On Using Encryption Techniques to Enhance Sticky Policies Enforcement

Qiang Tang

On Using Encryption Techniques to Enhance Sticky Policies Enforcement

Qiang Tang

Research output: Book/Report › Report › Professional

225 Downloads (Pure)

Abstract

How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE.

Original language	Undefined
Place of Publication	Enschede
Publisher	Centre for Telematics and Information Technology (CTIT)
Publication status	Published - 2008

Publication series

Name	CTIT Technical Report Series
Publisher	University of Twente, Centre for Telematics and Information Technology (CTIT)
No.	WoTUG-31/TR-CTIT-08-64
ISSN (Print)	1381-3625

Keywords

METIS-254928
SCS-Cybersecurity
EWI-14262
IR-65155

Access to Document

Cite this

@book{79693de429764615bbe379a5155b0151,

title = "On Using Encryption Techniques to Enhance Sticky Policies Enforcement",

abstract = "How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE.",

keywords = "METIS-254928, SCS-Cybersecurity, EWI-14262, IR-65155",

author = "Qiang Tang",

year = "2008",

language = "Undefined",

series = "CTIT Technical Report Series",

publisher = "Centre for Telematics and Information Technology (CTIT)",

number = "WoTUG-31/TR-CTIT-08-64",

address = "Netherlands",

}

TY - BOOK

T1 - On Using Encryption Techniques to Enhance Sticky Policies Enforcement

AU - Tang, Qiang

PY - 2008

Y1 - 2008

N2 - How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE.

AB - How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE.

KW - METIS-254928

KW - SCS-Cybersecurity

KW - EWI-14262

KW - IR-65155

M3 - Report

T3 - CTIT Technical Report Series

BT - On Using Encryption Techniques to Enhance Sticky Policies Enforcement

PB - Centre for Telematics and Information Technology (CTIT)

CY - Enschede

ER -