senzations’15: secure internet of things
TRANSCRIPT
![Page 1: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/1.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Slide title In CAPITALS
50 pt
Slide subtitle 32 pt
Secure Internet of Things: Challenges and potential approaches
Dr.-Ing. Konrad Wrona NATO Communications and Information Agency
1
![Page 2: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/2.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Internet of Things
2
![Page 3: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/3.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Internet of Threats
3
![Page 4: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/4.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Internet of Threats
4
![Page 5: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/5.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Internet of Threats
§ A baby monitoring in Texas, USA
§ The newly-crowned Miss Teen USA
§ A botnet of over 100,000 hijacked everyday consumer devices
§ Delivery of incorrect dosages of insulin,
§ Printers catching on fire 5
![Page 6: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/6.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
What is Internet of Things?
6
![Page 7: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/7.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Attacks on SCADA and M2M
§ Theft of water (Gignac Canal System in France) § Release of raw sewage, Maroochy Shire Sewage
plant in Australia) § Interference with a Landsat-7 earth observation
satellite § Computer viruses infecting the ground-control
systems of the Predator and Reaper remotely piloted aircraft
7
![Page 8: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/8.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
What are the solutions
§ Secure configuration of the devices and OS § Secure network communication § Secure storage § Physical security
§ Hack-proof security is unrealistic • Need for intrusion detection and response
§ Defence-in-depth approach • Several complementary security mechanisms • Context-aware security and broken-glass policies
8
![Page 9: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/9.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
TLS/DTLS/eDTLS § TLS – Transport Layer Security
• The most widely deployed security protocol • Uses TCP: requires reliable, in-order packet delivery
§ DTLS – Datagram Transport Layer Security • Uses UDP: works with unreliable, out-of-order packet
delivery used in constrained platforms and networks • No multi-record stream cyphers
§ eDTLS on small embedded platforms • Reduced state-machine code size, data overhead,
compressed handshake protocol • More keying flexibility: Pre-shared, raw public/private,
X.509 certificate
9
![Page 10: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/10.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Where are the problems
§ Network layer security is the easy part § Security provisioning and management is difficult
• Constrained user interface • Amount of devices • Untrained users
§ Higher security means higher initial cost, complexity, power
• However, data or life loss might be more expensive
10
![Page 11: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/11.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Internet of Threats
11
![Page 12: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/12.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
DARPA view on IoT security
12
![Page 13: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/13.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
So, does all military equipment has military-level security?
13
![Page 14: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/14.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Car hacking
14
![Page 15: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/15.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Car hacking
15
![Page 16: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/16.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Car hacking
16
![Page 17: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/17.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Data recorded by automobile manufacturers
§ BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen, and Volvo
§ Aston Martin, Lamborghini, and Tesla did not respond
17
![Page 18: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/18.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Data recorded by automobile manufacturers
18
![Page 19: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/19.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Data recorded by automobile manufacturers
19
![Page 20: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/20.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Data recorded by automobile manufacturers § Physical location recorded at regular
intervals; § Previous destinations entered into
navigation system; § Last location parked. § Potential crash events, such as sudden
changes in speed; § Status of steering angle, brake
application, seat belt use, and air bag deployment;
§ Fault/error codes in electronic systems. § Vehicle speed; § Direction/heading of travel; § Distances and times traveled;
§ Average fuel economy/consumption;
§ Status of power windows, doors, and locks;
§ Tire pressure; § Fuel level; § Engine RPM; § Odometer reading; § Mileage since last oil change; § Battery health; § Coolant temperature; § Engine status; § Exterior temperature and
pressure.
20
![Page 21: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/21.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Why worry?
21
![Page 22: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/22.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Why we need fine grained access control?
22
![Page 23: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/23.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
How to protect customers from the Internet of Threats? § Market design
• Ask at the Business track of the school
§ Legislation
23
![Page 24: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/24.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Example of Legislation: Security and Privacy in Your (SPY) Car Act (2015) § Vehicle owners to be made aware of what data is
being collected, transmitted and shared
§ To be offered the chance to opt out of data collection without losing access to key navigation or other features where feasible
§ Requiring an easy method for consumers to evaluate how well an automaker goes beyond the minimums defined in the proposed law
24
![Page 25: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/25.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
§ Market design • Ask at the Business track of the school
§ Legislation § Secure design
• Technology • Usability of configuration • Easy understanding of implications
25
How to protect customers from the Internet of Threats?
![Page 26: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/26.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
OLP Dimensions
26
![Page 27: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/27.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
27
![Page 28: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/28.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Proposed solution: CPR
• Originator defines content description (attributes), not confidentiality markings
• Content attributes determine – Protection requirements
• How the content is to be processed and stored – Release conditions
• To whom it can be released
28
{PROTECTION REQUIREMENTS}
{RELEASE CONDITIONS}
Terminal attributes
User attributes
ACCESS REQUEST
D
D
+
RELEASE DECISION
CPRESS
![Page 29: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/29.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
NATO Object Level Protection: Content-based Protection and Release
29
![Page 30: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/30.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
CPR cryptographic access control: Encryption
30
![Page 31: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/31.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
CPR cryptographic access control: Decryption
31
![Page 32: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/32.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
BobAlice
sksk
Symmetric Key Encryption Schemes § Same secret key used for encryption and
decryption. § Any user can generate keys. § Relies on an authenticated distribution
mechanism.
32
![Page 33: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/33.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
BobAlice
pkCA
sk
pk
sk
Public-Key Encryption Schemes
§ Different keys for encryption and decryption • The encryption key is made public • The decryption key is kept secret
§ Any user can generate keys. § Relies on authenticated distribution mechanism
for public keys.
33
![Page 34: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/34.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
BobAlice
sk
[email protected] [email protected]
Key Distribution sk
Identity-Based Encryption Schemes § Public-key encryption scheme with custom-
formatted public keys § No longer relies on authenticated distribution
mechanism for public keys § Private keys need to be generated by a central
entity
34
![Page 35: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/35.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
BobAlice
Key Distribution
FemaleMSc
ManagementMale
MedicalTrainee
Female ˅ Trainee
Attribute-Based Encryption Schemes § Extension of IBE where users can be assigned
various attributes • Users receive private keys corresponding to their attributes. • Ciphertexts are linked with a predicate on the attributes. • Decryption ciphertext possible by a user if and only if the linked
predicate evaluates to TRUE on its user attributes.
35
![Page 36: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/36.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
§ Predicate Encryption (PE) • Also incorporates schemes that support predicate
hiding. § Functional Encryption (FE)
• Also incorporates schemes where the outcome of a decryption is a non-trivial function of the involved message, predicate and key.
§ Relationship: 𝑃𝐾𝐸⊂𝐼𝐵𝐸⊂𝐴𝐵𝐸⊂𝑃𝐸⊂𝐹𝐸.
Other Related Encryption Schemes
9/4/15 36 NATO UNCLASSIFIED RELEASABLE TO PFP
![Page 37: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/37.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Hybrid Encryption with ABE
§ Concept • Encrypt plaintext with symmetric encryption scheme. • Encrypt symmetric key using ABE.
§ Motivation • The overhead of using ABE is relative to the size of
the data it encrypts. • Symmetric keys tend to be much smaller than the
plaintext to be encrypted. • Limited overhead when using symmetric encryption. • This significantly reduces the overhead of using ABE
relative to the plaintext to be encrypted.
37
![Page 38: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/38.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Definition Attribute-Based Encryption § Let 𝑃:𝐾×𝐼→{0,1} be a PT predicate. § ABE consists of four PPT algorithms:
Ø (𝑝𝑘,𝑚𝑠𝑘)←𝑆𝑒𝑡𝑢𝑝( 1↑𝜆 ) Ø 𝑠𝑘←𝐾𝑒𝑦𝐺𝑒𝑛(𝑚𝑠𝑘,𝒌) Ø 𝑐←𝐸𝑛𝑐𝑟𝑦𝑝𝑡(𝑝𝑘, (𝒊𝒏𝒅,𝑚)) Ø 𝑦←𝐷𝑒𝑐𝑟𝑦𝑝𝑡(𝑠𝑘,𝑐)
where 𝑘∈𝐾 and 𝑖𝑛𝑑∈𝐼 and Ø 𝑦={█■𝑚 if 𝑃(𝑘,𝑖𝑛𝑑)=1⊥ if 𝑃(𝑘,𝑖𝑛𝑑)=0
38
![Page 39: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/39.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Key Policy
§ The key space 𝐾 consists of 𝑛-variable Boolean formulas 𝜙.
§ Elements 𝑖𝑛𝑑=𝑧=( 𝑧↓1 , 𝑧↓2 ,⋯, 𝑧↓𝑛 ) from the index space 𝐼∈ {0,1}↑𝑛 are interpreted as representations of 𝑛 Boolean values.
§ 𝑃(𝜙,𝑧)={█■1 if 𝜙(𝑧)=1 0 otherwise
39
![Page 40: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/40.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Ciphertext Policy
§ The key space 𝐾= {0,1}↑𝑛 consists of representations 𝑘=𝑧=( 𝑧↓1 , 𝑧↓2 ,⋯, 𝑧↓𝑛 ) of 𝑛 Boolean values.
§ Elements 𝑖𝑛𝑑=𝜙 from the index space 𝐼 are 𝑛-variable Boolean formulas.
§ 𝑃(𝑧,𝜙)={█■1 if 𝜙(𝑧)=1 0 otherwise
40
![Page 41: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/41.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Challenger Adversary
(Setup)
(Query Phase 1)
(Challenge set selection)
(Plaintext submission)
(Query Phase 2)
(Guess)
(Challenge response)
public parameters
key queries
attribute set S not accepted by queried keys
challenge messages m0, m1
Encrypt(pk,(S,m0)) or Encrypt(pk,(S,m1))
queries for keys with policy not accepting S
m0 or m1
Full Security
§ Security defined by the following game:
41 41
![Page 42: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/42.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Challenger Adversary
(Setup)
(Query Phase 1)
(Challenge set selection)
(Plaintext submission)
(Query Phase 2)
(Guess)
(Challenge response)
public parameters
attribute set S
challenge messages m0, m1
Encrypt(pk,(S,m0)) or Encrypt(pk,(S,m1))
queries for keys with policy not accepting S
m0 or m1
queries for keys with policy not accepting S
Selective Security
§ Security defined by the following game:
42 42
![Page 43: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/43.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Selective Security Limitations
§ Can only use policies that accept the challenge attribute set.
§ Can only use attributes in the challenge attribute set.
• This in particular makes selective security unsuitable for ABE schemes that need to support both positive and negative attributes.
§ Therefore, we mainly focus on fully secure schemes.
43
![Page 44: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/44.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
§ Attribute assignments are Boolean. • E.g., a person may get assigned the attribute
“member”, “not a member” or no attribute related to membership at all.
§ Relatively efficient inequality comparisons involving static integers are however possible.
• Uses attributes corresponding to bit representations. • E.g., 6 encodes as the set {“1∗∗”, “∗1∗”, “∗∗0”}. • E.g, 𝑎 < 5 encodes as “0∗∗” ∨ (“∗0∗” ∧ “∗∗0”).
Inequalities in Policies
9/4/15 44 NATO UNCLASSIFIED RELEASABLE TO PFP
![Page 45: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/45.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Revocation
§ Revocation mechanism types • Indirect revocation • Direct revocation
§ Efficiency-enhancing techniques for revocation
45
![Page 46: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/46.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
USE CASES
46
![Page 47: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/47.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
§ Provide protection of information in an environment where both communication and data storage infrastructure are controlled by a third party
§ Support all standard information exchange scenarios
CPR cryptographic access control: Infrastructure
47
![Page 48: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/48.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
CPR Example: Information sharing for Passive Missile Defence
48
NATO Desktop located in Class I area NATO employee with
NATO Secret clearance
NATO contractor with NATO Restr. clearance
NATO laptop
Red Cross worker Unknown terminal
Full view
Partial view
Public information only
CPR
![Page 49: Senzations’15: Secure Internet of Things](https://reader031.vdocuments.site/reader031/viewer/2022030305/5870d6151a28ab64768b6941/html5/thumbnails/49.jpg)
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title
36 pt
Slide subtitle 24 pt
Text 28 pt
Bullets level 2-5 24 pt
Slide title In CAPITALS
50 pt
Slide subtitle 32 pt
Thank you!