Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
We discuss the challenge of achieving an auditable key management for cryptographic access control to high-value sensitive data. In such settings it is important to be able to audit the key management process - and in particular to be able to provide verifiable proofs of key generation. The auditable key management has several possible use cases in both civilian and military world. In particular, the new regulations for protection of sensitive personal data, such as GDPR, introduce strict requirements for handling of personal data and apply a very restrictive definition of what can be considered a personal data. Cryptographic access control for personal data has a potential to become extremely important for preserving industrial ability to innovate, while protecting subject’s privacy, especially in the context of widely deployed modern monitoring, tracking and profiling capabilities, that are used by both governmental institutions and high-tech companies. However, in general, an encrypted data is still considered as personal under GDPR and therefore cannot be, e.g., stored or processed in a public cloud or distributed ledger. In our work we propose an identity-based cryptographic framework that ensures confidentiality, availability, integrity of data while potentially remaining compliant with the GDPR framework.
Słowa kluczowe
Rocznik
Tom
Strony
449--458
Opis fizyczny
Bibliogr. 47 poz., rys.
Twórcy
autor
- Military University of Technology, Warsaw, Poland.
autor
- NATO Cyber Security Centre, The Hague, The Netherlands
- Military University of Technology, Warsaw, Poland.
Bibliografia
- [1] A. Greenberg, Sandworm - A new era of cyberwar and the hunt for the Kremlin’s hackers. Doubleday, 2019.
- [2] EU, “General Data Protection Regulation 2016/679,” 2016.
- [3] J. Gresham, “Is encrypted data personal data under the gdpr?” Available online at: https://iapp.org/news/a/is-encrypted-data-personal-data-under-the-gdpr/, 3 2019.
- [4] S. Garg, S. Goldwasser, and P. N. Vasudevan, “Formalizing data deletion in the context of the right to be forgotten,” Cryptology ePrint Archive, Report 2020/254, 2020, https://eprint.iacr.org/2020/254.
- [5] D. Derler, S. Ramacher, D. Slamanig, and C. Striecks, “I want to forget: Fine-grained encryption with full forward secrecy in the distributed setting,” Cryptology ePrint Archive, Report 2019/912, 2019, https://eprint.iacr.org/2019/912.
- [6] J. B. Bernabe, J. L. Canovas, J. L. Hernández-Ramos, R. T. Moreno, and A. F. Skarmeta, “Privacy-preserving solutions for blockchain: Review and challenges,” IEEE Access, vol. 7, pp. 164 908–164 940, 2019.
- [7] L. Widick, I. Ranasinghe, R. Dantu, and S. Jonnada, “Blockchain based authentication and authorization framework for remote collaboration systems,” 2019 IEEE 20th International Symposium on ”A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), pp. 1–7, 2019.
- [8] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, “Medrec: Using blockchain for medical data access and permission management,” 08 2016, pp. 25–30.
- [9] A. W. Dent, “A brief introduction to certificateless encryption schemes and their infrastructures,” in Public Key Infrastructures, Services and Applications, F. Martinelli and B. Preneel, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 1–16.
- [10] H. Shafagh, L. Burkhalter, A. Hithnawi, and S. Duquennoy, “Towards blockchain-based auditable storage and sharing of iot data,” in Proceedings of the 2017 on Cloud Computing Security Workshop, ser. CCSW ’17. New York, NY, USA: Association for Computing Machinery, 2017, p. 45–50. [Online]. Available: https://doi.org/10.1145/3140649.3140656
- [11] G. Zyskind, O. Nathan, and A. Pentland, “Decentralizing privacy: Using blockchain to protect personal data,” 2015 IEEE Security and Privacy Workshops, pp. 180–184, 2015.
- [12] X. A. Wang, F. Xhafa, Z. Zheng, and J. Nie, “Identity based proxy re-encryption scheme (ibpre+) for secure cloud data sharing,” in 2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS), Sep. 2016, pp. 44–48.
- [13] M. Egorov and M. Wilkison, “Nucypher KMS: decentralized key management system,” CoRR, vol. abs/1707.06140, 2017. [Online]. Available: http://arxiv.org/abs/1707.06140
- [14] A. Sonnino, M. Al-Bassam, S. Bano, and G. Danezis, “Coconut: Threshold issuance selective disclosure credentials with applications to distributed ledgers,” CoRR, vol. abs/1802.07344, 2018. [Online]. Available: http://arxiv.org/abs/1802.07344
- [15] V. Reniers, D. V. Landuyt, P. Viviani, B. Lagaisse, R. Lombardi, and W. Joosen, “Analysis of architectural variants for auditable block chain-based private data sharing,” in SAC ’19, 2019.
- [16] G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy re-encryption schemes with applications to secure distributed storage,” IACR Cryptology ePrint Archive, vol. 2005, p. 28, 2005.
- [17] D. Nuñez, I. Agudo, and J. López, “Proxy re-encryption: Analysis of constructions and its application to secure access delegation,” J. Netw. Comput. Appl., vol. 87, pp. 193–209, 2017.
- [18] D. Nuñez, I. Agudo, and J. Lopez, “Proxy re-encryption: Analysis of constructions and its application to secure access delegation,” Journal of Network and Computer Applications, vol. 87, 03 2017.
- [19] E. Kokoris-Kogias, E. C. Alp, S. D. Siby, N. Gailly, L. Gasser, P. Jovanovic, E. Syta, and B. Ford, “Verifiable management of private data under byzantine failures,” Cryptology ePrint Archive, Report 2018/209, 2018, https://eprint.iacr.org/2018/209.
- [20] A. N. Amroudi, A. Zaghain, and M. Sajadieh, “A verifiable (k,n,m)-threshold multi-secret sharing scheme based on ntru cryptosystem, ”Wireless Personal Communications, vol. 96, pp. 1393–1405, 2017.
- [21] B. Rajabi and Z. Eslami, “A verifiable threshold secret sharing scheme based on lattices,” Information Sciences, vol. 501, 11 2018.
- [22] E. Androulaki, A. Barger, V. Bortnikov, C. Cachin, K. Christidis, A. D. Caro, D. Enyeart, C. Ferris, G. Laventman, Y. Manevich, S. Muralidharan, C. Murthy, B. Nguyen, M. Sethi, G. Singh, K. Smith, A. Sorniotti, C. Stathakopoulou, M. Vukolic, S. W. Cocco, and J. Yellick, “Hyperledger fabric: A distributed operating system for permissioned blockchains,” CoRR, vol. abs/1801.10228, 2018. [Online]. Available: http://arxiv.org/abs/1801.10228
- [23] D. Nuñez, “Umbral: a threshold proxy re-encryption scheme,” 2018, https://raw.githubusercontent.com/nucypher/umbral-doc/master/umbral-doc.pdf.
- [24] M. Egorov, D. Nuñez, and M. Wilkison, “Nucypher : A proxy re-encryption network to empower privacy in decentralized systems,” 2018.
- [25] European Parliamentary Research Service Scientific Foresight Unit, “Blockchain and the general data protection regulation: Can distributed ledgers be squared with european data protection law?” Available online at: https://www.europarl.europa.eu/RegData/etudes/STUD/2019/634445/EPRSSTU(2019)634445EN.pdf, 7 2019.
- [26] M. Finck, “Blockchain and the general data protection regulation. Can distributed ledgers be squared with european data protection law?” 2019.
- [27] C. Gentry, “Practical Identity-Based Encryption Without Random Oracles,” in EUROCRYPT Adv. Cryptol., vol. 4004, 2006, pp. 445–464.
- [28] X. Boyen and B. Waters, “Anonymous hierarchical identity-based encryption (Without random oracles),” in Adv. Cryptol. - CRYPTO, 2006.
- [29] J. Camenisch, M. Kohlweiss, A. Rial, and C. Sheedy, “Blind and anonymous identity-based encryption and authorised private searches on public key encrypted data,” in Int. Work. Public Key Cryptogr., S. Jarecki and G. Tsudik, Eds., 2009, pp. 196–214.
- [30] S. S. M. Chow, “Removing Escrow from Identity-Based Encryption,” in Int. Work. Public Key Cryptogr. Springer, 2009, pp. 256–276.
- [31] D. Boneh and M. Franklin, “Identity-Based Encryption from the Weil Pairing,” SIAM J. Comput., vol. 32, no. 3, pp. 586–615, 2003.
- [32] A. Kate and I. Goldberg, “Distributed Private-Key Generators for Identity-based Cryptography,” in Int. Conf. Secur. Cryptogr. Networks, 2010.
- [33] P. Feldman, “A practical scheme for non-interactive verifiable secret sharing,” 28th Annu. Symp. Found. Comput. Sci., pp. 427–438, 1987. [Online]. Available: http://ieeexplore.ieee.org/document/4568297/
- [34] S. Garg, M. Hajiabadi, M. Mahmoody, and A. Rahimi, “Registration-based encryption: Removing private-key generator from IBE,” in Proc. TCC, 2018, pp. 689–718.
- [35] S. Garg, M. Hajiabadi, M. Mahmoody, A. Rahimi, and S. Sekar, “Registration-Based Encryption from Standard Assumptions,” in Public-Key Cryptogr. - PKC, 2019, pp. 63–93.
- [36] R. Goyal and S. Vusirikala, “Verifiable Registration-Based Encryption,” IACR, Tech. Rep., 2019. [Online]. Available: https://eprint.iacr.org/2019/1044
- [37] S. Chatterjee and P. Sarkar, Identity-Based Encryption. Springer, 2011.
- [38] A. W. Dent, “A brief introduction to certificateless encryption schemes and their infrastructures,” in Proc. of the European Public Key Infrastructure Workshop (EuroPKI 2009), F. Martinelli and B. Preneel, Eds. Springer, 2010, pp. 1–16.
- [39] A. Shamir, “Identity-based cryptosystems and signature schemes,” in Workshop on the theory and application of cryptographic techniques. Springer, 1984, pp. 47–53, dostęp online: http://discovery.csc.ncsu.edu/Courses/csc774-S08/reading-assignments/shamir84.pdf.
- [40] X. Boyen and L. Martin, “The Boneh-Franklin BF Cryptosystem,” IETF, Tech. Rep. RFC 5091, 2007.
- [41] C. Gentry, C. Peikert, and V. Vaikuntanathan, “Trapdoors for hard lattices and new cryptographic constructions,” Cryptology ePrint Archive, Report 2007/432, 2007, https://eprint.iacr.org/2007/432.
- [42] S. Agrawal, D. Boneh, and X. Boyen, “Efficient lattice (h)ibe in the standard model,” in Advances in Cryptology – EUROCRYPT 2010, H. Gilbert, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 553–572.
- [43] D. Moody, R. C. Peralta, R. A. Perlner, A. R. Regenscheid, A. L. Roginsky, and L. Chen, “Report on pairing-based cryptography,” NIST, Tech. Rep., 2015.
- [44] Y. Yacobi, “A note on the bi-linear diffie-hellman assumption,” in ryptology ePrint Archive, Report 2002/113, 2002.
- [45] E. Kokoris-Kogias, E. C. Alp, S. D. Siby, N. Gailly, L. Gasser, P. Jovanovic, E. Syta, and B. Ford, “Verifiable management of private data under byzantine failures,” Cryptology ePrint Archive 2018/209, 2018.
- [46] Y. Rouselakis and B. Waters, “Efficient statically-secure large-universe multi-authority attribute-based encryption,” ePrint Archive 2015/016, 2015.
- [47] D. Chadwick, “Federated identity management,” in Foundations of Security Analysis and Design V SE - 3, 2009, p. 96–120.
Uwagi
This work was presented at the International Scientific Conference Mathematical Cryptology & Cybersecurity (MC&C 2020), Warsaw, 16-17.01.2020.
Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2020).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-fde71d25-3594-4f3d-bcea-12207b9df78b