& cplSiteName &

ETSI Releases Crypto Specs for Secure Access Control

Light Reading
News Wire Feed
Light Reading
8/21/2018
50%
50%

SOPHIA ANTIPOLIS, France -- ETSI Technical Committee on Cybersecurity has recently released two specifications on Attribute-Based Encryption (ABE) that describe how to protect personal data securely—with fine-grained access controls. ABE is an asymmetric, multi-party cryptographic scheme that bundles access control with data encryption. In such a system, data can only be decrypted if the set of attributes of the user key matches the attributes of the encryption.

For instance, access to employee pay data will only be granted to the role of Human Resources Employee working in the payroll department of a company, who has been there for one year or more. Because ABE enforces access control at a cryptographic (mathematical) level, it provides better security assurance than software-based solutions. It is also space-efficient, since only one ciphertext is needed to cater for all access control needs of a given data set.

Attribute-Based Encryption has been identified by ETSI as a key enabler technology for access control in highly distributed systems,

  • ETSI TS 103 458, which describes high-level requirements for Attribute-Based Encryption. One objective is to provide user identity protection, preventing disclosure to an unauthorized entity. It defines personal data protection on IoT devices, WLAN, cloud and mobile services, where secure access to data has to be given to multiple parties, according to who that party is.

  • ETSI TS 103 532, which specifies trust models, functions and protocols using Attribute-Based Encryption to control access to data, thus increasing data security and privacy. It provides a cryptographic layer that supports both variants of ABE- Ciphertext Policy and Key Policy - in various levels of security assurance. This flexibility in performance suits various forms of deployments, whether in the cloud, on a mobile network or in an IoT environment. The cryptographic layer is extensible and new schemes can be integrated in the standard to support future industry requirements and address data protection challenges in the post-quantum era.

    Both specifications enable compliance with the General Data Protection Regulation, enforced since May 2018, by allowing secure exchange of personal data among data controllers and data processors.

    A standard using Attribute-Based Encryption has several advantages for the industry. It provides an efficient, secure-by-default access control mechanism for data protection that avoids binding access to a person’s name, but instead to pseudonymous or anonymous attributes.

    ABE offers an interoperable, highly scalable mechanism for industrial scenarios where quick, offline access control is a must, and where operators need to access data both in a synchronous manner from the equipment as well as from a larger pool of data in the cloud. ETSI TS 103 532 is thus particularly well-suited to the Industrial IoT and the public sector alike. As it enables access control policies to be introduced after data has been protected, it provides forward-compatibility with future business and legal requirements, such as the introduction of new stakeholders, and support for social benefit schemes.

    European Telecommunications Standards Institute (ETSI)

    (0)  | 
    Comment  | 
    Print  | 
  • Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
    Featured Video
    Flash Poll
    From The Founder
    After almost two decades at Light Reading, it's time for a different optical adventure.
    Upcoming Live Events
    September 24-26, 2018, Westin Westminster, Denver
    October 9, 2018, The Westin Times Square, New York
    October 23, 2018, Georgia World Congress Centre, Atlanta, GA
    November 6, 2018, London, United Kingdom
    November 7-8, 2018, London, United Kingdom
    November 8, 2018, The Montcalm by Marble Arch, London
    November 15, 2018, The Westin Times Square, New York
    December 4-6, 2018, Lisbon, Portugal
    March 12-14, 2019, Denver, Colorado
    All Upcoming Live Events
    Hot Topics
    Apple: It's the End of the SIM as We Know It
    Iain Morris, International Editor, 9/13/2018
    MWCA Day 2 Recap: '5G' Rolls Out & We Roll On
    Phil Harvey, US News Editor, 9/14/2018
    The Mobile Network Is Becoming a Cloud Service
    Phil Harvey, US News Editor, 9/18/2018
    MWCA Day 1 Recap: 5G Is Here…?
    Phil Harvey, US News Editor, 9/13/2018
    So Long, & Good Luck With That
    Steve Saunders, Founder, Light Reading, 9/14/2018
    Animals with Phones
    Live Digital Audio

    A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

    Like Us on Facebook
    Partner Perspectives - content from our sponsors
    One Size Doesn't Fit All – Another Look at Automation for 5G
    By Stawan Kadepurkar, Business Head & EVP, Hi-Tech, L&T Technology Services
    Prepare Now for the 5G Monetization Opportunity
    By Yathish Nagavalli, Chief Enterprise Architect, Huawei Software
    Huawei Mobile Money: Improving Lives and Accelerating Economic Growth
    By Ian Martin Ravenscroft, Vice President of BSS Solutions, Huawei
    Dealer Agent Cloud – Empower Your Dealer & Agent to Excel
    By Natalie Dorothy Scopelitis, Director of Digital Transformation, Huawei Software
    All Partner Perspectives