STRONG DATA PRIVACY AND SECURITY FOR THE IOT...Extending access control in oneM2M systems with...

STRONG DATA PRIVACY AND SECURITY FOR THE IOT

François Ambrosini, ETSI TC CYBER STF 529, IBIT Ambrosini UG© ETSI 2017. All rights reserved

Extending access control in oneM2M systemswith Attribute Based Encryption

Outline

Introduction and objectives

Limitations of traditional public key encryption for access control

Getting to know Attribute‐Based Encryption (ABE)

Operational models

Integrating ABE in the access control stack

Example usage in oneM2M

Outlook and conclusion© ETSI 2012. All rights reserved2

Introduction

© ETSI 2017. All rights reserved3

ETSI Specialist Task Force 529 under supervision of TC CYBERis currently developing an access control toolkit leveraging Attribute Based Encryption (ABE)Objective: access control using encryption• Bind access control to encrypted data• Protect data during the complete lifecycle• Goes beyond real‐time access control

A toolbox• Addressing Cloud, Mobile, and IoT• That other Standard Defining Organisations can pick up• Focusing on interoperability (ontologies and existing access control systems)

Applicable to oneM2M, would complement real‐time access control

Why ABE? Limitations of TraditionalPublic Key Encryption for access control


cleartext ciphertext cleartext

1

3

setup

KprivKpub

encrypts decrypts

shares or

How can the data owner share with many recipients and enforce access control?• Obtain Kpub from each recipient and encrypt for each recipient• Does not scale, puts constraints on the data owner

Does not allow recipients to share data among themselves, under data owner control

4

requests2 2

(simplified example)

Data Owner Recipients

Getting to know ABE (1)


setup

MSK MPK

1Many‐to‐many encryption schemeBased on a secret sharing scheme (a secret is split into shares) mapped to attributes and policiesThe data owner remains in control• the setup phase allows to declare attributes; a Master Secret Key

and a Master Public Key are generated• The Master Secret Key allows to generate private keys• Because he owns the Master Secret Key, only the data owner can

issue private keys

Scales better for the data owner

+

requests a private keyevaluates request and generates

Kpriv returns+

provisioning2

Data Owner Recipient

Could also be devices or services…

Other recipients

encrypted expense report



expense report

3encrypts

Policy+

Example using Ciphertext Policy ABE (CP‐ABE) a variant of ABE where the policy is in the encrypted data

( (service == finance) AND(role == auditor)

) OR (role == CFO)

encryptedexpense report

expense report

decrypts4 If a branch of the policy is satisfied, the recipient has enough shares to recover the secret and perform decryption Similar to permit‐override combining algorithm in XACML & oneM2M

( (service == finance) AND(role == auditor)

) OR (role == CFO)

role == CFO

Recipient



cleartext ciphertext

5can encrypt as well

Attributes or Policy+

e.g. results from data analytics

can access new ciphertext using their Kpriv, or if MSK owner grants an appropriate Kpriv

Recipient acting as Contributor

Recipients can become contributing third‐partiesAccess control still applies

Data Owner Other recipients

+

Our operational models


Characteristics• data at rest when the on‐board storage area offers low security• or is remote and untrusted• while keeping access control in force

Basis for IoT and B2B data sharing use cases

Long Term Storage

Characteristics• environment offers too little or no network connectivity• limits user / device authentication and authorisation services• relies on pre‐provisioning of keys as well as out of band methods

Basis for some industrial IoT use cases with strong isolation constraints Can be extended to offline authentication / authorisation

Offline Access Control

Characteristics• users delegate access control over their data, to a trusted Platform Provider• Platform Provider offers user‐friendly access control management• third‐party service providers connect to the Platform Provider and request permission to obtain data

Basis for Cloud and Mobile use cases

Platform Provider

Intermediate Access Control Languages


Layer 1

Layer 2

ABE schemes

ABE library +tools

Translator

Translator + non-ABE services

S1 S2 …

High-level access control frameworks

Complex attributesand related operators:‐ Locations (zones, circles, etc.)‐ Timestamps‐ Device types‐ Free strings (Roles etc.)‐ …

Allow a mapping to ontologiesat the level of the cryptosystem

Basic attributes and operators:‐ Integers‐ Booleans

And relation to ontologies

XACMLoneM2M …

Some possible uses of ABE in oneM2M


Time‐based access control in the Long‐Term Storage model• Data are saved with attributes allowing comparison against

accessControlTimeWindow …• … which is expressed as a policy in KprivAE/CSE resource access control in the Offline Access Control model• AE/CSE runs an ABE challenge‐response protocol with the Originator• The protocol is successful only if the Originator possesses a Kpriv that satisfies

the access control policy set by the AE/CSE

Direct/Indirect Dynamic Authorisation, RBAC, and Privacy Policy Manager in the Platform Provider model• Kpriv can be used to emulate tokens

These are being discussed within ETSI TC CYBER and its STF 529 and not yet proposed to oneM2M

Other aspects & outlook

A Public Key Infrastructure is still needed in support of ABE• Secure distribution of keys, proof of data origin, proof of assertions…

Performance and security• FAME scheme from Agrawal & Chase recently selected,

very promising with good security proof• a normative specification will be included in the toolkit

• Crypto agility: the toolkit will permit use of other ABE schemes• Optimisations & upgrade of cryptographic algorithms

Under research: post‐quantum ABE schemes• Current hard problems will not be so hard under quantum computing• Schemes exist but are not yet practical, state‐of‐the‐art remains theoretical• Bonus: more expressiveness could be achieved with post‐quantum schemes

Under research: homomorphic encryption in conjunction with ABE• Would allow to process information without accessing the raw data• cryptographically not trivial to achieve at all


Final note


ETSI TC CYBER• Advises other groups in ETSI for cybersecurity matters

(e.g. Lawful Interception, NFV Security)• Spearheads and coordinates ETSI’s technical response to EU legislation

related to cybersecurity (GDPR, NIS, upcoming Cybersecurity Act…)

ETSI TC CYBER WG‐QSC (CYBER‐QSC)• Focus is on quantum‐safe cryptography• Have identified ABE on their roadmap

Plans to make draft TS 103 532 (DTS‐CYBER‐0025) available for public review in the near future• Publication planned Feb/March 2018

Thank you !


?

Annex ‐ Contacts


ETSI TC CYBER https://portal.etsi.org/tb.aspx?tbid=824&SubTB=824,856

STF 529 https://portal.etsi.org/STF/stfs/STFHomePages/STF529

Annex ‐ Examples for oneM2M (KP‐ABE)


Time‐based access control in the Long‐Term Storage model

measurement data from an AE are subject to accessControlTimeWindow parameter in an access rule applying to Originator OA

a datum is accessible at a specific time window; if we back it up, we can attach this information to the datumwhen the data is saved with ABE, the ciphertext is annotated with attributes expressing the timeframe at which the data were accessible (compatible with the crontab syntax); this is possible at the price of losing resolution and by setting rules on the calculation of attributes at AE/CSE thus this requires good granularity of the ciphertext generation frequencywhen OA needs access to data in the past, it requests Kpriv with a policy matching accessControlTimeWindow

<acr>

Access control rule as in oneM2M TS-0003

An acr can mention allowed access time in a crontab-compatible format

convert +MPK

Configured ABE attributes:- SECmin- SECmax- MINmin- MINmax- etc.

1

2

AE/CSE

ciphertext

3

e.g “You may access all data captured between Monday and Friday on any week of any year”

+Kpriv

Encrypts using the attributes in order to express the timeframe of data capture in a crontab-compatible format

4 decrypts

+Kpriv

MPK

MPK

MPK

Annex ‐ Examples for oneM2M (KP‐ABE)


resources from an AE/CSE are subject to an access rule applying to Originator OA

ABE attributes are defined to identify operations and resources of the AE/CSE AE/CSE is provisioned with the MPKWhen OA requests a given operation on a given resource, the AE/CSE runs a challenge‐response protocol by encrypting a secret using the MPKand the ABE attributes matching the requestOA can solve the challenge only if they have a Kpriv with a matching policyExtensible to other access control parameters e.g. accessControlTimeWindow

<acr>

Access control rule as in oneM2M TS-0003

An acr can mention allowed operations (CRUD and others)

convert +MPK

Configured ABE attributes:- device_id- resource_id- operation_id

1

3

AE/CSE resource access control in the Offline Access Control model

e.g “You may UPDATE resource #1 on device ABC”

+Kpriv

2

requests resource #1 update

Encrypt( , resource_id = 1, device_id = ABCoperation_id = UPDATE, secret)

response with secret

update protocol continues

(simplified example)

4OA AE/CSE

MPKMPK

STRONG DATA PRIVACY AND SECURITY FOR THE IOT...Extending access control in oneM2M systems with...

Documents

Transcript of STRONG DATA PRIVACY AND SECURITY FOR THE IOT...Extending access control in oneM2M systems with...