Abstract
Service compositions are implemented through the interplay between actors of different organizations. Many composition systems use a middleware, which coordinates the service calls according to specified workflows. These middlewares pose a certain privacy issue, since they may read all the exchanged data. Furthermore, service compositions may require that only selected subsets of data that was initially supplied by the user are disclosed to the receiving actors. Traditional public key encryption only allows encryption for a particular party and lack of the ability to efficiently define more expressive access controls for a one-to-many communication. Besides privacy-preserving requirements, it may be necessary for participants in service compositions to be able to verify which actor has modified or added data during a process to ensure accountability of performed actions. This paper introduces a concept for efficient, privacy-preserving service composition using attribute-based encryption in combination with outsourced decryption as well as collaborative key management. Our concept enables end-to-end confidentiality and integrity in a one-to-many communication using fine-grained access controls, while minimizing the decryption effort for devices with low calculation capacity, which enables to use smartphones at the client side. The feasibility of the proposed solution is demonstrated by an implemented proof-of-concept including a performance evaluation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Algorithms of CP-ABE take as input the security parameter \(\kappa \) (unary representation), which represents an input size of the computational problem indicating the complexity of cryptographic algorithms.
- 2.
References
Ma, Z., Manglery, J., Wagner, C., Bleier, T.: Enhance data privacy in service compositions through a privacy proxy. In: Sixth International Conference on Availability, Reliability and Security, pp. 615–620 (2011). https://doi.org/10.1109/ARES.2011.94
Singaravelu, L., Pu, C.: Fine-grain, end-to-end security for web service compositions. In: IEEE International Conference on Services Computing (SCC 2007), pp. 212–219 (2007). https://doi.org/10.1109/SCC.2007.61
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334 (2007). https://doi.org/10.1109/SP.2007.11
Lin, G., Hong, H., Sun, Z.: A collaborative key management protocol in ciphertext policy attribute-based encryption for cloud data sharing. IEEE Access 5, 9464–9475 (2017). https://doi.org/10.1109/ACCESS.2017.2707126
Khabou, I., Rouached, M., Abid, M., Bouaziz, R., Enhancing web services compositions with privacy capabilities. In: Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services, iiWAS 2015, Brussels, Belgium, pp. 57:1–57:9 (2015). https://doi.org/10.1145/2837185.2837240
Khabou, I., Rouached, M., Bouaziz, R., Abid, M.: Towards privacy-aware web services compositions. In: 2016 IEEE International Conference on Computer and Information Technology, CIT 2016, Nadi, Fiji, December 8–10, pp. 367–374 (2016). https://doi.org/10.1109/CIT.2016.26
Carminati, B., Ferrari, E., Tran, N.H.: Secure web service composition with untrusted broker. In: IEEE International Conference on Web Services, pp. 137–144 (2014)
Organization for the Advancement of Structured Information Standards (OASIS): Extensible Access Control Markup Language (XACML), Identity, v.1.1. (2006)
Kaehmer, M., Gilliot, M., Mueller, G.: Automating Privacy Compliance with ExPDT. In: 2008 10th IEEE Conference on E-Commerce Technology and the Fifth IEEE Conference on Enterprise Computing, ECommerce and E-Services, pp. 87–94 (2008). https://doi.org/10.1109/CECandEEE.2008.122
Zuo, C., Shao, J., Wei, G., Xie, M., Ji, M.: CCAsecure ABE with outsourced decryption for fog computing. Future Gener. Comput. Syst. 78, 730–738 (2016). https://doi.org/10.1016/j.future.2016.10.028
Wang, Z., Liu, W.: CP-ABE with outsourced decryption and directionally hidden policy. Secur. Commun. Netw. 9(14), 2387–2396 (2016)
Green, M., Hohenberger, S., Waters, B.: Outsourcing the decryption of ABE ciphertexts, pp. 34–34 (2011)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 89–98 (2006). https://doi.org/10.1145/1180405.1180418
Rouselakis, Y., Waters, B.: New constructions and proof methods for large universe attribute-based encryption. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 463–474 (2013). https://doi.org/10.1145/2508859.2516672
Ziegler, D., Sabongui, J., Palfinger, G.: Fine-grained access control in industrial Internet of Things. In: Dhillon, G., Karlsson, F., Hedström, K., Zúquete, A. (eds.) SEC 2019. IAICT, vol. 562, pp. 91–104. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22312-0_7
Oualha, N., Nguyen, K.T.: Lightweight attribute-based encryption for the Internet of Things. In: 2016 25th International Conference on Computer Communication and Networks (ICCCN), pp. 1–6 (2016). https://doi.org/10.1109/ICCCN.2016.7568538
Hur., J.: Improving security and efficiency in attribute-based data sharing. IEEE Trans. Knowl. Data Eng. 25, 2271–2282 (2013). https://doi.org/10.1109/TKDE.2011.78
Ambrosinet, M., et al.: On the feasibility of attribute-based encryption on Internet of Things Devices. IEEE Micro 36, 25–35 (2016). https://doi.org/10.1109/MM.2016.101
National Institute of Standards & Technology: Recommendation for Key Management, Part 1: General (Rev 4). SP 800-57 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Theuermann, K., Hoerandner, F., Abraham, A., Ziegler, D. (2020). Privacy-Preserving Service Composition with Enhanced Flexibility and Efficiency. In: Gritzalis, S., Weippl, E.R., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2020. Lecture Notes in Computer Science(), vol 12395. Springer, Cham. https://doi.org/10.1007/978-3-030-58986-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-58986-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58985-1
Online ISBN: 978-3-030-58986-8
eBook Packages: Computer ScienceComputer Science (R0)