Advertisement

Wireless Personal Communications

, Volume 76, Issue 1, pp 99–119 | Cite as

On Supporting Secure Information Distribution in Heterogeneous Systems Using Standard Technologies

  • Aziz S. Mousas
  • Angelos-Christos G. Anadiotis
  • Georgios V. Lioudakis
  • John P. Papanis
  • Panagiotis K. Gkonis
  • Dimitra I. Kaklamani
  • Iakovos S. Venieris
Article
  • 206 Downloads

Abstract

This paper presents an integrated security architecture for heterogeneous distributed systems. Based on the MPEG-21 standard data structures and the MPEG-M standard services, the proposed architecture provides a unified, fine-grained solution for protecting each information unit circulated in the system. In this context, a novel scheme for translating the access control rules, initially expressed by means of the standard MPEG-21 Rights Expression Language, into Ciphertext-Policy Attribute-Based Encryption access trees is introduced, thereby enabling offline authorization based on the users’ attributes, also encapsulated and certified using MPEG-21 licenses. The proposed framework provides a detailed approach in all the steps of the information protection process, from attribute acquisition to data encryption and decryption.

Keywords

MPEG-21 Access control Rights Expression Language MPEG middleware Attribute-Based Encryption 

Notes

Acknowledgments

The authors would like to express their gratitude to the anonymous reviewers for their insightful comments. This research was partially supported by the European Commission, in the frame of FP7 CONVERGENCE project (Grant No. 257123) [22]. The authors would also like to acknowledge the contribution of the MPEG-21 and MPEG-M communities, through the fruitful discussions we have had around this topic during the standardisation process.

References

  1. 1.
    Akyildiz, I., Su, W., Sankarasubramaniam, Y., & Cayirci, E. (2002). A survey on sensor networks. IEEE Communications Magazine, 40(8), 102–114.CrossRefGoogle Scholar
  2. 2.
    Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., et al. (2004). VOMS, an authorization system for virtual organizations. In F. Fernndez Rivera, M. Bubak, A. Gmez Tato & R. Doallo (Eds.), Grid computing, lecture notes in computer science (Vol. 2970, pp. 33–40). Berlin: Springer.Google Scholar
  3. 3.
    Antonakopoulou, A., Lioudakis, G. V., Gogoulos, F., Kaklamani, D. I., & Venieris, I. S. (2012). Leveraging access control for privacy protection: A survey. In G. Yee (Ed.), Privacy protection measures and technologies in business organizations: Aspects and standards (pp. 65–94). Hershey, PA: IGI Global.Google Scholar
  4. 4.
    Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787–2805.CrossRefzbMATHGoogle Scholar
  5. 5.
    Ayed, S., Cuppens-Boulahia, N., & Cuppens, F. (2008). Managing access and flow control requirements in distributed workflows. In Proceedings of the 2008 IEEE/ACS international conference on computer systems and applications (AICCSA 2008) (pp. 702–710). Washington, DC: IEEE Computer Society.Google Scholar
  6. 6.
    Baden, R., Bender, A., Spring, N., Bhattacharjee, B., & Starin, D. (2009). Persona: An online social network with user-defined privacy. SIGCOMM Computer Communication Review, 39(4), 135–146.CrossRefGoogle Scholar
  7. 7.
    Benaloh, J., Chase, M., Horvitz, E., & Lauter, K. (2009). Patient controlled encryption: Ensuring privacy of electronic medical records. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW 2009) (pp. 103–114). New York, NY: ACM.Google Scholar
  8. 8.
    Bethencourt, J., Sahai, A., & Waters, B. (2013). Advanced crypto software collection. http://hms.isi.jhu.edu/acsc/cpabe/ (online). Last accessed: August 20, 2013.
  9. 9.
    Bethencourt, J., Sahai, A., & Waters, B. (2007). Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE symposium on security and privacy (SP 2007) (pp. 321–334).Google Scholar
  10. 10.
    Boneh, D., Gentry, C., & Waters, B. (2005). Collusion resistant broadcast encryption with short ciphertexts and private keys. In V. Shoup (Ed.), Advances in cryptology—CRYPTO 2005, lecture notes in computer science (Vol. 3621, pp. 258–275). Berlin: Springer.Google Scholar
  11. 11.
    Camarinha-Matos, L., Silveri, I., Afsarmanesh, H., & Oliveira, A. (2005). Towards a framework for creation of dynamic virtual organizations. In L. Camarinha-Matos, H. Afsarmanesh & A. Ortiz (Eds.), Collaborative networks and their breeding environments, IFIP—The International Federation for Information Processing (Vol. 186, pp. 69–80). US: Springer.Google Scholar
  12. 12.
    Chase, M. (2007). Multi-authority attribute based encryption. In S. Vadhan (Ed.), Proceedings of the 4th conference on theory of cryptography (TCC 2007), lecture notes in computer science (Vol. 4392, pp. 515–534). Berlin: Springer.Google Scholar
  13. 13.
    Cuppens, F., & Cuppens-Boulahia, N. (2008). Modeling contextual security policies. International Journal of Information Security, 7(4), 285–305.CrossRefGoogle Scholar
  14. 14.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2007). Over-encryption: Management of access control evolution on outsourced data. In Proceedings of the 33rd international conference on very large databases (VLDB 2007). VLDB Endowment (pp. 123–134).Google Scholar
  15. 15.
    De Capitani di Vimercati, S., Samarati, P., & Sandhu, R. (2014). Access control. In A. Tucker & H. Topi (Eds.), Computer science handbook. Information systems and information technology (3rd ed.). London: Taylor and Francis Group.Google Scholar
  16. 16.
    Difino, A., Anadiotis, A. C., & Tropea, G. (2011). Proposal for reengineering of MPEG-M reference software. Input document to the International Standards Organization, ISO/IEC JTC 1/SC 29/WG 11 (MPEG).Google Scholar
  17. 17.
    Difino, A., Mousas, A., Anadiotis, A. C., Ardeleanu, B., & Gkonis, P. (2012). Proposed revised version of MPEG-M part3. Input document to the International Standards Organization, ISO/IEC JTC 1/SC 29/WG 11 (MPEG).Google Scholar
  18. 18.
    Difino, A., Mousas, A., Anadiotis, A. C., & Llorente, S. (2012). MPEG-M reference software workplan. Input document to the International Standards Organization, ISO/IEC JTC 1/SC 29/WG 11 (MPEG).Google Scholar
  19. 19.
    Dong, C., Russello, G., & Dulay, N. (2008). Shared and searchable encrypted data for untrusted servers. In V. Atluri (Ed.), Data and applications security XXII, lecture notes in computer science (Vol. 5094, pp. 127–143). Berlin: Springer.Google Scholar
  20. 20.
    Eugster, P. T., Felber, P. A., Guerraoui, R., & Kermarrec, A. M. (2003). The many faces of publish/subscribe. ACM Computing Surveys, 35(2), 114–131.CrossRefGoogle Scholar
  21. 21.
    Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3), 224–274.CrossRefGoogle Scholar
  22. 22.
    FP7 ICT CONVERGENCE. http://www.ict-convergence.eu/.
  23. 23.
    Gao, A., & Li, Z. (2013). Free global ID against collusion attack on multi-authority attribute-based encryption. Security and Communication Networks, 6(9), 1143–1152.CrossRefGoogle Scholar
  24. 24.
    Hebig, R., Meinel, C., Menzel, M., Thomas, I., & Warschofsky, R. (2009). A web service architecture for decentralised identity- and attribute-based access control. In Proceedings of the IEEE 2009 international conference on web services (ICWS 2009) (pp. 551–558).Google Scholar
  25. 25.
    Huang, D., & Verma, M. (2009). ASPE: Attribute-based secure policy enforcement in vehicular ad hoc networks. Ad Hoc Networks, 7(8), 1526–1535.CrossRefGoogle Scholar
  26. 26.
    International Standards Organization. (2004). ISO/IEC 14496-13:2004 Information technology—Coding of audio-visual objects—Part 13: Intellectual property management and protection (IPMP) extensions.Google Scholar
  27. 27.
    International Standards Organization. (2004). ISO/IEC 21000-5:2004 Information technology—Multimedia framework (MPEG-21)—Part 5: Rights expression, language.Google Scholar
  28. 28.
    International Standards Organization. (2004). ISO/IEC 21000-6:2004 Information technology—Multimedia framework (MPEG-21)—Part 6: Rights data dictionary.Google Scholar
  29. 29.
    International Standards Organization. (2004). ISO/IEC TR 21000-1:2004 Information technology—Multimedia framework (MPEG-21)—Part 1: Vision, technologies and strategy.Google Scholar
  30. 30.
    International Standards Organization. (2005). ISO/IEC 21000-2:2005 Information technology—Multimedia framework (MPEG-21)—Part 2: Digital item declaration.Google Scholar
  31. 31.
    International Standards Organization. (2006). ISO/IEC 21000-4:2006 Information technology—Multimedia framework (MPEG-21)—Part 4: Intellectual property management and protection components.Google Scholar
  32. 32.
    International Standards Organization. (2013). ISO/IEC 23006-1:2013 Information technology—Multimedia service platform technologies—Part 1: Architecture.Google Scholar
  33. 33.
    International Standards Organization. (2013). ISO/IEC 23006-3:2013 Information technology—Multimedia service platform technologies—Part 3: Conformance and reference software.Google Scholar
  34. 34.
    International Telecommunication Union (ITU). (2005). Telecommunication standardization sector: Information technology—Open systems interconnection—The directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509.Google Scholar
  35. 35.
    Jung, T., Yang Li, X., Wan, Z., & Wan, M. (2013). Privacy preserving cloud data access with multi-authorities. In Proceedings of the 32nd IEEE international conference on computer communications (INFOCOM 2013) (pp. 2625–2633).Google Scholar
  36. 36.
    Kalam, A., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., et al. (2003). Organization based access control. In Proceedings of the 4th IEEE international workshop on policies for distributed systems and networks (POLICY 2003) (pp. 120–131).Google Scholar
  37. 37.
    Karjoth, G., Schunter, M., & Waidner, M. (2003). Platform for enterprise privacy practices: Privacy-enabled management of customer data. In Proceedings of the 2nd international conference on privacy enhancing technologies (PET 2002), lecture notes in computer science (Vol. 2482, pp. 69–84). Berlin: Springer.Google Scholar
  38. 38.
    Kerschbaum, F., & Robinson, P. (2009). Security architecture for virtual organizations of business web services. Journal of Systems Architecture, 55(4), 224–232.CrossRefGoogle Scholar
  39. 39.
    Koukovini, M. N., Papagiannakopoulou, E. I., Lioudakis, G. V., Dellas, N. M., Kaklamani, D. I., & Venieris, I. S. (2013). An ontology-based approach towards comprehensive workflow modelling. IET Software (to appear).Google Scholar
  40. 40.
    Koukovini, M. N., Papagiannakopoulou, E. I., Lioudakis, G. V., Kaklamani, D. I., & Venieris, I. S. (2011). A workflow checking approach for inherent privacy awareness in network monitoring. In J. Garcia-Alfaro, G. Navarro-Arribas, N. Cuppens-Boulahia & S. De Capitani di Vimercati (Eds.) Proceedings of the 6th international workshop on data privacy management (DPM 2011), lecture notes in computer science (Vol. 7122, pp. 295–302). Berlin: Springer.Google Scholar
  41. 41.
    Kudumakis, P., Sandler, M., Anadiotis, A. C. G., Venieris, I. S., Difino, A., Tropea, G., et al. (2013). MPEG-M: A digital media ecosystem for interoperable applications. Signal Processing: Image Communication (scheduled for publication in 2013).Google Scholar
  42. 42.
    Lerner, J. I., & Mulligan, D. K. (2008). Taking the “long view” on the Fourth Amendment: Stored records and the sanctity of the home. Stanford Technology Law Review, 3, 1–13.Google Scholar
  43. 43.
    Li, M., Lou, W., & Ren, K. (2010). Data security and privacy in wireless body area networks. IEEE Wireless Communications, 17(1), 51–58.CrossRefGoogle Scholar
  44. 44.
    Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems, 24(1), 131–143.CrossRefGoogle Scholar
  45. 45.
    Organization for the Advancement of Structured Information Standards (OASIS). (2005). Assertions and protocols for the OASIS security assertion markup language (SAML) version 2.0. OASIS Standard. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.
  46. 46.
    Organization for the Advancement of Structured Information Standards (OASIS). (2005). eXtensible access control markup language (XACML) version 2.0. OASIS Standard. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.
  47. 47.
    Papagiannakopoulou, E. I., Koukovini, M. N., Lioudakis, G. V., Dellas, N. M., Garcia-Alfaro, J., Kaklamani, D. I., et al. (2013). Leveraging ontologies upon a holistic privacy-aware access control model. In Proceedings of the 6th international symposium on foundations and practice of security (FPS 2013).Google Scholar
  48. 48.
    Papagiannakopoulou, E. I., Koukovini, M. N., Lioudakis, G. V., Dellas, N. M., Kaklamani, D. I., & Venieris, I. S. (2014). Leveraging semantic web technologies for access control. In B. Akhgar & H. Arabnia (Eds.), Emerging trends in information and communication technologies security. Los Altos, CA: Morgan Kaufmann.Google Scholar
  49. 49.
    Papagiannakopoulou, E. I., Koukovini, M. N., Lioudakis, G. V., Garcia-Alfaro, J., Kaklamani, D. I., Venieris, I. S., et al. (2013). A privacy-aware access control model for distributed network monitoring. Computers & Electrical Engineering, 39(7), 2263–2281.CrossRefGoogle Scholar
  50. 50.
    Papazoglou, M. P., & Heuvel, W. J. (2007). Service oriented architectures: Approaches, technologies and research issues. The VLDB Journal, 16, 389–415.CrossRefGoogle Scholar
  51. 51.
    Sahai, A., & Waters, B. (2005). Fuzzy identity-based encryption. In Proceedings of the 24th annual international conference on Theory and Applications of cryptographic techniques, EUROCRYPT’05 (pp. 457–473). Berlin: Springer.Google Scholar
  52. 52.
    Secretariat, ISO/IEC JTC 1/SC 29. (2013). ISO/IEC JTC 1/SC 29 Programme of work. http://www.itscj.ipsj.or.jp/sc29/29w42911.htm#MPEG-M (online). Last accessed: August 20, 2013.
  53. 53.
    Shen, H. (2009). A semantic-aware attribute-based access control model for web services. In A. Hua & S. L. Chang (Eds.), Algorithms and architectures for parallel processing, lecture notes in computer science (Vol. 5574, pp. 693–703). Berlin: Springer.Google Scholar
  54. 54.
    Subramanian, N., Yang, C., & Zhang, W. (2007). Securing distributed data storage and retrieval in sensor networks. In Proceedings of the 5th IEEE international conference on pervasive computing and communications (PerCom 2007) (pp. 191–200).Google Scholar
  55. 55.
    Trusted Computing Group. (2011). Trusted platform module: Main specification level 2 version 1.2, revision 116. TCG specification. https://www.trustedcomputinggroup.org/resources/tpm_main_specification.
  56. 56.
    Wang, L., Wijesekera, D., & Jajodia, S. (2004). A logic-based framework for attribute based access control. In Proceedings of the 2004 ACM workshop on formal methods in security engineering (FMSE 2004) (pp. 45–55). New York, NY: ACM.Google Scholar
  57. 57.
    Wang, W., Li, Z., Owens, R., & Bhargava, B. (2009). Secure and efficient access to outsourced data. In Proceedings of the 2009 ACM workshop on cloud computing security (CCSW 2009) (pp. 55–66). New York, NY: ACM.Google Scholar
  58. 58.
    Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., et al. (2004). Terminology for policy-based management. RFC 3198 (informational). http://www.ietf.org/rfc/rfc3198.txt.
  59. 59.
    World Wide Web Consortium. (W3C). Resource description framework (RDF): Concepts and abstract syntax. W3C Recommendation. http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210/ (2004).
  60. 60.
    Yu, S., Ren, K., & Lou, W. (2011). FDAC: Toward fine-grained distributed data access control in wireless sensor networks. IEEE Transactions on Parallel and Distributed Systems, 22(4), 673–686.CrossRefGoogle Scholar
  61. 61.
    Yuan, E., & Tong, J. (2005). Attributed based access control (ABAC) for web services. In Proceedings of the IEEE international conference on web services (ICWS 2005).Google Scholar
  62. 62.
    Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18.CrossRefGoogle Scholar
  63. 63.
    Zhang, R., Giunchiglia, F., Crispo, B., & Song, L. (2010). Relation-based access control: An access control model for context-aware computing environment. Wireless Personal Communications, 55(1), 5–17.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Aziz S. Mousas
    • 1
  • Angelos-Christos G. Anadiotis
    • 1
  • Georgios V. Lioudakis
    • 1
  • John P. Papanis
    • 1
  • Panagiotis K. Gkonis
    • 1
  • Dimitra I. Kaklamani
    • 1
  • Iakovos S. Venieris
    • 1
  1. 1.School of Electrical and Computer EngineeringNational Technical University of AthensAthensGreece

Personalised recommendations