ETSI releases cryptographic standards for secure access control
ABE combines access control with data encryption to only allow data to be decrypted if the set of attributes of the user key matches the attributes of the encryption. Because ABE enforces access control at a cryptographic (mathematical) level, it provides better security assurance than software-based solutions. It is also space-efficient, since only one ciphertext is needed to cater for all access control needs of a given data set.
Attribute-Based Encryption has been identified by ETSI as a key enabler technology for access control in highly distributed systems, such as 5G and the IoT. The two specifications are:
ETSI TS 103 458, which describes high-level requirements for Attribute-Based Encryption. One objective is to provide user identity protection, preventing disclosure to an unauthorized entity. It defines personal data protection on IoT devices, WLAN, cloud and mobile services, where secure access to data has to be given to multiple parties, according to who that party is.
ETSI TS 103 532, which specifies trust models, functions and protocols using Attribute-Based Encryption to control access to data, thus increasing data security and privacy. It provides a cryptographic layer that supports both variants of ABE- Ciphertext Policy and Key Policy – in various levels of security assurance. This flexibility in performance suits various forms of deployments, whether in the cloud, on a mobile network or in an IoT environment. The cryptographic layer is extensible and new schemes can be integrated in the standard to support future industry requirements and address data protection challenges in the post-quantum era.
Both specifications enable compliance with the General Data Protection Regulation, enforced since May 2018, by allowing secure exchange of personal data among data controllers and data processors.
More information
https://www.etsi.org/
Related news
ETSI: Software Radio Reconfiguration
Licensed Shared Access specs available from ETSI
Analog signal post-processing software is preset to ISO, NFC Forum, and EMVCo norms
ETSI partners with T&D Europe to drive smart grid standards
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :