ETSI TS 103 458 V1.1.1 (2018-06)

ETSI TS 103 458 V1.1.1 (2018-06)






TECHNICAL SPECIFICATION
CYBER;
Application of Attribute Based Encryption (ABE) for PII and
personal data protection on IoT devices, WLAN, cloud and
mobile services - High level requirements

---------------------- Page: 1 ----------------------
2 ETSI TS 103 458 V1.1.1 (2018-06)



Reference
DTS/CYBER-0020
Keywords
access control, confidentiality, portability, privacy
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2018.
All rights reserved.

TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.
TM TM
3GPP and LTE are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M logo is protected for the benefit of its Members.
®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 103 458 V1.1.1 (2018-06)
Contents
Intellectual Property Rights . 5
Foreword . 5
Modal verbs terminology . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 6
3 Definitions and abbreviations . 8
3.1 Definitions . 8
3.2 Abbreviations . 9
4 Mobile use case . 11
4.1 Introduction . 11
4.1.1 Scenario . 11
4.1.2 Preliminary considerations . 11
4.2 High level requirements . 12
4.3 Use case . 13
4.3.1 Stakeholders . 13
4.3.2 Preconditions . 14
4.3.3 Trigger . 15
4.3.4 Flow of events . 15
4.3.5 Exit Condition . 16
4.3.6 Security Aspects . 16
4.3.7 Recommended ABE scheme. 16
5 Privacy-Preserving federated WLANs use case . 16
5.1 Introduction . 16
5.1.1 Scenario . 16
5.1.2 Preliminary considerations . 17
5.2 High level requirements . 17
5.3 Use case . 17
5.3.1 Stakeholders . 17
5.3.2 Preconditions . 18
5.3.3 Trigger . 18
5.3.4 Flow of events . 18
5.3.5 Exit condition. 18
5.3.6 Recommended ABE scheme. 18
6 Internet of Things use cases . 19
6.1 Overview . 19
6.2 High level requirements . 19
6.3 Use cases . 22
6.3.1 Securing and exporting data to untrusted storage . 22
6.3.1.1 General use case description . 22
6.3.1.2 Stakeholders . 22
6.3.1.3 Scenario(s) . 23
6.3.1.4 Information Flows . 23
6.3.1.5 Operational constraints . 23
6.3.2 Bundling encrypted data with access control capabilities for use in an industrial context . 24
6.3.2.1 General use case description . 24
6.3.2.2 Stakeholders . 24
6.3.2.3 Scenario(s) . 24
6.3.2.4 Information Flows . 24
6.3.3 Assigning new access control policies to already encrypted data . 25
6.3.3.1 General use case description . 25
6.3.3.2 Stakeholders . 25
ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 103 458 V1.1.1 (2018-06)
6.3.3.3 Scenario(s) . 25
6.3.3.4 Information Flows . 26
6.3.4 Applicability of access policies to processed data . 26
6.3.4.1 General use case description . 26
6.3.4.2 Stakeholders . 27
6.3.4.3 Scenarios . 27
6.3.4.4 Information Flows . 27
6.3.5 Offline access control in constrained operational environments . 28
6.3.5.1 General use case description . 28
6.3.5.2 Stakeholders . 28
6.3.5.3 Scenario(s) . 28
6.3.5.4 Information Flows . 29
6.3.5.5 Operational constraints . 29
6.3.6 Direct and indirect data access . 29
6.3.6.1 General use case description . 29
6.3.6.2 Stakeholders . 29
6.3.6.3 Scenario(s) . 29
6.3.6.4 Information Flows . 30
6.3.7 Access control examples in the Industrial Internet of Things . 31
6.3.7.1 General use case description . 31
6.3.7.2 Stakeholders . 31
6.3.7.3 Scenario(s) . 31
6.3.7.4 Information Flows . 33
6.3.8 Recommended ABE schema. 34
7 Cloud use case . 34
7.1 Introduction . 34
7.1.1 Scenario . 34
7.1.2 Preliminary considerations . 35
7.2 High level requirements . 36
7.3 Use case . 36
7.3.1 Stakeholders . 36
7.3.2 Preconditions . 37
7.3.4 Trigger . 37
7.3.5 Flow of events . 37
7.3.6 Exit condition. 38
7.3.7 Recommended ABE scheme. 38
Annex A (informative): Attribute Based Encryption . 39
A.1 Early ABE constructions . 39
A.2 Key Policy Attribute Based Encryption (KP-ABE) . 39
A.3 Ciphertext Policy Attribute Based Encryption (CP-ABE) . 40
A.4 Key distribution protocols . 40
A.5 Attribute revocation . 40
A.6 Key expiration approach . 41
A.7 Mediator approach . 41
A.8 Relationship with Attribute Based Access Control (ABAC) . 42
Annex B (informative): Compliance with Lawful Interception principles . 43
History . 44


ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 103 458 V1.1.1 (2018-06)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Cyber Security (CYBER).
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.

ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 103 458 V1.1.1 (2018-06)
1 Scope
The present document specifies high level requirements for the application of Attribute Based Encryption (ABE) to
protect PII and personal data on IoT devices/services, cloud services, Wireless Local Area Networks and mobile
services, where access to data has to be given to multiple parties and under different conditions. With a main focus on
the confidentiality of data, including personal data and Personally Identifiable Information, the present document may
help in supporting the General Data Protection Regulation [i.19].
The following use cases are described:
1) The Mobile use case describes a situation of user access from less trusted networks. The objective is to provide
user identity protection preserving disclosure to unauthorized entity.
2) The federated WLAN use case where users can access different WLAN networks using their credentials -
issued by different authorities/domains - while preserving their privacy.
3) Many Internet of Things use cases or edge scenarios where data access mechanisms are actioned either in the
network or on the device.
4) The Cloud use case where a third party accesses personal data from the Cloud Service Provider.
The present document also provides recommendations on the ABE scheme to use for each use case.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
[1] ISO/IEC 17789:2014: "Information technology - Cloud computing - Reference architecture".
2.2 Informative references
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area. For non-specific references, the latest version of the referenced document
(including any amendments) applies.
[i.1] Italian Digital Agency: "Three-Year Plan for ICT in Public Administration (2017 - 2019)".
NOTE: Available at https://pianotriennale-ict.readthedocs.io/en/latest/.
[i.2] National Institute of Standards and Technology NIST SP 800-122: "Guide to Protecting the
Confidentiality of Personally Identifiable Information (PII)".
[i.3] ETSI TS 133 401: "Digital cellular telecommunications system (Phase 2+) (GSM); Universal
Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE);
Security architecture (3GPP TS 33.401)".
[i.4] 3GPP TR 22.864: "Feasibility study on new services and markets technology enablers for network
operation; Stage 1".
ETSI

---------------------- Page: 6 ----------------------
7 ETSI TS 103 458 V1.1.1 (2018-06)
[i.5] ISO/IEC 19944:2017: "Information technology - Cloud computing - Cloud services and devices:
Data flow, data categories and data use".
[i.6] FP7-ICT 611659 AU2EU Deliverable D4.2.1: "Cryptographically enforced access control".
NOTE: Available at http://www.au2eu.eu/uploads/Publications/deliverables/AU2EU_D4.2.2_Final.pdf.
[i.7] 5G Ensure project: "Deliverable D2.1: Use Cases".
NOTE: Available at http://www.5gensure.eu/sites/default/files/Deliverables/5G-ENSURE_D2.1-UseCases.pdf.
[i.8] F. van den Broek, R. Verdult, J. de Ruiter: "Defeating IMSI Catchers".
NOTE: Available at http://www.cs.ru.nl/~rverdult/Defeating_IMSI_Catchers-CCS_2015.pdf.
[i.9] P. Paillier: "Public-Key Cryptosystems Based on Composite Degree Residuosity Classes",
EUROCRYPT, pages 223-238. Springer, 1999.
NOTE: Available at https://link.springer.com/chapter/10.1007/3-540-48910-X_16.
[i.10] ETSI TR 101 567: "Lawful Interception (LI); Cloud/Virtual Services for Lawful Interception (LI)
and Retained Data (RD)".
[i.11] L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel, W. Jonker: "Information security applications",
pages 309-323, Springer-Verlag, Berlin, Heidelberg, 2009.
[i.12] A. Sahai, B. Waters: "Fuzzy Identity Based Encryption", Advances in Cryptology -
EUROCRYPT, Volume 3494 of LNCS, pages 457-473. Springer, 2005.
[i.13] V. Goyal, O. Pandey, A. Sahai, B. Waters: "Attribute-based encryption for fine-grained access
control of encrypted data", Proceedings of the 13th ACM Conference on Computer and
Communications Security, CCS '06, pages 8-98, New York, NY, USA, 2006. ACM.
[i.14] J. Bethencourt, A. Sahai, B. Waters: "Ciphertext-policy attribute-based encryption", Proceedings
of the 2007 IEEE Symposium on Security and Privacy, SP'07, pages 32-334. Washington, DC,
USA, IEEE Computer Society.
[i.15] A. Boldyreva, V. Goyal, V. Kumar: "Identity based encryption with efficient revocation",
Conference on Computer and Communications Security, pages 417-416, 2008.
[i.16] ETSI TR 187 010: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Security; Report on issues related to security in identity
imanagement and their resolution in the NGN".
[i.17] M. Piretti, P. Traynor, P. McDaniel, B. Waters: "Secure attribute-based systems", Journal of
Computer Security, 18(5), pages 799-837, 2010.
[i.18] Z. Xu, K. Martin: "Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption
in Cloud Storage", Trust, Security and Privacy in Computing and Communications (TrustCom),
th
IEEE 11 International Conference, 2012, pp. 844-849.
[i.19] Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the
protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
[i.20] ISO/IEC 29100:2011: "Information technology - Security techniques - Privacy framework".
[i.21] ETSI TS 103 532: "CYBER; Attribute Based Encryption for Attribute Based Access Control".
[i.22] Directive 2012/18/EU of the European Parliament and of the Council of 4 July 2012 on the control
of major-accident hazards involving dangerous substances, amending and subsequently repealing
Council Directive 96/82/EC Text with EEA relevance.
ETSI

---------------------- Page: 7 ----------------------
8 ETSI TS 103 458 V1.1.1 (2018-06)
[i.23] IEEE 802.11: "IEEE Standard for Information technology--Telecommunications and information
exchange between systems Local and metropolitan area networks--Specific requirements - Part 11:
Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications," in
IEEE Std 802.11-2016 (Revision of IEEE Std 802.11-2012) , vol., no., pp.1-3534, Dec. 14 2016.
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
cloud platform provider: cloud service provider providing identity management services and interfaces for third party
applications using the platform services
cloud platform user: cloud service user consuming one or more platform services
cloud service customer: individual or organization consuming one or more cloud services provided by a Cloud Service
Provider
cloud service partner: individual or organization providing support to the provisioning of cloud services by the Cloud
Service Provider, or to the consumption of cloud service by the Cloud Service Customer
cloud service provider: individual or organization providing cloud services to one or more Cloud Service Customers
cloud service user: individual consuming one or more cloud services using a particular device
data subject: identified or identifiable natural person to which the data relates, or device that produces data that can be
linked to a natural person
NOTE: In the sense of the GDPR [i.19], an identified or identifiable natural person to which the data relates. In
the present document, this definition is extended to devices that produce data that can be linked to a
natural person. See also PII principal.
direct access: access to data that is available in cleartext via a software-based access control system
generated data: data that is the result of an analytical process performed on behalf of, and which still relate to, the data
subject
NOTE 1: Typically, generated data can be the result of a process applied to operational data.
NOTE 2: Depending on their characteristics, generated data can fall into the category of personal data as defined by
the GDPR [i.19].
home network: central source for mobility services to the subscriber
NOTE: The subscriber has a direct subscription with the Home Network.
indirect access: access to data that is available in ciphertext form and requires the separate provisioning of a key
followed by a decryption step, before the data can be accessed
key management: administration and use of the generation, registration, certification, deregistration, distribution,
installation, storage, archiving, revocation, derivation and destruction of keying material in accordance w
...