nach oben

Erschienen in:

01.05.2014

On Supporting Secure Information Distribution in Heterogeneous Systems Using Standard Technologies

verfasst von: Aziz S. Mousas, Angelos-Christos G. Anadiotis, Georgios V. Lioudakis, John P. Papanis, Panagiotis K. Gkonis, Dimitra I. Kaklamani, Iakovos S. Venieris

Erschienen in: Wireless Personal Communications | Ausgabe 1/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This paper presents an integrated security architecture for heterogeneous distributed systems. Based on the MPEG-21 standard data structures and the MPEG-M standard services, the proposed architecture provides a unified, fine-grained solution for protecting each information unit circulated in the system. In this context, a novel scheme for translating the access control rules, initially expressed by means of the standard MPEG-21 Rights Expression Language, into Ciphertext-Policy Attribute-Based Encryption access trees is introduced, thereby enabling offline authorization based on the users’ attributes, also encapsulated and certified using MPEG-21 licenses. The proposed framework provides a detailed approach in all the steps of the information protection process, from attribute acquisition to data encryption and decryption.

Vorheriger Artikel Energy-Efficient Cooperative Transmission in Heterogeneous Wireless Networks with QoS Constraint

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Akyildiz, I., Su, W., Sankarasubramaniam, Y., & Cayirci, E. (2002). A survey on sensor networks. IEEE Communications Magazine, 40(8), 102–114.CrossRef

Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., et al. (2004). VOMS, an authorization system for virtual organizations. In F. Fernndez Rivera, M. Bubak, A. Gmez Tato & R. Doallo (Eds.), Grid computing, lecture notes in computer science (Vol. 2970, pp. 33–40). Berlin: Springer.

Antonakopoulou, A., Lioudakis, G. V., Gogoulos, F., Kaklamani, D. I., & Venieris, I. S. (2012). Leveraging access control for privacy protection: A survey. In G. Yee (Ed.), Privacy protection measures and technologies in business organizations: Aspects and standards (pp. 65–94). Hershey, PA: IGI Global.

Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787–2805.CrossRefMATH

Ayed, S., Cuppens-Boulahia, N., & Cuppens, F. (2008). Managing access and flow control requirements in distributed workflows. In Proceedings of the 2008 IEEE/ACS international conference on computer systems and applications (AICCSA 2008) (pp. 702–710). Washington, DC: IEEE Computer Society.

Baden, R., Bender, A., Spring, N., Bhattacharjee, B., & Starin, D. (2009). Persona: An online social network with user-defined privacy. SIGCOMM Computer Communication Review, 39(4), 135–146.CrossRef

Benaloh, J., Chase, M., Horvitz, E., & Lauter, K. (2009). Patient controlled encryption: Ensuring privacy of electronic medical records. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW 2009) (pp. 103–114). New York, NY: ACM.

Bethencourt, J., Sahai, A., & Waters, B. (2013). Advanced crypto software collection. http://hms.isi.jhu.edu/acsc/cpabe/ (online). Last accessed: August 20, 2013.

Bethencourt, J., Sahai, A., & Waters, B. (2007). Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE symposium on security and privacy (SP 2007) (pp. 321–334).

10.

Boneh, D., Gentry, C., & Waters, B. (2005). Collusion resistant broadcast encryption with short ciphertexts and private keys. In V. Shoup (Ed.), Advances in cryptology—CRYPTO 2005, lecture notes in computer science (Vol. 3621, pp. 258–275). Berlin: Springer.

11.

Camarinha-Matos, L., Silveri, I., Afsarmanesh, H., & Oliveira, A. (2005). Towards a framework for creation of dynamic virtual organizations. In L. Camarinha-Matos, H. Afsarmanesh & A. Ortiz (Eds.), Collaborative networks and their breeding environments, IFIP—The International Federation for Information Processing (Vol. 186, pp. 69–80). US: Springer.

12.

Chase, M. (2007). Multi-authority attribute based encryption. In S. Vadhan (Ed.), Proceedings of the 4th conference on theory of cryptography (TCC 2007), lecture notes in computer science (Vol. 4392, pp. 515–534). Berlin: Springer.

13.

Cuppens, F., & Cuppens-Boulahia, N. (2008). Modeling contextual security policies. International Journal of Information Security, 7(4), 285–305.CrossRef

14.

De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2007). Over-encryption: Management of access control evolution on outsourced data. In Proceedings of the 33rd international conference on very large databases (VLDB 2007). VLDB Endowment (pp. 123–134).

15.

De Capitani di Vimercati, S., Samarati, P., & Sandhu, R. (2014). Access control. In A. Tucker & H. Topi (Eds.), Computer science handbook. Information systems and information technology (3rd ed.). London: Taylor and Francis Group.

16.

Difino, A., Anadiotis, A. C., & Tropea, G. (2011). Proposal for reengineering of MPEG-M reference software. Input document to the International Standards Organization, ISO/IEC JTC 1/SC 29/WG 11 (MPEG).

17.

Difino, A., Mousas, A., Anadiotis, A. C., Ardeleanu, B., & Gkonis, P. (2012). Proposed revised version of MPEG-M part3. Input document to the International Standards Organization, ISO/IEC JTC 1/SC 29/WG 11 (MPEG).

18.

Difino, A., Mousas, A., Anadiotis, A. C., & Llorente, S. (2012). MPEG-M reference software workplan. Input document to the International Standards Organization, ISO/IEC JTC 1/SC 29/WG 11 (MPEG).

19.

Dong, C., Russello, G., & Dulay, N. (2008). Shared and searchable encrypted data for untrusted servers. In V. Atluri (Ed.), Data and applications security XXII, lecture notes in computer science (Vol. 5094, pp. 127–143). Berlin: Springer.

20.

Eugster, P. T., Felber, P. A., Guerraoui, R., & Kermarrec, A. M. (2003). The many faces of publish/subscribe. ACM Computing Surveys, 35(2), 114–131.CrossRef

21.

Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3), 224–274.CrossRef

22.

FP7 ICT CONVERGENCE. http://www.ict-convergence.eu/.

23.

Gao, A., & Li, Z. (2013). Free global ID against collusion attack on multi-authority attribute-based encryption. Security and Communication Networks, 6(9), 1143–1152.CrossRef

24.

Hebig, R., Meinel, C., Menzel, M., Thomas, I., & Warschofsky, R. (2009). A web service architecture for decentralised identity- and attribute-based access control. In Proceedings of the IEEE 2009 international conference on web services (ICWS 2009) (pp. 551–558).

25.

Huang, D., & Verma, M. (2009). ASPE: Attribute-based secure policy enforcement in vehicular ad hoc networks. Ad Hoc Networks, 7(8), 1526–1535.CrossRef

26.

International Standards Organization. (2004). ISO/IEC 14496-13:2004 Information technology—Coding of audio-visual objects—Part 13: Intellectual property management and protection (IPMP) extensions.

27.

International Standards Organization. (2004). ISO/IEC 21000-5:2004 Information technology—Multimedia framework (MPEG-21)—Part 5: Rights expression, language.

28.

International Standards Organization. (2004). ISO/IEC 21000-6:2004 Information technology—Multimedia framework (MPEG-21)—Part 6: Rights data dictionary.

29.

International Standards Organization. (2004). ISO/IEC TR 21000-1:2004 Information technology—Multimedia framework (MPEG-21)—Part 1: Vision, technologies and strategy.

30.

International Standards Organization. (2005). ISO/IEC 21000-2:2005 Information technology—Multimedia framework (MPEG-21)—Part 2: Digital item declaration.

31.

International Standards Organization. (2006). ISO/IEC 21000-4:2006 Information technology—Multimedia framework (MPEG-21)—Part 4: Intellectual property management and protection components.

32.

International Standards Organization. (2013). ISO/IEC 23006-1:2013 Information technology—Multimedia service platform technologies—Part 1: Architecture.

33.

International Standards Organization. (2013). ISO/IEC 23006-3:2013 Information technology—Multimedia service platform technologies—Part 3: Conformance and reference software.

34.

International Telecommunication Union (ITU). (2005). Telecommunication standardization sector: Information technology—Open systems interconnection—The directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509.

35.

Jung, T., Yang Li, X., Wan, Z., & Wan, M. (2013). Privacy preserving cloud data access with multi-authorities. In Proceedings of the 32nd IEEE international conference on computer communications (INFOCOM 2013) (pp. 2625–2633).

36.

Kalam, A., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., et al. (2003). Organization based access control. In Proceedings of the 4th IEEE international workshop on policies for distributed systems and networks (POLICY 2003) (pp. 120–131).

37.

Karjoth, G., Schunter, M., & Waidner, M. (2003). Platform for enterprise privacy practices: Privacy-enabled management of customer data. In Proceedings of the 2nd international conference on privacy enhancing technologies (PET 2002), lecture notes in computer science (Vol. 2482, pp. 69–84). Berlin: Springer.

38.

Kerschbaum, F., & Robinson, P. (2009). Security architecture for virtual organizations of business web services. Journal of Systems Architecture, 55(4), 224–232.CrossRef

39.

Koukovini, M. N., Papagiannakopoulou, E. I., Lioudakis, G. V., Dellas, N. M., Kaklamani, D. I., & Venieris, I. S. (2013). An ontology-based approach towards comprehensive workflow modelling. IET Software (to appear).

40.

Koukovini, M. N., Papagiannakopoulou, E. I., Lioudakis, G. V., Kaklamani, D. I., & Venieris, I. S. (2011). A workflow checking approach for inherent privacy awareness in network monitoring. In J. Garcia-Alfaro, G. Navarro-Arribas, N. Cuppens-Boulahia & S. De Capitani di Vimercati (Eds.) Proceedings of the 6th international workshop on data privacy management (DPM 2011), lecture notes in computer science (Vol. 7122, pp. 295–302). Berlin: Springer.

41.

Kudumakis, P., Sandler, M., Anadiotis, A. C. G., Venieris, I. S., Difino, A., Tropea, G., et al. (2013). MPEG-M: A digital media ecosystem for interoperable applications. Signal Processing: Image Communication (scheduled for publication in 2013).

42.

Lerner, J. I., & Mulligan, D. K. (2008). Taking the “long view” on the Fourth Amendment: Stored records and the sanctity of the home. Stanford Technology Law Review, 3, 1–13.

43.

Li, M., Lou, W., & Ren, K. (2010). Data security and privacy in wireless body area networks. IEEE Wireless Communications, 17(1), 51–58.CrossRef

44.

Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems, 24(1), 131–143.CrossRef

45.

Organization for the Advancement of Structured Information Standards (OASIS). (2005). Assertions and protocols for the OASIS security assertion markup language (SAML) version 2.0. OASIS Standard. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.

46.

Organization for the Advancement of Structured Information Standards (OASIS). (2005). eXtensible access control markup language (XACML) version 2.0. OASIS Standard. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.

47.

Papagiannakopoulou, E. I., Koukovini, M. N., Lioudakis, G. V., Dellas, N. M., Garcia-Alfaro, J., Kaklamani, D. I., et al. (2013). Leveraging ontologies upon a holistic privacy-aware access control model. In Proceedings of the 6th international symposium on foundations and practice of security (FPS 2013).

48.

Papagiannakopoulou, E. I., Koukovini, M. N., Lioudakis, G. V., Dellas, N. M., Kaklamani, D. I., & Venieris, I. S. (2014). Leveraging semantic web technologies for access control. In B. Akhgar & H. Arabnia (Eds.), Emerging trends in information and communication technologies security. Los Altos, CA: Morgan Kaufmann.

49.

Papagiannakopoulou, E. I., Koukovini, M. N., Lioudakis, G. V., Garcia-Alfaro, J., Kaklamani, D. I., Venieris, I. S., et al. (2013). A privacy-aware access control model for distributed network monitoring. Computers & Electrical Engineering, 39(7), 2263–2281.CrossRef

50.

Papazoglou, M. P., & Heuvel, W. J. (2007). Service oriented architectures: Approaches, technologies and research issues. The VLDB Journal, 16, 389–415.CrossRef

51.

Sahai, A., & Waters, B. (2005). Fuzzy identity-based encryption. In Proceedings of the 24th annual international conference on Theory and Applications of cryptographic techniques, EUROCRYPT’05 (pp. 457–473). Berlin: Springer.

52.

Secretariat, ISO/IEC JTC 1/SC 29. (2013). ISO/IEC JTC 1/SC 29 Programme of work. http://www.itscj.ipsj.or.jp/sc29/29w42911.htm#MPEG-M (online). Last accessed: August 20, 2013.

53.

Shen, H. (2009). A semantic-aware attribute-based access control model for web services. In A. Hua & S. L. Chang (Eds.), Algorithms and architectures for parallel processing, lecture notes in computer science (Vol. 5574, pp. 693–703). Berlin: Springer.

54.

Subramanian, N., Yang, C., & Zhang, W. (2007). Securing distributed data storage and retrieval in sensor networks. In Proceedings of the 5th IEEE international conference on pervasive computing and communications (PerCom 2007) (pp. 191–200).

55.

Trusted Computing Group. (2011). Trusted platform module: Main specification level 2 version 1.2, revision 116. TCG specification. https://www.trustedcomputinggroup.org/resources/tpm_main_specification.

56.

Wang, L., Wijesekera, D., & Jajodia, S. (2004). A logic-based framework for attribute based access control. In Proceedings of the 2004 ACM workshop on formal methods in security engineering (FMSE 2004) (pp. 45–55). New York, NY: ACM.

57.

Wang, W., Li, Z., Owens, R., & Bhargava, B. (2009). Secure and efficient access to outsourced data. In Proceedings of the 2009 ACM workshop on cloud computing security (CCSW 2009) (pp. 55–66). New York, NY: ACM.

58.

Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., et al. (2004). Terminology for policy-based management. RFC 3198 (informational). http://www.ietf.org/rfc/rfc3198.txt.

59.

World Wide Web Consortium. (W3C). Resource description framework (RDF): Concepts and abstract syntax. W3C Recommendation. http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210/ (2004).

60.

Yu, S., Ren, K., & Lou, W. (2011). FDAC: Toward fine-grained distributed data access control in wireless sensor networks. IEEE Transactions on Parallel and Distributed Systems, 22(4), 673–686.CrossRef

61.

Yuan, E., & Tong, J. (2005). Attributed based access control (ABAC) for web services. In Proceedings of the IEEE international conference on web services (ICWS 2005).

62.

Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18.CrossRef

63.

Zhang, R., Giunchiglia, F., Crispo, B., & Song, L. (2010). Relation-based access control: An access control model for context-aware computing environment. Wireless Personal Communications, 55(1), 5–17.CrossRef

Titel: On Supporting Secure Information Distribution in Heterogeneous Systems Using Standard Technologies
verfasst von: Aziz S. Mousas
Angelos-Christos G. Anadiotis
Georgios V. Lioudakis
John P. Papanis
Panagiotis K. Gkonis
Dimitra I. Kaklamani
Iakovos S. Venieris
Publikationsdatum: 01.05.2014
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 1/2014
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-013-1482-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2014

Energy-Efficient Cooperative Transmission in Heterogeneous Wireless Networks with QoS Constraint

Preface

Introducing Fairness-Efficiency Trade-off for Energy Savings in Wireless Cooperative Networks

Performance Analysis of Network Coding Based Two-Way Relay Wireless Networks Deploying IEEE 802.11

Optimal Resource Allocation in Heterogeneous MIMO Cognitive Radio Networks