Skip to main content
SpringerLink
Log in

DUCE: Distributed Usage Control Enforcement for Private Data Sharing in Internet of Things

  • Conference paper
  • First Online:
Data and Applications Security and Privacy XXXV (DBSec 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12840))

Included in the following conference series:

Abstract

The emerging Cloud-Enabled Internet of Things (CEIoT) is becoming increasingly popular since it enables end users to remotely interact with the connected devices, which collect real-world data and share with diverse cloud services. The shared data will often be sensitive as well as private. According to the General Data Protection Regulation (GDPR), the privacy issue should be addressed by the cloud services and subsequent data custodians. In this paper, we propose DUCE, an enforcement model for distributed usage control for data sharing in CEIoT. DUCE leverages both blockchain and Trusted Execution Environment (TEE) technologies to achieve reliable and continuous life-cycle enforcement for cross-domain data sharing scenarios. The core components of DUCE are distributed Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) to enable reliable execution of usage control policies without a centralized trusted authority. Policy administration is also distributed and controlled by the data owner, who can modify the rules anywhere anytime. The policy rules expressed in eXtensible Access Control Markup Language (XACML) are parsed into smart contracts to be executed on the blockchain service. A detailed explanation of the enforcement process is given for an example “delete-after-use” rule. A prototype system is implemented with an open-source permissioned blockchain system and evaluated on an experimental deployment. The results show reasonable performance and scalability overhead in comparison to OAuth 2.0. We believe additional cross-domain data usage control issues can also be addressed by DUCE.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.fisco-bcos.org.

References

  1. Almolhis, N., Alashjaee, A., Duraibi, S., Alqahtani, F., Moussa, A.: The security issues in INT-cloud: a review. In: 2020 16th IEEE International Colloquium on Signal Processing & Its Applications (CSPA), pp. 191–196. IEEE (2020)

    Google Scholar 

  2. Alzahrani, B., Irshad, A., Alsubhi, K., Albeshri, A.: A secure and efficient remote patient-monitoring authentication protocol for cloud-Iot. Int. J. Commun. Syst. 33(11), e4423 (2020)

    Google Scholar 

  3. Anderson, A., et al.: eXtensible access control markup language (XACML) version 1.0. OASIS (2003)

    Google Scholar 

  4. Bhatt, S., Patwa, F., Sandhu, R.: An access control framework for cloud-enabled wearable internet of things. In: 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), pp. 328–338. IEEE (2017)

    Google Scholar 

  5. Bhatt, S., Sandhu, R.: ABAC-CC: Attribute-based access control and communication control for internet of things. In: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, pp. 203–212 (2020)

    Google Scholar 

  6. Chen, R., et al.: Trust-based service management for mobile cloud IoT systems. IEEE Trans. Netw. Serv. Manag. 16(1), 246–263 (2018)

    Article  Google Scholar 

  7. Choudhury, O., et al.: Anonymizing data for privacy-preserving federated learning. arXiv preprint arXiv:2002.09096 (2020)

  8. De Donno, M., Tange, K.,.: Foundations and evolution of modern computing paradigms: cloud, IoT, edge, and fog. IEEE Access 7, 150936–150948 (2019)

    Google Scholar 

  9. Fernández, M., Franch Tapia, A., Jaimunk, J., et al.: A data access model for privacy-preserving cloud-IoT architectures. In: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, pp. 191–202 (2020)

    Google Scholar 

  10. Foughali, K., Fathallah, K., Frihida, A.: Using cloud IoT for disease prevention in precision agriculture. Procedia Comput. Sci. 130, 575–582 (2018)

    Article  Google Scholar 

  11. Gupta, D., et al.: Access control model for google cloud IoT. In: (BigDataSecurity), (HPSC) and (IDS). pp. 198–208. IEEE (2020)

    Google Scholar 

  12. He, W., Yan, G., Xu, L.: Developing vehicular data cloud services in the IoT environment. IEEE Trans. Ind. Inform. 10(2), 1587–1595 (2014)

    Article  Google Scholar 

  13. Kianoush, S., et al.: A cloud-IoT platform for passive radio sensing: challenges and application case studies. IEEE Internet Things J. 5(5), 3624–3636 (2018)

    Article  Google Scholar 

  14. La Marra, A., Martinelli, F., Mori, P., Saracino, A.: Implementing usage control in internet of things: a smart home use case. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 1056–1063. IEEE (2017)

    Google Scholar 

  15. Lazouski, A., Martinelli, F., Mori, P.: A prototype for enforcing usage control policies based on XACML. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 79–92. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32287-7_7

    Chapter  Google Scholar 

  16. Liu, S., Yu, J., et al.: Bc-SABE: Blockchain-aided searchable attribute-based encryption for cloud-IoT. IEEE Internet J. 7(9), 7851–7867 (2020)

    Article  Google Scholar 

  17. Ma, Z., et al.: Blockchain-enabled decentralized trust management and secure usage control of IoT big data. IEEE Internet Things J. 7(5), 4000–4015 (2019)

    Google Scholar 

  18. Di Francesco Maesa, D., Mori, P., Ricci, L.: Blockchain based access control. In: Chen, L.Y., Reiser, H.P. (eds.) DAIS 2017. LNCS, vol. 10320, pp. 206–220. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59665-5_15

    Chapter  Google Scholar 

  19. Maesa, D., Mori, P., Ricci, L.: A blockchain based approach for the definition of auditable access control systems. Comput. Secur. 84, 93–119 (2019)

    Article  Google Scholar 

  20. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Tech. Report (2019)

    Google Scholar 

  21. Nandakumar, L., et al.: Real time water contamination monitor using cloud, IOT and embedded platforms. In: 2020 International Conference on Smart Electronics and Communication (ICOSEC), pp. 854–858. IEEE (2020)

    Google Scholar 

  22. Neagu, G., et al.: A cloud-IoT based sensing service for health monitoring. In: 2017 E-Health and Bioengineering Conference (EHB), pp. 53–56. IEEE (2017)

    Google Scholar 

  23. Ouaddah A., Elkalam, A.A., Ouahman, A.A.: Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Europe and MENA Cooperation Advances in Information and Communication Technologies. p. 520 (2017)

    Google Scholar 

  24. Park, J., Sandhu, R.: The uconabc usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(1), 128–174 (2004)

    Article  Google Scholar 

  25. Patil, S., Joshi, S., Patil, D.: Enhanced privacy preservation using anonymization in IoT-enabled smart homes. In: Satapathy, S.C., Bhateja, V., Mohanty, J.R., Udgata, S.K. (eds.) Smart Intelligent Computing and Applications. SIST, vol. 159, pp. 439–454. Springer, Singapore (2020). https://doi.org/10.1007/978-981-13-9282-5_42

    Chapter  Google Scholar 

  26. Ramesh, S., et al.: An efficient framework for privacy-preserving computations on encrypted IoT data. IEEE Internet Things J. 7(9), 8700–8708 (2020)

    Article  Google Scholar 

  27. Sandhu, R., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)

    Article  Google Scholar 

  28. Stergiou, C., Psannis, K., Kim, B., Gupta, B.: Secure integration of IoT and cloud computing. Fut. Gen. Comput. Syst. 78, 964–975 (2018)

    Article  Google Scholar 

  29. Xu, L., Chen, L., Gao, Z., et al.: Diota: decentralized-ledger-based framework for data authenticity protection in IoT systems. IEEE Network 34(1), 38–46 (2020)

    Article  Google Scholar 

  30. Xu, L., et al.: KCRS: a blockchain-based key compromise resilient signature system. In: Zheng, Z., Dai, H.-N., Tang, M., Chen, X. (eds.) BlockSys 2019. CCIS, vol. 1156, pp. 226–239. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-2777-7_19

    Chapter  Google Scholar 

  31. Zhang, C., Li, S., Xia, J., Wang, W., Yan, F., Liu, Y.: BatchCrypt: efficient homomorphic encryption for cross-silo federated learning. In: 2020 USENIX Annual Technical Conference (USENIX ATC 2020), pp. 493–506 (2020)

    Google Scholar 

  32. Zhang, D., Fan, L.: Cerberus: privacy-preserving computation in edge computing. In: IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 43–49. IEEE (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Sichuan Changhong Electric Co., Ltd., Mianyang, China

    Na Shi & Bo Tang

  2. Institute for Cyber Security, NSF Center for Security and Privacy Enhanced Cloud Computing, Department of Computer Science, University of Texas at San Antonio, San Antonio, USA

    Ravi Sandhu

  3. Tsinghua University, Beijing, China

    Qi Li

Authors
  1. Na Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bo Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Qi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Na Shi .

Editor information

Editors and Affiliations

  1. University of Calgary, Calgary, AB, Canada

    Ken Barker

  2. State University of New York at Canton, Canton, NY, USA

    Kambiz Ghazinour

Rights and permissions

Reprints and permissions

Copyright information

© 2021 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shi, N., Tang, B., Sandhu, R., Li, Q. (2021). DUCE: Distributed Usage Control Enforcement for Private Data Sharing in Internet of Things. In: Barker, K., Ghazinour, K. (eds) Data and Applications Security and Privacy XXXV. DBSec 2021. Lecture Notes in Computer Science(), vol 12840. Springer, Cham. https://doi.org/10.1007/978-3-030-81242-3_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-81242-3_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-81241-6

  • Online ISBN: 978-3-030-81242-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation