Abstract
The emerging Cloud-Enabled Internet of Things (CEIoT) is becoming increasingly popular since it enables end users to remotely interact with the connected devices, which collect real-world data and share with diverse cloud services. The shared data will often be sensitive as well as private. According to the General Data Protection Regulation (GDPR), the privacy issue should be addressed by the cloud services and subsequent data custodians. In this paper, we propose DUCE, an enforcement model for distributed usage control for data sharing in CEIoT. DUCE leverages both blockchain and Trusted Execution Environment (TEE) technologies to achieve reliable and continuous life-cycle enforcement for cross-domain data sharing scenarios. The core components of DUCE are distributed Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) to enable reliable execution of usage control policies without a centralized trusted authority. Policy administration is also distributed and controlled by the data owner, who can modify the rules anywhere anytime. The policy rules expressed in eXtensible Access Control Markup Language (XACML) are parsed into smart contracts to be executed on the blockchain service. A detailed explanation of the enforcement process is given for an example “delete-after-use” rule. A prototype system is implemented with an open-source permissioned blockchain system and evaluated on an experimental deployment. The results show reasonable performance and scalability overhead in comparison to OAuth 2.0. We believe additional cross-domain data usage control issues can also be addressed by DUCE.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Almolhis, N., Alashjaee, A., Duraibi, S., Alqahtani, F., Moussa, A.: The security issues in INT-cloud: a review. In: 2020 16th IEEE International Colloquium on Signal Processing & Its Applications (CSPA), pp. 191–196. IEEE (2020)
Alzahrani, B., Irshad, A., Alsubhi, K., Albeshri, A.: A secure and efficient remote patient-monitoring authentication protocol for cloud-Iot. Int. J. Commun. Syst. 33(11), e4423 (2020)
Anderson, A., et al.: eXtensible access control markup language (XACML) version 1.0. OASIS (2003)
Bhatt, S., Patwa, F., Sandhu, R.: An access control framework for cloud-enabled wearable internet of things. In: 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), pp. 328–338. IEEE (2017)
Bhatt, S., Sandhu, R.: ABAC-CC: Attribute-based access control and communication control for internet of things. In: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, pp. 203–212 (2020)
Chen, R., et al.: Trust-based service management for mobile cloud IoT systems. IEEE Trans. Netw. Serv. Manag. 16(1), 246–263 (2018)
Choudhury, O., et al.: Anonymizing data for privacy-preserving federated learning. arXiv preprint arXiv:2002.09096 (2020)
De Donno, M., Tange, K.,.: Foundations and evolution of modern computing paradigms: cloud, IoT, edge, and fog. IEEE Access 7, 150936–150948 (2019)
Fernández, M., Franch Tapia, A., Jaimunk, J., et al.: A data access model for privacy-preserving cloud-IoT architectures. In: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, pp. 191–202 (2020)
Foughali, K., Fathallah, K., Frihida, A.: Using cloud IoT for disease prevention in precision agriculture. Procedia Comput. Sci. 130, 575–582 (2018)
Gupta, D., et al.: Access control model for google cloud IoT. In: (BigDataSecurity), (HPSC) and (IDS). pp. 198–208. IEEE (2020)
He, W., Yan, G., Xu, L.: Developing vehicular data cloud services in the IoT environment. IEEE Trans. Ind. Inform. 10(2), 1587–1595 (2014)
Kianoush, S., et al.: A cloud-IoT platform for passive radio sensing: challenges and application case studies. IEEE Internet Things J. 5(5), 3624–3636 (2018)
La Marra, A., Martinelli, F., Mori, P., Saracino, A.: Implementing usage control in internet of things: a smart home use case. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 1056–1063. IEEE (2017)
Lazouski, A., Martinelli, F., Mori, P.: A prototype for enforcing usage control policies based on XACML. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 79–92. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32287-7_7
Liu, S., Yu, J., et al.: Bc-SABE: Blockchain-aided searchable attribute-based encryption for cloud-IoT. IEEE Internet J. 7(9), 7851–7867 (2020)
Ma, Z., et al.: Blockchain-enabled decentralized trust management and secure usage control of IoT big data. IEEE Internet Things J. 7(5), 4000–4015 (2019)
Di Francesco Maesa, D., Mori, P., Ricci, L.: Blockchain based access control. In: Chen, L.Y., Reiser, H.P. (eds.) DAIS 2017. LNCS, vol. 10320, pp. 206–220. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59665-5_15
Maesa, D., Mori, P., Ricci, L.: A blockchain based approach for the definition of auditable access control systems. Comput. Secur. 84, 93–119 (2019)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Tech. Report (2019)
Nandakumar, L., et al.: Real time water contamination monitor using cloud, IOT and embedded platforms. In: 2020 International Conference on Smart Electronics and Communication (ICOSEC), pp. 854–858. IEEE (2020)
Neagu, G., et al.: A cloud-IoT based sensing service for health monitoring. In: 2017 E-Health and Bioengineering Conference (EHB), pp. 53–56. IEEE (2017)
Ouaddah A., Elkalam, A.A., Ouahman, A.A.: Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Europe and MENA Cooperation Advances in Information and Communication Technologies. p. 520 (2017)
Park, J., Sandhu, R.: The uconabc usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(1), 128–174 (2004)
Patil, S., Joshi, S., Patil, D.: Enhanced privacy preservation using anonymization in IoT-enabled smart homes. In: Satapathy, S.C., Bhateja, V., Mohanty, J.R., Udgata, S.K. (eds.) Smart Intelligent Computing and Applications. SIST, vol. 159, pp. 439–454. Springer, Singapore (2020). https://doi.org/10.1007/978-981-13-9282-5_42
Ramesh, S., et al.: An efficient framework for privacy-preserving computations on encrypted IoT data. IEEE Internet Things J. 7(9), 8700–8708 (2020)
Sandhu, R., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)
Stergiou, C., Psannis, K., Kim, B., Gupta, B.: Secure integration of IoT and cloud computing. Fut. Gen. Comput. Syst. 78, 964–975 (2018)
Xu, L., Chen, L., Gao, Z., et al.: Diota: decentralized-ledger-based framework for data authenticity protection in IoT systems. IEEE Network 34(1), 38–46 (2020)
Xu, L., et al.: KCRS: a blockchain-based key compromise resilient signature system. In: Zheng, Z., Dai, H.-N., Tang, M., Chen, X. (eds.) BlockSys 2019. CCIS, vol. 1156, pp. 226–239. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-2777-7_19
Zhang, C., Li, S., Xia, J., Wang, W., Yan, F., Liu, Y.: BatchCrypt: efficient homomorphic encryption for cross-silo federated learning. In: 2020 USENIX Annual Technical Conference (USENIX ATC 2020), pp. 493–506 (2020)
Zhang, D., Fan, L.: Cerberus: privacy-preserving computation in edge computing. In: IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 43–49. IEEE (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Shi, N., Tang, B., Sandhu, R., Li, Q. (2021). DUCE: Distributed Usage Control Enforcement for Private Data Sharing in Internet of Things. In: Barker, K., Ghazinour, K. (eds) Data and Applications Security and Privacy XXXV. DBSec 2021. Lecture Notes in Computer Science(), vol 12840. Springer, Cham. https://doi.org/10.1007/978-3-030-81242-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-81242-3_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-81241-6
Online ISBN: 978-3-030-81242-3
eBook Packages: Computer ScienceComputer Science (R0)