On Using Encryption Techniques to Enhance Sticky Policies Enforcement

How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE.

[1]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[2]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[3]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[4]  M. Mambo,et al.  Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts (Special Section on Cryptography and Information Security) , 1997 .

[5]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[6]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[7]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[8]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[9]  Nigel P. Smart Access Control Using Pairing Based Cryptography , 2003, CT-RSA.

[10]  Yevgeniy Dodis,et al.  Proxy Cryptography Revisited , 2003, NDSS.

[11]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[12]  Yevgeniy Dodis,et al.  Proxy cryptography revisted , 2003 .

[13]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[14]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[15]  D. Koo,et al.  HIPAA privacy rule and public health; guidance from CDC and the U.S. Department of Health and Human Services , 2003 .

[16]  Jonathan Grudin,et al.  A study of preferences for sharing and privacy , 2005, CHI Extended Abstracts.

[17]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[18]  Zhenfu Cao,et al.  Authorization-Limited Transformation-Free Proxy Cryptosystems and Their Security Analyses , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[19]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[20]  Manoj R. Sastry,et al.  A Contextual Attribute-Based Access Control Model , 2006, OTM Workshops.

[21]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[22]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[23]  David W. Bates,et al.  White Paper: Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption , 2006, J. Am. Medical Informatics Assoc..

[24]  Andrew D. Miller,et al.  Give and take: a study of consumer photo-sharing culture and practice , 2007, CHI.

[25]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[26]  Henrich Christopher Pöhls,et al.  Verifiable and Revocable Expression of Consent to Processing of Aggregated Personal Data , 2008, ICICS.

[27]  Pieter H. Hartel,et al.  A Type-and-Identity-Based Proxy Re-encryption Scheme and Its Application in Healthcare , 2008, Secure Data Management.

[28]  Qiang Tang,et al.  Type-Based Proxy Re-encryption and Its Construction , 2008, INDOCRYPT.

[29]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2010, RFC.

[30]  J. Żabiński American National Standards Institute (ANSI) , 2010 .