news


ETSI releases security standards for distributed systems

Network security. sim card safe deposit box's digital vault door in abstract techno wall. 3d

The distributed, cloud-based technological environment required by 5G and IoT will present a novel set of security challenges.

In anticipation of this the ETSI (European Telecommunications Standards Institute) technical committee on cybersecurity has released two specifications focused on attribute-based encryption (ABE). This seems to be a more flexible, tailored, bespoke form of encryption that can be applied to specific scenarios.

Here’s the ETSI explanation: “ABE is an asymmetric, multi-party cryptographic scheme that bundles access control with data encryption. In such a system, data can only be decrypted if the set of attributes of the user key matches the attributes of the encryption. For instance, access to employee pay data will only be granted to the role of Human Resources Employee working in the payroll department of a company, who has been there for one year or more.”

And here are the two specifications:

  • ETSI TS 103 458, which describes high-level requirements for Attribute-Based Encryption. One objective is to provide user identity protection, preventing disclosure to an unauthorized entity. It defines personal data protection on IoT devices, WLAN, cloud and mobile services, where secure access to data has to be given to multiple parties, according to who that party is.
  • ETSI TS 103 532, which specifies trust models, functions and protocols using Attribute-Based Encryption to control access to data, thus increasing data security and privacy. It provides a cryptographic layer that supports both variants of ABE – Ciphertext Policy and Key Policy – in various levels of security assurance. This flexibility in performance suits various forms of deployments, whether in the cloud, on a mobile network or in an IoT environment. The cryptographic layer is extensible and new schemes can be integrated in the standard to support future industry requirements and address data protection challenges in the post-quantum era.

Another point in favour of these specifications is that they claim to allow secure exchange of personal data among data controllers and data processors, which is a apparently a precondition for GDPR compliance. For emerging distributed core network technology they offer security standards that have the flexibility and scalability they need.

Tags: , , , , ,
  • Virtualizing the Cable Architecture

  • Automation Everywhere

  • Software Defined Operations & the Autonomous Network

  • 2020 Vision Executive Summit

  • LTE Advanced Pro and Gigabit LTE: The Path to 5G

  • Industrial IoT World

  • NFV and Carrier SDN: Automation and Monetization

  • TechXLR8

  • The BIG Communications Event

  • 5G North America

  • Internet of Things World Europe

  • Cloud and DevOpsWorld

  • 5G World


Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Polls

Should privacy be treated as a right to protect stringently, or a commodity for users to trade for benefits?

Loading ... Loading ...