Cryptographic access control by attributes — ongoing standards development at ETSI

Abstract: Over the last two decades, Attribute-Based Encryption (ABE in short) has been raising academic and industrial interest because of its capability of going beyond the "unveil all or nothing” approach which traditional public key cryptography offers. With the aim of facilitating conformance and interoperability of real-world deployments, in 2018 ETSI — the EU-recognized standards Body for telecommunications, broadcasting and electronic communications — released the first technical specifications proposing ABE as a technique to implement distributed, fine-grained attribute-based access control via cryptography. Addressing some potential use cases, this talk will illustrate ETSI TS 103 532, which standardizes four well-consolidated ciphertext policy and key policy ABE schemas, with two different levels of security and two different functionalities (key exchange/message encryption). The talk will address the main achievements, known limitations and challenges at the present time. In parallel to standardization of more traditional Attribute-Based Encryption schemas, the talk will also introduce the work of ETSI TC CYBER QSC group on solutions using attribute subset covers in pre and post-quantum hybridized key encapsulation mechanisms, which prove to be very efficient and effective when not all combinations of attributes are required in the encryption or key policies.

[Slides] [Video]