Planned maintenance
A system upgrade is planned for 24/9-2024, at 12:00-14:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Evaluation of an Attribute-Based Encryption enabled Attribute-Based Access Control Architecture
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Embedded Internet Systems Lab. (Cyber-physical systems)ORCID iD: 0000-0002-2654-2292
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science. Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Embedded Internet Systems Lab.ORCID iD: 0000-0001-5408-0008
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science. Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Embedded Internet Systems Lab.ORCID iD: 0000-0002-4031-2872
(English)Manuscript (preprint) (Other academic)
Abstract [en]

Decentralized data repositories and external cloud-based services are pivotal in facilitating industrial data sharing, but they often come with administrative overhead. These solutions provide the scalability and accessibility needed for efficient storage and sharing of industrial data, enhancing collaboration and data-driven decision-making while ensuring data security. In this paper, we explore means to combine Attribute-based Access Control and Attribute-based Encryption (ABE). We propose an innovative approach to secure data sharing at rest and at transit with low administrative and management overhead. The solution leverages ABE's ability to encrypt data with fine-grained policies while keeping ABAC's flexibility and ease of management. We provide an evaluation of our solution and discuss the results in the context of industrial data-sharing use cases and applications. Moreover, we provide design guidelines for implementation. Our findings provide valuable insights into the effectiveness of ABE in preserving data privacy during the data-sharing process. Importantly, this is achieved without introducing significant time complexity, even when considering factors like policy size and the number of attributes involved. Furthermore, our study demonstrates that these benefits can be realized while still maintaining the ease of management and the fine-grained control inherent in ABAC schemes.

National Category
Computer Systems
Identifiers
URN: urn:nbn:se:ltu:diva-101848OAI: oai:DiVA.org:ltu-101848DiVA, id: diva2:1808142
Available from: 2023-10-30 Created: 2023-10-30 Last updated: 2023-11-17
In thesis
1. Attribute-based Approaches for Secure Data Sharing in the Industry
Open this publication in new window or tab >>Attribute-based Approaches for Secure Data Sharing in the Industry
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

In the Industry 4.0 era, secure and efficient data sharing is vital for innovation and operational enhancement. Industry 4.0 envisions a highly connected ecosystem where machines, devices, and stakeholders collaborate in real time to optimize processes, enhance productivity, and create new value propositions. However, this surge in data-driven collaboration brings forth a critical challenge, ensuring the secure and controlled sharing of sensitive information. As organizations embrace the potential of Industry 4.0, the need for robust mechanisms to achieve key data security properties of data integrity, confidentiality, and availability, while enabling efficient data exchange becomes paramount. However, while the promise of Industry 4.0 presents promising opportunities, it also introduces a set of challenges intrinsic to data security solutions. These solutions, while promising in providing fine-grained data security, introduce complexities such as administrative overhead and substantial management efforts for the users. Striking a balance between robust security and operational ease is critical for enabling seamless data exchange within the evolving landscape of Industry 4.0.

This thesis explores the realm of Attribute-based approaches to achieve the desired secure data sharing, pivotal in the digitized Industry 4.0 environment.  An overarching objective is to achieve compatibility of these data-securing mechanisms with the Industry 4.0 paradigms through the usage of attribute-based approaches. This includes the exploration of the existing solutions within the state-of-the-art and its analysis in the context of usability and practicality for industrial adoption. 

Access control entails the establishment of policies and mechanisms to regulate who can access specific resources or information, under what conditions, and to what extent. The study will delve into various access control models and their applicability, with a particular emphasis on Attribute-Based Access Control. Moreover, through the creation of proofs-of-concepts implementations, we explore the usability of Attribute-based Access Control (ABAC) models and policy languages, applied to different aspects of the data-sharing process.  Manageability, user-friendliness, and fine-granularity of the access control were identified as key properties for the usability of data securing technologies in industry. Hence, discovering and addressing challenges for such properties is of special focus for this thesis. 

In addition, this thesis explores attribute-based encryption techniques, seeking to augment data security while minimizing additional operational complexities. Moreover, this thesis also explores the implications of third-party cloud services, popular in Industry 4.0 environments, as well as third-party stakeholder data sharing to motivate the need to ensure both in-transit and at-rest data security.

This thesis makes significant contributions in the domain of secure data sharing in Industry 4.0. First, it contextualizes access control within the broader data security landscape and explores state-of-the-art Attribute-Based Access Control policy languages. The research designs, evaluates, and automates ABAC models to address fine-granularity and manageability gaps, with a focus on user-friendliness for industrial adoption. Furthermore, it proposes and implements an automated management solution for integrating new data sources in Service-Oriented Architecture (SOA) industrial data-sharing applications, within the Eclipse Arrowhead Framework. This includes the innovative proposal of contractual automation of access control policies to enhance efficiency and security. 

Moreover, the research delves into the realm of attribute-based encryption approaches, conducting a state-of-the-art exploration and gap analysis, with a special focus on uncovering the adoption barriers associated with this technology.  Lastly, the thesis designs, implements, and evaluates an ABAC-Enabled ABE solution architecture, covering the discovered gaps, and offering an expressive and user-friendly approach to secure data sharing. These contributions collectively advance the field of data security and access control in the context of Industry 4.0 and similar evolving industrial landscapes

The research indicated that Attribute-based approaches hold promise for practical data protection at rest through access control mechanisms, especially within fine-grained policies. The study explores ABAC in a graph-based policy language, Next-generation Access Control (NGAC), showcasing its potential for reducing administrative workload related to policy management. Simplified policy creation and expression enhance the ease of model implementation. These insights extend to ABE, highlighting the value of delegating attribute management for reduced administrative complexity and improved expressiveness within ABE schemes. This approach allows for automation techniques developed for ABAC policy management to be translated into ABE schemes. 

Place, publisher, year, edition, pages
Luleå: Luleå University of Technology, 2023
Series
Doctoral thesis / Luleå University of Technology 1 jan 1997 → …, ISSN 1402-1544
Keywords
Data security, secure data sharing, Attribute-based Access Control, Attribute-based Encryption, industry 4.0, cyber-physical systems, cyber security
National Category
Computer Systems
Research subject
Cyber-Physical Systems
Identifiers
urn:nbn:se:ltu:diva-101858 (URN)978-91-8048-422-0 (ISBN)978-91-8048-423-7 (ISBN)
Public defence
2023-12-14, A 117, Luleå tekniska universitet, Luleå, 10:00 (English)
Opponent
Supervisors
Available from: 2023-10-31 Created: 2023-10-30 Last updated: 2023-12-01Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records

Chiquito, AlexBodin, UlfSchelén, Olov

Search in DiVA

By author/editor
Chiquito, AlexBodin, UlfSchelén, Olov
By organisation
Embedded Internet Systems LabComputer Science
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 83 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf