Skip to main content
SpringerLink
Log in

On Supporting Secure Information Distribution in Heterogeneous Systems Using Standard Technologies

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

This paper presents an integrated security architecture for heterogeneous distributed systems. Based on the MPEG-21 standard data structures and the MPEG-M standard services, the proposed architecture provides a unified, fine-grained solution for protecting each information unit circulated in the system. In this context, a novel scheme for translating the access control rules, initially expressed by means of the standard MPEG-21 Rights Expression Language, into Ciphertext-Policy Attribute-Based Encryption access trees is introduced, thereby enabling offline authorization based on the users’ attributes, also encapsulated and certified using MPEG-21 licenses. The proposed framework provides a detailed approach in all the steps of the information protection process, from attribute acquisition to data encryption and decryption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Akyildiz, I., Su, W., Sankarasubramaniam, Y., & Cayirci, E. (2002). A survey on sensor networks. IEEE Communications Magazine, 40(8), 102–114.

    Article  Google Scholar 

  2. Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Frohner, A., Gianoli, A., et al. (2004). VOMS, an authorization system for virtual organizations. In F. Fernndez Rivera, M. Bubak, A. Gmez Tato & R. Doallo (Eds.), Grid computing, lecture notes in computer science (Vol. 2970, pp. 33–40). Berlin: Springer.

  3. Antonakopoulou, A., Lioudakis, G. V., Gogoulos, F., Kaklamani, D. I., & Venieris, I. S. (2012). Leveraging access control for privacy protection: A survey. In G. Yee (Ed.), Privacy protection measures and technologies in business organizations: Aspects and standards (pp. 65–94). Hershey, PA: IGI Global.

  4. Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15), 2787–2805.

    Article  MATH  Google Scholar 

  5. Ayed, S., Cuppens-Boulahia, N., & Cuppens, F. (2008). Managing access and flow control requirements in distributed workflows. In Proceedings of the 2008 IEEE/ACS international conference on computer systems and applications (AICCSA 2008) (pp. 702–710). Washington, DC: IEEE Computer Society.

  6. Baden, R., Bender, A., Spring, N., Bhattacharjee, B., & Starin, D. (2009). Persona: An online social network with user-defined privacy. SIGCOMM Computer Communication Review, 39(4), 135–146.

    Article  Google Scholar 

  7. Benaloh, J., Chase, M., Horvitz, E., & Lauter, K. (2009). Patient controlled encryption: Ensuring privacy of electronic medical records. In Proceedings of the 2009 ACM workshop on Cloud computing security (CCSW 2009) (pp. 103–114). New York, NY: ACM.

  8. Bethencourt, J., Sahai, A., & Waters, B. (2013). Advanced crypto software collection. http://hms.isi.jhu.edu/acsc/cpabe/ (online). Last accessed: August 20, 2013.

  9. Bethencourt, J., Sahai, A., & Waters, B. (2007). Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE symposium on security and privacy (SP 2007) (pp. 321–334).

  10. Boneh, D., Gentry, C., & Waters, B. (2005). Collusion resistant broadcast encryption with short ciphertexts and private keys. In V. Shoup (Ed.), Advances in cryptology—CRYPTO 2005, lecture notes in computer science (Vol. 3621, pp. 258–275). Berlin: Springer.

  11. Camarinha-Matos, L., Silveri, I., Afsarmanesh, H., & Oliveira, A. (2005). Towards a framework for creation of dynamic virtual organizations. In L. Camarinha-Matos, H. Afsarmanesh & A. Ortiz (Eds.), Collaborative networks and their breeding environments, IFIP—The International Federation for Information Processing (Vol. 186, pp. 69–80). US: Springer.

  12. Chase, M. (2007). Multi-authority attribute based encryption. In S. Vadhan (Ed.), Proceedings of the 4th conference on theory of cryptography (TCC 2007), lecture notes in computer science (Vol. 4392, pp. 515–534). Berlin: Springer.

  13. Cuppens, F., & Cuppens-Boulahia, N. (2008). Modeling contextual security policies. International Journal of Information Security, 7(4), 285–305.

    Article  Google Scholar 

  14. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., & Samarati, P. (2007). Over-encryption: Management of access control evolution on outsourced data. In Proceedings of the 33rd international conference on very large databases (VLDB 2007). VLDB Endowment (pp. 123–134).

  15. De Capitani di Vimercati, S., Samarati, P., & Sandhu, R. (2014). Access control. In A. Tucker & H. Topi (Eds.), Computer science handbook. Information systems and information technology (3rd ed.). London: Taylor and Francis Group.

  16. Difino, A., Anadiotis, A. C., & Tropea, G. (2011). Proposal for reengineering of MPEG-M reference software. Input document to the International Standards Organization, ISO/IEC JTC 1/SC 29/WG 11 (MPEG).

  17. Difino, A., Mousas, A., Anadiotis, A. C., Ardeleanu, B., & Gkonis, P. (2012). Proposed revised version of MPEG-M part3. Input document to the International Standards Organization, ISO/IEC JTC 1/SC 29/WG 11 (MPEG).

  18. Difino, A., Mousas, A., Anadiotis, A. C., & Llorente, S. (2012). MPEG-M reference software workplan. Input document to the International Standards Organization, ISO/IEC JTC 1/SC 29/WG 11 (MPEG).

  19. Dong, C., Russello, G., & Dulay, N. (2008). Shared and searchable encrypted data for untrusted servers. In V. Atluri (Ed.), Data and applications security XXII, lecture notes in computer science (Vol. 5094, pp. 127–143). Berlin: Springer.

  20. Eugster, P. T., Felber, P. A., Guerraoui, R., & Kermarrec, A. M. (2003). The many faces of publish/subscribe. ACM Computing Surveys, 35(2), 114–131.

    Article  Google Scholar 

  21. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3), 224–274.

    Article  Google Scholar 

  22. FP7 ICT CONVERGENCE. http://www.ict-convergence.eu/.

  23. Gao, A., & Li, Z. (2013). Free global ID against collusion attack on multi-authority attribute-based encryption. Security and Communication Networks, 6(9), 1143–1152.

    Article  Google Scholar 

  24. Hebig, R., Meinel, C., Menzel, M., Thomas, I., & Warschofsky, R. (2009). A web service architecture for decentralised identity- and attribute-based access control. In Proceedings of the IEEE 2009 international conference on web services (ICWS 2009) (pp. 551–558).

  25. Huang, D., & Verma, M. (2009). ASPE: Attribute-based secure policy enforcement in vehicular ad hoc networks. Ad Hoc Networks, 7(8), 1526–1535.

    Article  Google Scholar 

  26. International Standards Organization. (2004). ISO/IEC 14496-13:2004 Information technology—Coding of audio-visual objects—Part 13: Intellectual property management and protection (IPMP) extensions.

  27. International Standards Organization. (2004). ISO/IEC 21000-5:2004 Information technology—Multimedia framework (MPEG-21)—Part 5: Rights expression, language.

  28. International Standards Organization. (2004). ISO/IEC 21000-6:2004 Information technology—Multimedia framework (MPEG-21)—Part 6: Rights data dictionary.

  29. International Standards Organization. (2004). ISO/IEC TR 21000-1:2004 Information technology—Multimedia framework (MPEG-21)—Part 1: Vision, technologies and strategy.

  30. International Standards Organization. (2005). ISO/IEC 21000-2:2005 Information technology—Multimedia framework (MPEG-21)—Part 2: Digital item declaration.

  31. International Standards Organization. (2006). ISO/IEC 21000-4:2006 Information technology—Multimedia framework (MPEG-21)—Part 4: Intellectual property management and protection components.

  32. International Standards Organization. (2013). ISO/IEC 23006-1:2013 Information technology—Multimedia service platform technologies—Part 1: Architecture.

  33. International Standards Organization. (2013). ISO/IEC 23006-3:2013 Information technology—Multimedia service platform technologies—Part 3: Conformance and reference software.

  34. International Telecommunication Union (ITU). (2005). Telecommunication standardization sector: Information technology—Open systems interconnection—The directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509.

  35. Jung, T., Yang Li, X., Wan, Z., & Wan, M. (2013). Privacy preserving cloud data access with multi-authorities. In Proceedings of the 32nd IEEE international conference on computer communications (INFOCOM 2013) (pp. 2625–2633).

  36. Kalam, A., Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., et al. (2003). Organization based access control. In Proceedings of the 4th IEEE international workshop on policies for distributed systems and networks (POLICY 2003) (pp. 120–131).

  37. Karjoth, G., Schunter, M., & Waidner, M. (2003). Platform for enterprise privacy practices: Privacy-enabled management of customer data. In Proceedings of the 2nd international conference on privacy enhancing technologies (PET 2002), lecture notes in computer science (Vol. 2482, pp. 69–84). Berlin: Springer.

  38. Kerschbaum, F., & Robinson, P. (2009). Security architecture for virtual organizations of business web services. Journal of Systems Architecture, 55(4), 224–232.

    Article  Google Scholar 

  39. Koukovini, M. N., Papagiannakopoulou, E. I., Lioudakis, G. V., Dellas, N. M., Kaklamani, D. I., & Venieris, I. S. (2013). An ontology-based approach towards comprehensive workflow modelling. IET Software (to appear).

  40. Koukovini, M. N., Papagiannakopoulou, E. I., Lioudakis, G. V., Kaklamani, D. I., & Venieris, I. S. (2011). A workflow checking approach for inherent privacy awareness in network monitoring. In J. Garcia-Alfaro, G. Navarro-Arribas, N. Cuppens-Boulahia & S. De Capitani di Vimercati (Eds.) Proceedings of the 6th international workshop on data privacy management (DPM 2011), lecture notes in computer science (Vol. 7122, pp. 295–302). Berlin: Springer.

  41. Kudumakis, P., Sandler, M., Anadiotis, A. C. G., Venieris, I. S., Difino, A., Tropea, G., et al. (2013). MPEG-M: A digital media ecosystem for interoperable applications. Signal Processing: Image Communication (scheduled for publication in 2013).

  42. Lerner, J. I., & Mulligan, D. K. (2008). Taking the “long view” on the Fourth Amendment: Stored records and the sanctity of the home. Stanford Technology Law Review, 3, 1–13.

    Google Scholar 

  43. Li, M., Lou, W., & Ren, K. (2010). Data security and privacy in wireless body area networks. IEEE Wireless Communications, 17(1), 51–58.

    Article  Google Scholar 

  44. Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Transactions on Parallel and Distributed Systems, 24(1), 131–143.

    Article  Google Scholar 

  45. Organization for the Advancement of Structured Information Standards (OASIS). (2005). Assertions and protocols for the OASIS security assertion markup language (SAML) version 2.0. OASIS Standard. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.

  46. Organization for the Advancement of Structured Information Standards (OASIS). (2005). eXtensible access control markup language (XACML) version 2.0. OASIS Standard. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.

  47. Papagiannakopoulou, E. I., Koukovini, M. N., Lioudakis, G. V., Dellas, N. M., Garcia-Alfaro, J., Kaklamani, D. I., et al. (2013). Leveraging ontologies upon a holistic privacy-aware access control model. In Proceedings of the 6th international symposium on foundations and practice of security (FPS 2013).

  48. Papagiannakopoulou, E. I., Koukovini, M. N., Lioudakis, G. V., Dellas, N. M., Kaklamani, D. I., & Venieris, I. S. (2014). Leveraging semantic web technologies for access control. In B. Akhgar & H. Arabnia (Eds.), Emerging trends in information and communication technologies security. Los Altos, CA: Morgan Kaufmann.

  49. Papagiannakopoulou, E. I., Koukovini, M. N., Lioudakis, G. V., Garcia-Alfaro, J., Kaklamani, D. I., Venieris, I. S., et al. (2013). A privacy-aware access control model for distributed network monitoring. Computers & Electrical Engineering, 39(7), 2263–2281.

    Article  Google Scholar 

  50. Papazoglou, M. P., & Heuvel, W. J. (2007). Service oriented architectures: Approaches, technologies and research issues. The VLDB Journal, 16, 389–415.

    Article  Google Scholar 

  51. Sahai, A., & Waters, B. (2005). Fuzzy identity-based encryption. In Proceedings of the 24th annual international conference on Theory and Applications of cryptographic techniques, EUROCRYPT’05 (pp. 457–473). Berlin: Springer.

  52. Secretariat, ISO/IEC JTC 1/SC 29. (2013). ISO/IEC JTC 1/SC 29 Programme of work. http://www.itscj.ipsj.or.jp/sc29/29w42911.htm#MPEG-M (online). Last accessed: August 20, 2013.

  53. Shen, H. (2009). A semantic-aware attribute-based access control model for web services. In A. Hua & S. L. Chang (Eds.), Algorithms and architectures for parallel processing, lecture notes in computer science (Vol. 5574, pp. 693–703). Berlin: Springer.

  54. Subramanian, N., Yang, C., & Zhang, W. (2007). Securing distributed data storage and retrieval in sensor networks. In Proceedings of the 5th IEEE international conference on pervasive computing and communications (PerCom 2007) (pp. 191–200).

  55. Trusted Computing Group. (2011). Trusted platform module: Main specification level 2 version 1.2, revision 116. TCG specification. https://www.trustedcomputinggroup.org/resources/tpm_main_specification.

  56. Wang, L., Wijesekera, D., & Jajodia, S. (2004). A logic-based framework for attribute based access control. In Proceedings of the 2004 ACM workshop on formal methods in security engineering (FMSE 2004) (pp. 45–55). New York, NY: ACM.

  57. Wang, W., Li, Z., Owens, R., & Bhargava, B. (2009). Secure and efficient access to outsourced data. In Proceedings of the 2009 ACM workshop on cloud computing security (CCSW 2009) (pp. 55–66). New York, NY: ACM.

  58. Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., et al. (2004). Terminology for policy-based management. RFC 3198 (informational). http://www.ietf.org/rfc/rfc3198.txt.

  59. World Wide Web Consortium. (W3C). Resource description framework (RDF): Concepts and abstract syntax. W3C Recommendation. http://www.w3.org/TR/2004/REC-rdf-syntax-grammar-20040210/ (2004).

  60. Yu, S., Ren, K., & Lou, W. (2011). FDAC: Toward fine-grained distributed data access control in wireless sensor networks. IEEE Transactions on Parallel and Distributed Systems, 22(4), 673–686.

    Article  Google Scholar 

  61. Yuan, E., & Tong, J. (2005). Attributed based access control (ABAC) for web services. In Proceedings of the IEEE international conference on web services (ICWS 2005).

  62. Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of Internet Services and Applications, 1(1), 7–18.

    Article  Google Scholar 

  63. Zhang, R., Giunchiglia, F., Crispo, B., & Song, L. (2010). Relation-based access control: An access control model for context-aware computing environment. Wireless Personal Communications, 55(1), 5–17.

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to express their gratitude to the anonymous reviewers for their insightful comments. This research was partially supported by the European Commission, in the frame of FP7 CONVERGENCE project (Grant No. 257123) [22]. The authors would also like to acknowledge the contribution of the MPEG-21 and MPEG-M communities, through the fruitful discussions we have had around this topic during the standardisation process.

Author information

Authors and Affiliations

  1. School of Electrical and Computer Engineering, National Technical University of Athens, 9, Iroon Polytechniou Str., Athens, Greece

    Aziz S. Mousas, Angelos-Christos G. Anadiotis, Georgios V. Lioudakis, John P. Papanis, Panagiotis K. Gkonis, Dimitra I. Kaklamani & Iakovos S. Venieris

Authors
  1. Aziz S. Mousas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Angelos-Christos G. Anadiotis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Georgios V. Lioudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. John P. Papanis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Panagiotis K. Gkonis
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dimitra I. Kaklamani
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Iakovos S. Venieris
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aziz S. Mousas.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Mousas, A.S., Anadiotis, AC.G., Lioudakis, G.V. et al. On Supporting Secure Information Distribution in Heterogeneous Systems Using Standard Technologies. Wireless Pers Commun 76, 99–119 (2014). https://doi.org/10.1007/s11277-013-1482-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-013-1482-4

Keywords

Search

Navigation