Attribute-based encryption for cloud computing access control: A survey

National Research Foundation (NRF) Singapore; AXA Research Fun

Droplet: Decentralized Authorization for IoT Data Streams

This paper presents Droplet, a decentralized data access control service, which operates without intermediate trust entities. Droplet enables data owners to securely and selectively share their encrypted data while guaranteeing data confidentiality against unauthorized parties. Droplet's contribution lies in coupling two key ideas: (i) a new cryptographically-enforced access control scheme for encrypted data streams that enables users to define fine-grained stream-specific access policies, and (ii) a decentralized authorization service that handles user-defined access policies. In this paper, we present Droplet's design, the reference implementation of Droplet, and experimental results of three case-study apps atop of Droplet: Fitbit activity tracker, Ava health tracker, and ECOviz smart meter dashboard

Secure Data Communication in Autonomous V2X Systems

In Vehicle-to-Everything (V2X) communication systems, vehicles as well as infrastructure devices can interact and exchange data with each other. This capability is used to implement intelligent transportation systems applications. Data confidentiality and integrity need to be preserved in unverified and untrusted environments. In this paper, we propose a solution that provides (a) role-based and attribute-based access control to encrypted data and (b) encrypted search over encrypted data. Vehicle Records contain sensitive information about the owners and vehicles in encrypted form with attached access control policies and policy enforcement engine. Our solution supports decentralized and distributed data exchange, which is essential in V2X systems, where a Central Authority is not required to enforce access control policies. Furthermore, we facilitate querying encrypted Vehicle Records through Structured Query Language (SQL) queries. Vehicle Records are stored in a database in untrusted V2X cloud environment that is prone to provide the attackers with a large attack surface. Big datasets, stored in cloud, can be used for data analysis, such as traffic pattern analysis. Our solution protects sensitive vehicle and owner information from curious or malicious information cloud administrators. Support of indexing improves performance of queries that are forwarded to relevant encrypted Vehicle Records, which are stored in the cloud. We measure the performance overhead of our security solution based on self-protecting Vehicle Records with encrypted search capabilities in V2X communication systems and analyze the effect of security over safety

T3AB: Transparent and Trustworthy Third-party Authority using Blockchain

Increasingly, information systems rely on computational, storage, and network resources deployed in third-party facilities or are supported by service providers. Such an approach further exacerbates cybersecurity concerns constantly raised by numerous incidents of security and privacy attacks resulting in data leakage and identity theft, among others. These have in turn forced the creation of stricter security and privacy related regulations and have eroded the trust in cyberspace. In particular, security related services and infrastructures such as Certificate Authorities (CAs) that provide digital certificate service and Third-Party Authorities (TPAs) that provide cryptographic key services, are critical components for establishing trust in Internet enabled applications and services. To address such trust issues, various transparency frameworks and approaches have been recently proposed in the literature. In this paper, we propose a Transparent and Trustworthy TPA using Blockchain (T3AB) to provide transparency and accountability to the trusted third-party entities, such as honest-but-curious third-party IaaS servers, and coordinators in various privacy-preserving machine learning (PPML) approaches. T3AB employs the Ethereum blockchain as the underlying public ledger and also includes a novel smart contract to automate accountability with an incentive mechanism that motivates participants' to participate in auditing, and punishes unintentional or malicious behaviors. We implement T3AB, and show through experimental evaluation in the Ethereum official test network, Rinkeby, that the framework is efficient. We also formally show the security guarantee provided by T3AB, and analyze the privacy guarantee and trustworthiness it provides

reclaimID: Secure, Self-Sovereign Identities using Name Systems and Attribute-Based Encryption

In this paper we present reclaimID: An architecture that allows users to reclaim their digital identities by securely sharing identity attributes without the need for a centralised service provider. We propose a design where user attributes are stored in and shared over a name system under user-owned namespaces. Attributes are encrypted using attribute-based encryption (ABE), allowing the user to selectively authorize and revoke access of requesting parties to subsets of his attributes. We present an implementation based on the decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE using type-1 pairings. To show the practicality of our implementation, we carried out experimental evaluations of selected implementation aspects including attribute resolution performance. Finally, we show that our design can be used as a standard OpenID Connect Identity Provider allowing our implementation to be integrated into standard-compliant services.Comment: 12 page