ETSI Releases Security Encryption Specs for 5G and IoT Uses

The European Telecommunications Standards Institute (ETSI) Technical Committee on Cybersecurity recently released two encryption specifications that could be key for access control in highly distributed systems such as 5Gand IoT. The specifications are for Attribute-Based Encryption (ABE) that describes how to secure personal data. ABE is an asymmetric, multi-party cryptographic scheme that bundles access control with data encryption. In such a system, data can only be decrypted if the set of attributes of the user key matches the attributes of the encryption. A standard using ABE avoids binding access to a person’s name, but instead to pseudonymous or anonymous attributes. ETSI says ABE is also space-efficient, since only one ciphertext is needed to cater for all access control needs of a given data set. The first specification defines personal data protection on IoT devices, WLAN, cloud, and mobile services where secure access to data has to be given to multiple parties. The second specification defines trust models, functions, and protocols to control access to data. Both specifications enable compliance with the General Data Protection Regulation (GDPR), enforced since May 2018, by allowing secure exchange of personal data among data controllers and data processors. ABE might sound a bit similar to blockchain. But in an email to SDxCentral, an ETSI spokesperson said they are not the same. “At the core, blockchain provides strong integrity assurance by chaining blocks together using cryptographic hashes. There is no built-in confidentiality (no encryption). So-called anonymity is provided by digital signature using key pairs, which in fact act as pseudonyms.