ETSI TS 103 532 V1.2.1 (2021-05)

ETSI TS 103 532 V1.2.1 (2021-05)






TECHNICAL SPECIFICATION
CYBER;
Attribute Based Encryption for
Attribute Based Access Control

---------------------- Page: 1 ----------------------
2 ETSI TS 103 532 V1.2.1 (2021-05)

Reference
RTS/CYBER-0068
Keywords
access control, privacy

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
and/or governmental rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2021.
All rights reserved.

ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 103 532 V1.2.1 (2021-05)
Contents
Intellectual Property Rights . 8
Foreword . 8
Modal verbs terminology . 8
1 Scope . 9
2 References . 9
2.1 Normative references . 9
2.2 Informative references . 10
3 Definition of terms, symbols and abbreviations . 12
3.1 Terms . 12
3.2 Symbols . 15
3.3 Abbreviations . 15
4 Attribute-Based Encryption Toolkit . 16
4.1 CPA-secure ciphertext-policy and key-policy attribute-based key-encapsulation mechanisms . 16
4.1.1 Overview . 16
4.1.2 Ciphertext-policy ABKEM . 16
4.1.3 Key-policy ABKEM . 17
4.2 Specifications of CPA-secure ciphertext-policy and key-policy ABKEMs . 17
4.2.1 General . 17
4.2.1.1 Introduction . 17
4.2.1.2 Random bit generation . 18
4.2.1.3 Formats for attributes and policies . 18
4.2.1.4 The map2point mapping . 18
4.2.1.4.1 General . 18
4.2.1.4.2 map2point_34 . 18
4.2.1.4.3 map2point_ssing23 . 19
4.2.1.4.4 map2point_23 . 19
4.2.1.5 Monotone span programs . 20
4.2.1.5.1 General . 20
4.2.1.5.2 MSP_Encode . 20
4.2.1.5.3 MSP_Decode . 21
4.2.2 Specification of CP-WATERS-KEM . 22
4.2.2.1 General . 22
4.2.2.2 Setup . 22
4.2.2.3 Secret-key generation . 22
4.2.2.4 Symmetric-key encapsulation . 23
4.2.2.5 Symmetric-key decapsulation . 24
4.2.3 Specification of CP-FAME-KEM and KP-FAME-KEM . 24
4.2.3.1 Hash functions . 24
4.2.3.2 Setup for CP-FAME-KEM and KP-FAME-KEM . 25
4.2.3.3 CP-FAME-KEM . 26
4.2.3.3.1 General . 26
4.2.3.3.2 Secret-key generation . 26
4.2.3.3.3 Symmetric-key encapsulation . 27
4.2.3.3.4 Symmetric-key decapsulation . 27
4.2.3.4 KP-FAME-KEM . 28
4.2.3.4.1 General . 28
4.2.3.4.2 Secret-key generation . 28
4.2.3.4.3 Symmetric-key encapsulation . 29
4.2.3.4.4 Symmetric-key decapsulation . 30
4.2.4 Specification of KP-GSPW-KEM . 30
4.2.4.1 General . 30
4.2.4.2 Setup . 31
4.2.4.3 Secret-key generation . 31
4.2.4.4 Symmetric-key encapsulation . 32
ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 103 532 V1.2.1 (2021-05)
4.2.4.5 Symmetric-key decapsulation . 32
4.3 Ciphertext-Policy and Key-Policy Attribute-Based Encryption . 33
4.3.1 Overview . 33
4.3.2 Ciphertext-policy ABE . 33
4.3.3 Key-Policy ABE . 33
4.4 Specifications of CPA-secure ciphertext-policy and key-policy ABE . 34
4.4.1 General . 34
4.4.1.1 Introduction . 34
4.4.1.2 Pseudorandom generator . 34
4.4.2 CPA-secure CP-ABE . 34
4.4.3 CPA-secure KP-ABE scheme . 35
4.5 Specifications of CCA-secure CP-ABKEMs and KP-ABKEMs, CP-ABE schemes and KP-ABE
schemes . 36
4.5.1 General . 36
4.5.1.1 Introduction . 36
4.5.1.2 Collusion-resistant hash function . 36
4.5.1.3 Authenticated encryption . 36
4.5.2 CCA-secure CP-ABKEM . 36
4.5.3 CCA-secure KP-ABKEM . 37
4.5.4 CCA-secure CP-ABE . 38
4.5.5 CCA-secure KP-ABE . 38
4.6 Requirements for compliant ABKEMs . 39
4.6.1 General . 39
4.6.2 Requirement 1: correctness and indistinguishability under chosen-plaintext attacks for ABKEMs . 39
4.6.2.1 Correctness . 39
4.6.2.2 Indistinguishability under chosen-plaintext attacks . 40
4.6.3 Requirement 2: Sufficient security levels . 41
4.7 Revocation . 41
4.7.1 Attribute revocation . 41
4.7.2 Secret-key revocation . 41
4.8 Recommendations . 41
4.8.1 Overview . 41
4.8.2 Efficiency considerations . 42
4.8.3 Security considerations . 42
5 Trust models . 42
5.1 Overview . 42
5.2 Roles . 42
5.2.1 Data Consumer . 42
5.2.2 Data Controller . 42
5.2.3 Data Processor . 43
5.2.4 Data Subject . 43
5.2.5 Device manager . 43
5.2.6 Platform Provider (PP). 43
5.2.7 Third Party Service Provider (3SP) . 43
5.2.8 Platform User (Pu) . 43
5.3 Models . 43
5.3.1 Long term storage . 43
5.3.2 Offline access control . 44
5.3.3 Platform Provider . 45
5.4 Functions . 46
5.4.1 Authority function . 46
5.4.2 Assertion function . 46
5.4.2.1 General . 46
5.4.2.2 Data access assertion . 46
5.4.2.3 Data capture assertion . 46
5.4.3 Encryption function . 46
5.4.4 Policy Management function . 47
5.4.5 Key distribution function . 47
5.4.6 Decryption function . 47
6 Procedures for distributing attributes and keys . 47
ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 103 532 V1.2.1 (2021-05)
6.1 Introduction . 47
6.2 Platform Provider extended with Public Key Infrastructure X.509 . 48
6.2.1 Overview . 48
6.2.2 Entities . 48
6.2.2.1 Introduction . 48
6.2.2.2 ABE Authority (ABEA) . 48
6.2.2.3 Keys associated to the Third Party Service Provider (3SP) . 49
6.2.2.4 Keys associated to the Platform Provider (PP) . 49
6.2.3 ABE Key Distribution . 49
6.2.3.1 General . 49
6.2.3.2 Setup . 49
6.2.3.3 ABE Public Key distribution. 50
6.2.3.4 ABE secret key material distribution . 50
6.2.3.5 Attributes distribution . 50
6.2.4 ABE Public Key revocation . 50
6.3 Assertions . 50
6.3.1 Introduction. 50
6.3.2 Types of assertions. 50
6.3.3 Mapping to SAML . 51
6.3.3.1 SAML Attributes . 51
6.3.3.2 SAML Attribute Statements . 51
6.3.3.2.1 Unencrypted format . 51
6.3.3.2.2 Encrypted format . 52
6.3.3.3 SAML Attribute Queries . 52
6.3.3.4 Key assertions . 52
6.3.3.5 Security considerations . 52
6.3.4 SAML binding for CoAP . 52
6.3.4.1 Message encapsulation . 52
6.3.4.2 Addressing and intermediaries . 52
6.3.4.3 Security . 53
7 Attribute Based Access Control layer . 53
7.1 Overview . 53
7.2 Base ABKEM access control capabilities ("Layer 1") . 53
7.2.1 Introduction. 53
7.2.2 Attributes . 53
7.2.2.1 Syntax for attribute declaration . 53
7.2.2.2 Attribute types . 54
7.2.2.3 Syntax for ABKEM universe declaration . 54
7.2.2.4 Syntax for value assignment in annotations . 54
7.2.3 Policies . 55
7.2.3.1 General definition of a policy and syntax . 55
7.2.3.2 Relational statements . 55
7.2.3.2.1 Introduction . 55
7.2.3.2.2 Relational operators for the unsigned integer attribute type . 55
7.2.3.2.3 Relational operators for the boolean attribute type . 56
7.2.3.2.4 Relational operators for the string attribute type . 56
7.2.3.3 Logical operators . 56
7.2.3.4 Threshold gates . 56
7.2.3.5 Top-level statements . 57
7.2.4 ABKEM bindings . 57
7.2.4.1 Introduction . 57
7.2.4.2 Binding rules for value assignment to attributes in annotation . 57
7.2.4.2.1 Common translation rules . 57
7.2.4.2.2 Unsigned integer . 57
7.2.4.2.3 Boolean . 58
7.2.4.2.4 String . 58
7.2.4.3 Binding rules for policy translation . 58
7.2.4.3.1 Common translation rules . 58
7.2.4.3.2 Integer . 59
7.2.4.3.3 Boolean . 62
7.2.4.3.4 String . 62
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 103 532 V1.2.1 (2021-05)
7.3 Intermediate access control layer ("Layer 2") . 63
7.3.1 Introdu
...