user-centric privacy- preserving techniques for cloud

USER-CENTRIC PRIVACY-PRESERVING TECHNIQUES FOR CLOUD-ASSISTED IOTAPPLICATIONS

Nesrine KaanicheTélécom SudParis, Polytechnic Institute of Paris

Chair Values and Policies of Personal Information of IMT

03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 2

GENERAL CONTEXTWHAT THEY KNOW ABOUT US?

User

Paris AreaAuckland Area

Location Data Location Data


GENERAL CONTEXTWHO CONTROL OUR DATA?


GENERAL CONTEXT

Privacy is not only being anonymous. It is beyond that!

Privacy is not for criminals only! But, It is Hard to achieve!

WHO CARES?

Needed Fast enough to be useful Not «generally usable» yet

Advanced Cryptography can Help!

Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 5

General Context

Attribute based Signatures for Anonymous Authentication

Attribute based Encryptions for Fine Grained Access Control

Real-world Applications

Takeaways and Perspectives

PLAN

03/02/2021

AUTHENTICATIONATTRIBUTE BASED SIGNATURES FOR ANONYMOUS AUTHENTICATION



CLASSICAL IDENTITY MANAGEMENTHOW IT WORKS TODAY?

❶ I am Bob

❷ Age?

❸ Confirm I am > 18!

Identity Provider

User

Service Provider

❹ Yes, >18!

❺ yes, > 18!

Certified attributes giveconfidence to SP, but…

03/02/2021

How cryptograhy can help?


ATTRIBUTE BASED SIGNATURE

Verifier

Attribute Authority

User

Attributes

(1)

Se

nd

Att

rib

ute

s

(2)

Issu

e S

ecr

et

Ke

ys

AND

OR

AND

A

B

C D

(4) Send the Signing Policy and the message

(6) Send Signature

(5) Generate Signature w.r.t. to Access Policy (7) Verify Signature Using Public Parameters

Sig does it verify mySigning Policy ??

(3) Define Signing Policy and a message


ABS FOR ANONYMOUS AUTHENTICATIONHOW IT WORKS?

Passport

Driver’s license

Passport: birth date = 1973/01/26 Driver’s license = vehicle cat B

User

Service Provider

Attribute Authority

Attribute Authority

Issue Obtain

Certified attributes

Show Verify

Malleable operations over attribute-sets

How can we provide privacy preserving

access to data in dynamic environments?

ACCESS CONTROLATTRIBUTE BASED ENCRYPTION FOR FINE GRAINED ACCESS



ACCESS CONTROL IN THE CLOUD CHALLENGES?

• Reliance on the cloud server

• Confidentiality against SP

• Privacy

Access Control List (ACL):

Save users identities in ACL Check ACL to authorise users Managed by a trusted party

Role Based Access Control (RBAC):

Identify users by roles Users’ roles match data roles Managed by a trusted party

Attribute-Based Access Control (ABAC):

Identify users by attributes Users’ attributes match data

roles Managed by a trusted party

!


ATTRIBUTE BASED ENCRYPTION

Data Owner

Attribute Authority

Users

Attributes

(6)

Sen

d A

ttri

bu

tes

(5)

Issu

e Se

cre

t K

eys

(1) Define Access Policy

(2) Encrypt Data w.r.t to the access policy

AND

OR

AND

A

B

C D

(7) Retrieve Data

Service Provider

{A, C, D}



Data Owner

Attribute Authority

Users

Attributes

(6)

Sen

d A

ttri

bu

tes

(5)

Issu

e Se

cre

t K

eys



AND

OR

AND

A

B

C D

(7) Retrieve Data

Service Provider

Drawbacks:

o Leakage of users’ attributes

o High processing over-head

o No access policy update


ATTRIBUTE BASED ENCRYPTIONABE WITH HIDDEN ACCESS POLICY

Cloud

Attribute Authority

Key GenerationKey Generation

Users

Data Owner

AND

OR

AND

A

B

C D

{A, C, D}

AND

OR

AND

A’

B’

C’ D’

Belguith S, Kaaniche N., Laurent, M, Jemai, A. , Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT, Computer Networks



Data Owner

Attribute Authority

Users

Attributes

(6)

Sen

d A

ttri

bu

tes

(5)

Issu

e Se

cre

t K

eys



AND

OR

AND

A

B

C D

(7) Retrieve Data

Service Provider

Drawbacks:

o No leakage of users’ attributes

o High processing over-head


Belguith S, Kaaniche N., Laurent, M, Jemai, A. , Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT, Computer Networks


ATTRIBUTE BASED ENCRYPTIONABE WITH OUTSOURCED DECRYPTION

Cloud

Attribute Authority


Users

Semi Trusted Edge Server

Ou

sto

urc

eci

ph

erte

xt

Ret

urn

the

par

tial

lyd

ecry

pte

dci

ph

erte

xt

Data Owner

AND

OR

AND

A

B

C D

{A, C, D}



Data Owner

Attribute Authority

Users

Attributes

(6)

Sen

d A

ttri

bu

tes

(5)

Issu

e Se

cre

t K

eys



AND

OR

AND

A

B

C D

(7) Retrieve Data

Service Provider

Drawbacks:


o Less processing over-head


Belguith S, Kaaniche N., Hammoudeh, M,, Dargahi, T. , PROUD: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications, Future Generation Computer Networks


ATTRIBUTE BASED ENCRYPTIONABE WITH ACCESS POLICY UPDATE

Cloud

Attribute Authority


Users

Data Owner

AND

OR

AND

C D

AND

A EAND

F B

{A, E, F, B}

AND

OR

AND

A

B

C D

AND

OR

AND

A

B

C D



Data Owner

Attribute Authority

Users

Attributes

(6)

Sen

d A

ttri

bu

tes

(5)

Issu

e Se

cre

t K

eys



AND

OR

AND

A

B

C D

(7) Retrieve Data

Service Provider

Drawbacks:


o Less processing over-head

o Access policy update

Belguith S, Kaaniche N., Hammoudeh, M,, Dargahi, T. , PROUD: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications, Future Generation Computer Networks

FOR REAL WORLD APPLICATIONS



DATA AGGREGATION IN CLOUD-ASSISTED IOTSMART HOME USE CASE

Cloud

Attribute Authority


UsersData Owner

IoT devices

Agregator

AND

OR

AND

A

B

C D

{A, E, F, B}

Belguith S, Kaaniche N., Mohamed, M, Russello G, T. , Coop-daab: Cooperative attribute based data aggregation for internet of things applications, OTM Conference


CLOUD-ASSISTED VEHICULAR NETWORKSAUTHENTICATED DATA SHARING

Cloud

Attribute Authority


Users

Data Owner

Semi Trusted Edge ServerO

ust

ou

rce

cip

her

text

Ret

urn

the

par

tial

lyd

ecry

pte

dci

ph

erte

xt

AND

OR

AND

A

B

C D

{A, E, F, B}

CloudAND

OR

AND

C D

AND

A EAND

F B

AND

OR

AND

A

B

C D

Belguith S, Kaaniche N., Hammoudeh, M, Dargahi, T. , PROUD: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications, Future Generation Computer Networks

CONCLUSIONTAKEAWAYS AND PERSPECTIVES



CONCLUSION

Attribute based primitives are promising techniques, adapted to multi-users’ applications:

• ETSI TS 103 458, codifies the high-level requirements for applying ABE for PII and personal data protection in four use cases: IoT devices, wireless LANs, cloud and mobile services.

• ETSI TS 103 532, proposes an ABE toolkit, trust models, procedures for distributing attributes and keys and an attribute-based access control layer.

o Many challenges are still to be addressed:

o Multi-authority settings

o Revocation and multi-level redaction

o Performances, …

o Ongoing work to adopt attribute-based primitives in the AI-driven world, in order to mitigate/control data leakage and enhance data minimisation.

TAKEWAYS & PERSPECTIVES

https://www.etsi.org/deliver/etsi_ts/103400_103499/103458/01.01.01_60/ts_103458v010101p.pdf

https://www.etsi.org/deliver/etsi_ts/103500_103599/103532/01.01.01_60/ts_103532v010101p.pdf

THANKS!

[email protected]


user-centric privacy- preserving techniques for cloud

Documents