Scribd Logo
Upload

Welcome to Scribd!

  • 2017 09 28 D Rotondi iCITIES2017

    Uploaded by

    d.rotondi8569
    14 views19 pages
    Presentation to the 3rd Italian Conference on ICT for Smart Cities and Communities of our work on data confidentiality in energy management

    Original Title

    2017_09_28_D_Rotondi_iCITIES2017

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Presentation to the 3rd Italian Conference on ICT for Smart Cities and Communities of our work on data confidentiality in energy management

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views19 pages

    2017 09 28 D Rotondi iCITIES2017

    Uploaded by

    d.rotondi8569
    Presentation to the 3rd Italian Conference on ICT for Smart Cities and Communities of our work on data confidentiality in energy management

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    3° Italian

    «Efficientamento Conference on
    energetico:
    ICT for Smart Cities & Communities
    problematiche e soluzioni
    Innovative»Bari, Italy - September 27-28-29, 2017

    You shape your strategies,


    we partner to achieve your goals!
    Session «Smart Energy & Buildings»

    Data Confidentiality & Smart Energy


    D. Rotondi, D. Pedone, L. Straniero (FINCONS SpA), S. Pérez (Univ. Murcia)
    domenico.rotondi@finconsgroup.com
    The problem

    The issue:
    – “Smart Energy” requires to capture lots of
    confidential/personal data

    – Data owner concerns/constraints

    – Law constraints (e.g., EU GDPR)

    Solutions that:
    – Manage the full data life-cycle (from cradle to grave)

    – can be deployed on simple devices (e.g., low processing /


    communication resources like our Energy Router Gateway)

    – are secure

    – …

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    EU GDPR

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    Personal Data

    • EU GDPR:
    – It’s a Regulation not a Directive
    – global data protection law:
    • extends beyond companies that operate only in the EU
    • any organization that targets consumers in the EU (i.e., processes EU citizens
    personal data)

    • EU GDPR requirements:
    – End-2-End Data Protection (from the cradle to the grave)
    – Proper technical & organizational measures (e.g., DPIA - Data Protection
    Impact Assessments)
    – Accountability of personal data protection measures
    – Explicit & clear consent
    – Privacy-by-Design
    – Privacy-by-Default
    – …
    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017
    Traditional approaches

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    Data Protection

    Most common approaches:


    – TLS/SSL: data protected while in transit

    – Data Encryption:

    • Symmetric Encryption:
    – key sharing, key distribution

    • Asymmetric Encryption:
    – PKI
    – One-to-one

    • Issues:
    – Subjects must be identified in advance
    – Hard to revoke access
    – …
    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017
    A new approach required!

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    Desired characteristics

    ABE
    (Attribute Based Encryption) Desired chars:
    √ – End-2-end protection mechanism

    √ – Native multi-user data protection mechanism

    √ – Dependency on access policy

    √ – Strict connection between the access policy and the protected data

    √ – Access policy flexibility

    (√) – Access rights revocability

    X – Speed

    X – Lightweight

    – …

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    Attribute Based Encryption

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    Attribute Based Encryption (ABE)

    ABE scheme:
    – asymmetric cryptographic scheme
    – Information encrypted so that decryption can be
    performed using many, different decryption keys
    – decryption keys based on a set of public elements and a
    varying set of subject’s attributes (e.g., user’s profile)
    – encryption performed based on a public key + varying
    attributes

    2 types of ABE schemes:


    – Ciphertext Policy ABE (CP-ABE): data encrypted based
    on an access control policy (authorized users must have
    a suitable profile)
    – Key-Policy ABE (KP-ABE): reversed approach (ciphertext
    associated to attributes, users’ keys associated with
    policies)

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    CP-ABE Encryption

    • The policy drives the encryption process


    • The KGS Public Key is used with the policy
    Encryption Service

    KGS

    Public
    Key

    +
    Policy
    Based Policy
    Encryption Encrypted
    Information

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    CP-ABE Decryption

    • Each user has a Personal Key


    • The Personal Key depends on the User’s Profile
    • The decryption process succeeds if the Personal Key meets
    the Access Policy
    Decryption Service

    KGS

    Personal
    Decr. Key

    + Decrypted
    Information

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    CP-ABE Pros & Cons

    • Pros:
    – Explicit access control policies
    – Fine-granularity
    – Flexibility

    • Cons:
    – Resource hangry
    – Encryption time depends on access policy
    complexity

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    CP-ABE + AES

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    CP-ABE + AES

    • CP-ABE + AES:
    – CP-ABE cryptographic schema
    +
    – AES symmetric cryptographic schema

    • advantages:
    – flexibility & fine-granularity of CP-ABE
    – efficiency & speed of AES

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    CP-ABE – AES Architecture

    Public Key

    ABE Proxy KGS


    +
    Secure Symmetric CP-ABE prot.
    Key Setup Sym. Key
    KSS Private Key

    Data in Symmetric Enc


    clear Encryption Data
    DSS

    Data Consumer
    Data Source
    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017
    Performances (1)

    RAM vs Policy Complexity

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    Performances (2)

    Enc Time vs Policy Complexity


    7000
    6524,7

    5954,8
    6000
    5261,5

    5000 4690,3

    4086,8
    TIME (MILLISECONDS)

    4000 CP-ABE/AES
    3557,1
    (KR=1 msg)

    2863,4 CP-ABE/AES
    3000 (KR=8 msg)
    2322,7 CP-ABE

    2000 1679,7

    1105,3
    857,7
    1000 746,5
    531,5 547,9 563,2 616,3
    358,8 394,3 445,7
    328
    93,6 98,7 116,5 125,9
    50,1 55,2 59,7 76,3 86,3 90,2
    0
    1 2 3 4 5 6 7 8 9 10
    NUMBER OF ATTRIBUTES

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017


    Thanks for your attention!

    Questions?

    This work has been partially funded by:


    • Regione Puglia - ‘Avviso Aiuti a Sostegno dei Cluster Tecnologici
    Regionali per l’Innovazione’ within the Energy Router project under
    grant number HX8HXI1,

    Bari 27-29 Settembre 2017 3° Italian I-Cities 2017 Conference 28/09/2017

    You might also like