How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE

Tang, Qiang

English

Abstract. How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waid-ner, provides very useful inspiration on how we can protect sensitive per-sonal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques includ-ing Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a gen-eral framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE. 

Qiang Tang

CiteSeerX

On Using Encryption Techniques to Enhance Sticky Policies Enforcement

NARCIS 

University of Twente Research Information

A contextual attribute-based access control model.

A study of preferences for sharing and privacy.

A type-and-identity-based proxy reencryption scheme and its application in healthcare.

Access Control Using Pairing Based Cryptography.

An Internet Attribute Certi¯cate Pro¯le for Authorization,

Attribute-based encryption for ¯ne-grained access control of encrypted data.

Authorization-Limited Transformation-Free Proxy Cryptosystems and Their Security Analyses*.

Ciphertext-Policy Attribute-Based Encryption.

Ciphertext-policy attribute-based encryption. In

Department of Health and Human Services. Summary of the HIPAA Privacy Rule,

Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack.

Directive 2002/58/EC of the European parliament and of the council

Divertible protocols and atomic proxy cryptography. In

Fuzzy identity-based encryption. In

Give and take: a study of consumer photosharing culture and practice.

Identity-based cryptosystems and signature schemes.

Identity-based encryption from the weil pairing.

Identity-based proxy re-encryption.

Improved proxy re-encryption schemes with applications to secure distributed storage.

Organization for the Advancement of Structured Information Standards (OASIS). eXtensible Access Control Markup Language (XACML)

PÄ ohls. Veri¯able and revocable expression of consent to processing of aggregated personal data. In

Personal Health Records: De¯nitions, Bene¯ts, and Strategies for Overcoming Barriers to Adoption.

Platform for enterprise privacy practices: Privacy-enabled management of customer data.

Protection { principles and practice.

Proxy cryptography revisited.

Proxy cryptosystems: Delegation of the power to decrypt ciphertexts.

Relations among notions of security for public-key encryption schemes.

Secure computer systems: A mathematical model.

Standards Institute (ANSI). ANSI INCITS 359-2004 for Role Based Access Control,

Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services.

Type-based proxy re-encryption and its construction.

On Using Encryption Techniques to Enhance Sticky Policies Enforcement

Abstract

Similar works

Full text

Available Versions

CiteSeerX

NARCIS

University of Twente Research Information