Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
USER-CENTRIC PRIVACY-PRESERVING TECHNIQUES FOR CLOUD-ASSISTED IOTAPPLICATIONS
Nesrine KaanicheTélécom SudParis, Polytechnic Institute of Paris
Chair Values and Policies of Personal Information of IMT
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 2
GENERAL CONTEXTWHAT THEY KNOW ABOUT US?
User
Paris AreaAuckland Area
Location Data Location Data
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 3
GENERAL CONTEXTWHO CONTROL OUR DATA?
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 4
GENERAL CONTEXT
Privacy is not only being anonymous. It is beyond that!
Privacy is not for criminals only! But, It is Hard to achieve!
WHO CARES?
Needed Fast enough to be useful Not «generally usable» yet
Advanced Cryptography can Help!
Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 5
General Context
Attribute based Signatures for Anonymous Authentication
Attribute based Encryptions for Fine Grained Access Control
Real-world Applications
Takeaways and Perspectives
PLAN
03/02/2021
AUTHENTICATIONATTRIBUTE BASED SIGNATURES FOR ANONYMOUS AUTHENTICATION
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 6
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 7
CLASSICAL IDENTITY MANAGEMENTHOW IT WORKS TODAY?
❶ I am Bob
❷ Age?
❸ Confirm I am > 18!
Identity Provider
User
Service Provider
❹ Yes, >18!
❺ yes, > 18!
Certified attributes giveconfidence to SP, but…
03/02/2021
How cryptograhy can help?
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 8
ATTRIBUTE BASED SIGNATURE
Verifier
Attribute Authority
User
Attributes
(1)
Se
nd
Att
rib
ute
s
(2)
Issu
e S
ecr
et
Ke
ys
AND
OR
AND
A
B
C D
(4) Send the Signing Policy and the message
(6) Send Signature
(5) Generate Signature w.r.t. to Access Policy (7) Verify Signature Using Public Parameters
Sig does it verify mySigning Policy ??
(3) Define Signing Policy and a message
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 9
ABS FOR ANONYMOUS AUTHENTICATIONHOW IT WORKS?
Passport
Driver’s license
Passport: birth date = 1973/01/26 Driver’s license = vehicle cat B
User
Service Provider
Attribute Authority
Attribute Authority
Issue Obtain
Certified attributes
Show Verify
Malleable operations over attribute-sets
How can we provide privacy preserving
access to data in dynamic environments?
ACCESS CONTROLATTRIBUTE BASED ENCRYPTION FOR FINE GRAINED ACCESS
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 10
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 11
ACCESS CONTROL IN THE CLOUD CHALLENGES?
• Reliance on the cloud server
• Confidentiality against SP
• Privacy
Access Control List (ACL):
Save users identities in ACL Check ACL to authorise users Managed by a trusted party
Role Based Access Control (RBAC):
Identify users by roles Users’ roles match data roles Managed by a trusted party
Attribute-Based Access Control (ABAC):
Identify users by attributes Users’ attributes match data
roles Managed by a trusted party
!
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 12
ATTRIBUTE BASED ENCRYPTION
Data Owner
Attribute Authority
Users
Attributes
(6)
Sen
d A
ttri
bu
tes
(5)
Issu
e Se
cre
t K
eys
(1) Define Access Policy
(2) Encrypt Data w.r.t to the access policy
AND
OR
AND
A
B
C D
(7) Retrieve Data
Service Provider
{A, C, D}
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 13
ATTRIBUTE BASED ENCRYPTION
Data Owner
Attribute Authority
Users
Attributes
(6)
Sen
d A
ttri
bu
tes
(5)
Issu
e Se
cre
t K
eys
(1) Define Access Policy
(2) Encrypt Data w.r.t to the access policy
AND
OR
AND
A
B
C D
(7) Retrieve Data
Service Provider
Drawbacks:
o Leakage of users’ attributes
o High processing over-head
o No access policy update
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 14
ATTRIBUTE BASED ENCRYPTIONABE WITH HIDDEN ACCESS POLICY
Cloud
Attribute Authority
Key GenerationKey Generation
Users
Data Owner
AND
OR
AND
A
B
C D
{A, C, D}
AND
OR
AND
A’
B’
C’ D’
Belguith S, Kaaniche N., Laurent, M, Jemai, A. , Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT, Computer Networks
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 15
ATTRIBUTE BASED ENCRYPTION
Data Owner
Attribute Authority
Users
Attributes
(6)
Sen
d A
ttri
bu
tes
(5)
Issu
e Se
cre
t K
eys
(1) Define Access Policy
(2) Encrypt Data w.r.t to the access policy
AND
OR
AND
A
B
C D
(7) Retrieve Data
Service Provider
Drawbacks:
o No leakage of users’ attributes
o High processing over-head
o No access policy update
Belguith S, Kaaniche N., Laurent, M, Jemai, A. , Phoabe: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT, Computer Networks
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 16
ATTRIBUTE BASED ENCRYPTIONABE WITH OUTSOURCED DECRYPTION
Cloud
Attribute Authority
Key GenerationKey Generation
Users
Semi Trusted Edge Server
Ou
sto
urc
eci
ph
erte
xt
Ret
urn
the
par
tial
lyd
ecry
pte
dci
ph
erte
xt
Data Owner
AND
OR
AND
A
B
C D
{A, C, D}
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 17
ATTRIBUTE BASED ENCRYPTION
Data Owner
Attribute Authority
Users
Attributes
(6)
Sen
d A
ttri
bu
tes
(5)
Issu
e Se
cre
t K
eys
(1) Define Access Policy
(2) Encrypt Data w.r.t to the access policy
AND
OR
AND
A
B
C D
(7) Retrieve Data
Service Provider
Drawbacks:
o No leakage of users’ attributes
o Less processing over-head
o No access policy update
Belguith S, Kaaniche N., Hammoudeh, M,, Dargahi, T. , PROUD: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications, Future Generation Computer Networks
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 18
ATTRIBUTE BASED ENCRYPTIONABE WITH ACCESS POLICY UPDATE
Cloud
Attribute Authority
Key GenerationKey Generation
Users
Data Owner
AND
OR
AND
C D
AND
A EAND
F B
{A, E, F, B}
AND
OR
AND
A
B
C D
AND
OR
AND
A
B
C D
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 19
ATTRIBUTE BASED ENCRYPTION
Data Owner
Attribute Authority
Users
Attributes
(6)
Sen
d A
ttri
bu
tes
(5)
Issu
e Se
cre
t K
eys
(1) Define Access Policy
(2) Encrypt Data w.r.t to the access policy
AND
OR
AND
A
B
C D
(7) Retrieve Data
Service Provider
Drawbacks:
o No leakage of users’ attributes
o Less processing over-head
o Access policy update
Belguith S, Kaaniche N., Hammoudeh, M,, Dargahi, T. , PROUD: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications, Future Generation Computer Networks
FOR REAL WORLD APPLICATIONS
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 20
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 21
DATA AGGREGATION IN CLOUD-ASSISTED IOTSMART HOME USE CASE
Cloud
Attribute Authority
Key GenerationKey Generation
UsersData Owner
IoT devices
Agregator
AND
OR
AND
A
B
C D
{A, E, F, B}
Belguith S, Kaaniche N., Mohamed, M, Russello G, T. , Coop-daab: Cooperative attribute based data aggregation for internet of things applications, OTM Conference
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 22
CLOUD-ASSISTED VEHICULAR NETWORKSAUTHENTICATED DATA SHARING
Cloud
Attribute Authority
Key GenerationKey Generation
Users
Data Owner
Semi Trusted Edge ServerO
ust
ou
rce
cip
her
text
Ret
urn
the
par
tial
lyd
ecry
pte
dci
ph
erte
xt
AND
OR
AND
A
B
C D
{A, E, F, B}
CloudAND
OR
AND
C D
AND
A EAND
F B
AND
OR
AND
A
B
C D
Belguith S, Kaaniche N., Hammoudeh, M, Dargahi, T. , PROUD: verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications, Future Generation Computer Networks
CONCLUSIONTAKEAWAYS AND PERSPECTIVES
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 23
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 24
CONCLUSION
Attribute based primitives are promising techniques, adapted to multi-users’ applications:
• ETSI TS 103 458, codifies the high-level requirements for applying ABE for PII and personal data protection in four use cases: IoT devices, wireless LANs, cloud and mobile services.
• ETSI TS 103 532, proposes an ABE toolkit, trust models, procedures for distributing attributes and keys and an attribute-based access control layer.
o Many challenges are still to be addressed:
o Multi-authority settings
o Revocation and multi-level redaction
o Performances, …
o Ongoing work to adopt attribute-based primitives in the AI-driven world, in order to mitigate/control data leakage and enhance data minimisation.
TAKEWAYS & PERSPECTIVES
THANKS!
03/02/2021 Nesrine Kaaniche _ User-centric Privacy preserving Techniques in Cloud-assisted IoT applications 25