ETSI TS 103 532 V1.1.1 (2018-03)

ETSI TS 103 532 V1.1.1 (2018-03)






TECHNICAL SPECIFICATION
CYBER;
Attribute Based Encryption for
Attribute Based Access Control

---------------------- Page: 1 ----------------------
2 ETSI TS 103 532 V1.1.1 (2018-03)



Reference
DTS/CYBER-0025
Keywords
access control, privacy
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2018.
All rights reserved.

TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.
TM TM
3GPP and LTE are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M logo is protected for the benefit of its Members.
®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 103 532 V1.1.1 (2018-03)
Contents
Intellectual Property Rights . 9
Foreword . 9
Modal verbs terminology . 9
1 Scope . 10
2 References . 10
2.1 Normative references . 10
2.2 Informative references . 11
3 Definitions and abbreviations . 13
3.1 Definitions . 13
3.2 Abbreviations . 15
4 Attribute-Based Encryption Toolkit . 16
4.1 CPA-secure ciphertext-policy and key-policy attribute-based key-encapsulation mechanisms . 16
4.1.1 Overview . 16
4.1.2 Ciphertext-policy ABKEM . 16
4.1.3 Key-policy ABKEM . 17
4.2 Specifications of CPA-secure ciphertext-policy and key-policy ABKEMs . 17
4.2.1 General . 17
4.2.1.1 Introduction . 17
4.2.1.2 Random bit generation . 18
4.2.1.3 Formats for attributes and policies . 18
4.2.1.4 The map2point mapping . 18
4.2.1.4.1 General . 18
4.2.1.4.2 map2point_34 . 19
4.2.1.4.3 map2point_ssing23 . 19
4.2.1.4.4 map2point_23 . 19
4.2.1.5 Monotone span programs . 20
4.2.1.5.1 General . 20
4.2.1.5.2 MSP_Encode . 20
4.2.1.5.3 MSP_Decode . 21
4.2.2 Specification of CP-WATERS-KEM . 22
4.2.2.1 General . 22
4.2.2.2 Setup . 22
4.2.2.3 Secret-key generation . 23
4.2.2.4 Symmetric-key encapsulation . 23
4.2.2.5 Symmetric-key decapsulation . 24
4.2.3 Specification of CP-FAME-KEM and KP-FAME-KEM . 24
4.2.3.1 Hash functions . 24
4.2.3.2 Setup for CP-FAME-KEM and KP-FAME-KEM . 25
4.2.3.3 CP-FAME-KEM . 26
4.2.3.3.1 General . 26
4.2.3.3.2 Secret-key generation . 26
4.2.3.3.3 Symmetric-key encapsulation . 27
4.2.3.3.4 Symmetric-key decapsulation . 28
4.2.3.4 KP-FAME-KEM . 28
4.2.3.4.1 General . 28
4.2.3.4.2 Secret-key generation . 28
4.2.3.4.3 Symmetric-key encapsulation . 30
4.2.3.4.4 Symmetric-key decapsulation . 30
4.2.4 Specification of KP-GSPW-KEM . 31
4.2.4.1 General . 31
4.2.4.2 Setup . 31
4.2.4.3 Secret-key generation . 32
4.2.4.4 Symmetric-key encapsulation . 32
4.2.4.5 Symmetric-key decapsulation . 33
ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 103 532 V1.1.1 (2018-03)
4.3 Ciphertext-policy and key-policy attribute-based encryption. 33
4.3.1 Overview . 33
4.3.2 Ciphertext-policy ABE . 34
4.3.3 Key-policy ABE . 34
4.4 Specifications of CPA-secure ciphertext-policy and key-policy ABE . 35
4.4.1 General . 35
4.4.1.1 Introduction . 35
4.4.1.2 Pseudorandom generator . 35
4.4.2 CPA-secure CP-ABE . 35
4.4.3 CPA-secure KP-ABE scheme . 36
4.5 Specifications of CCA-secure CP-ABKEMs and KP-ABKEMs, CP-ABE schemes, and KP-ABE
schemes . 36
4.5.1 General . 36
4.5.1.1 Introduction . 36
4.5.1.2 Collusion-resistant hash function . 37
4.5.1.3 Authenticated encryption . 37
4.5.2 CCA-secure CP-ABKEM . 37
4.5.3 CCA-secure KP-ABKEM . 38
4.5.4 CCA-secure CP-ABE . 38
4.5.5 CCA-secure KP-ABE . 39
4.6 Requirements for compliant ABKEMs . 40
4.6.1 General . 40
4.6.2 Requirement 1: correctness and indistinguishability under chosen-plaintext attacks for ABKEMs . 40
4.6.2.1 Correctness . 40
4.6.2.2 Indistinguishability under chosen-plaintext attacks . 40
4.6.3 Requirement 2: Sufficient security levels . 41
4.7 Revocation . 41
4.7.1 Attribute revocation . 41
4.7.2 Secret-key revocation . 42
4.8 Recommendations . 42
4.8.1 Overview . 42
4.8.2 Efficiency considerations . 42
4.8.3 Security considerations . 42
5 Trust models . 43
5.1 Overview . 43
5.2 Roles . 43
5.2.1 Data Consumer . 43
5.2.2 Data Controller . 43
5.2.3 Data Processor . 43
5.2.4 Data Subject . 43
5.2.5 Device Manager . 43
5.2.6 Platform Provider . 43
5.2.7 Third Party Service Provider . 44
5.2.8 Platform User . 44
5.3 Models . 44
5.3.1 Long term storage . 44
5.3.2 Offline access control . 45
5.3.3 Platform Provider . 45
5.4 Functions . 46
5.4.1 Authority function . 46
5.4.2 Assertion function . 47
5.4.2.1 General . 47
5.4.2.2 Data access assertion . 47
5.4.2.3 Data capture assertion . 47
5.4.3 Encryption function . 47
5.4.4 Policy Management function . 47
5.4.5 Key distribution function . 47
5.4.6 Decryption function . 48
6 Procedures for distributing attributes and keys . 48
6.1 Introduction . 48
ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 103 532 V1.1.1 (2018-03)
6.2 Platform Provider extended with Public Key Infrastructure X.509 . 48
6.2.1 Overview . 48
6.2.2 Entities . 49
6.2.2.1 Introduction . 49
6.2.2.2 ABE Authority (ABEA) . 49
6.2.2.3 Keys associated to the Third Party Service Provider (3SP) . 50
6.2.2.4 Keys associated to the Platform Provider (PP) . 50
6.2.3 ABE Key Distribution . 50
6.2.3.1 General . 50
6.2.3.2 Setup . 50
6.2.3.3 ABE Public Key distribution. 50
6.2.3.4 ABE secret key material distribution . 50
6.2.3.5 Attributes distribution . 51
6.2.4 ABE Public Key revocation . 51
6.3 Assertions . 51
6.3.1 Introduction. 51
6.3.2 Types of assertions. 51
6.3.3 Mapping to SAML . 52
6.3.3.1 SAML Attributes . 52
6.3.3.2 SAML Attribute Statements . 52
6.3.3.2.1 Unencrypted format . 52
6.3.3.2.2 Encrypted format . 52
6.3.3.3 SAML Attribute Queries . 52
6.3.3.4 Key assertions . 53
6.3.3.5 Security considerations . 53
6.3.4 SAML binding for CoAP . 53
6.3.4.1 Message encapsulation . 53
6.3.4.2 Addressing and intermediaries . 53
6.3.4.3 Security . 53
7 Attribute Based Access Control layer . 54
7.1 Overview . 54
7.2 Base ABKEM access control capabilities ("Layer 1") . 54
7.2.1 Introduction. 54
7.2.2 Attributes . 54
7.2.2.1 Syntax for attribute declaration . 54
7.2.2.2 Attribute types . 54
7.2.2.3 Syntax for ABKEM universe declaration . 55
7.2.2.4 Syntax for value assignment in annotations . 55
7.2.3 Policies . 56
7.2.3.1 General definition of a policy and syntax . 56
7.2.3.2 Relational statements . 56
7.2.3.2.1 Introduction . 56
7.2.3.2.2 Relational operators for the unsigned integer attribute type . 56
7.2.3.2.3 Relational operators for the boolean attribute type . 57
7.2.3.2.4 Relational operators for the string attribute type . 57
7.2.3.3 Logical operators . 57
7.2.3.4 Threshold gates . 57
7.2.3.5 Top-level statements . 58
7.2.4 ABKEM bindings . 58
7.2.4.1 Introduction . 58
7.2.4.2 Binding rules for value assignment to attributes in annotation . 58
7.2.4.2.1 Common translation rules . 58
7.2.4.2.2 Unsigned integer . 58
7.2.4.2.3 Boolean . 59
7.2.4.2.4 String . 59
7.2.4.3 Binding rules for policy translation . 59
7.2.4.3.1 Common translation rules . 59
7.2.4.3.2 Integer . 60
7.2.4.3.2.1 "<" operator. 60
7.2.4.3.2.2 ">" operator. 60
7.2.4.3.2.3 "==" operator . 60
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 103 532 V1.1.1 (2018-03)
7.2.4.3.2.4 "!=" operator . 61
7.2.4.3.2.5 "<=" operator . 61
7.2.4.3.2.6 ">=" operator . 62
7.2.4.3.3 Boolean . 63
7.2.4.3.4 String . 63
7.3 Intermediate access control layer ("Layer 2") . 64
7.3.1 Introduction (informative) . 64
7.3.2 Additional attribute types .
...