N., Mohamed, M, Russello G, T. , Coop-daab: Cooperative attribute based data aggregation for internet of things applications, OTM Conference
![Page 22: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/22.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 22
CLOUD-ASSISTED VEHICULAR NETWORKSAUTHENTICATED DATA SHARING
Cloud
Attribute Authority
Key GenerationKey Generation
Users
Data Owner
Semi Trusted Edge ServerO
ust
ou
rce
cip
her
text
Ret
urn
the
par
tial
lyd
ecry
pte
dci
ph
erte
xt
AND
OR
AND
A
B
C D
{A, E, F, B}
CloudAND
OR
AND
C D
AND
A EAND
F B
AND
OR
AND
A
B
C D
Belguith S, Kaaniche N., Hammoudeh, M, Dargahi, T. , PROUD: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications, Future Generation Computer Networks
![Page 23: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/23.jpg)
CONCLUSIONTAKEAWAYS AND PERSPECTIVES
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 23
![Page 24: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/24.jpg)
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 24
CONCLUSION
Attribute based primitives are promising techniques, adapted to multi-users’ applications:
• ETSI TS 103 458, codifies the high-level requirements for applying ABE for PII and personal data protection in four use cases: IoT devices, wireless LANs, cloud and mobile services.
• ETSI TS 103 532, proposes an ABE toolkit, trust models, procedures for distributing attributes and keys and an attribute-based access control layer.
o Many challenges are still to be addressed:
o Multi-authority settings
o Revocation and multi-level redaction
o Performances, …
o Ongoing work to adopt attribute-based primitives in the AI-driven world, in order to mitigate/control data leakage and enhance data minimisation.
TAKEWAYS & PERSPECTIVES
![Page 25: USER-CENTRIC PRIVACY- PRESERVING TECHNIQUES FOR CLOUD](https://reader034.vdocument.in/reader034/viewer/2022042802/62681cea76d3811de641ef7a/html5/thumbnails/25.jpg)
THANKS!
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 25