A privacy-preserving approach to policy-based content dissemination

Ning Shang, Mohamed Nabeel, Federica Paci, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

57 Citations (Scopus)

Abstract

We propose a novel scheme for selective distribution of content, encoded as documents, that preserves the privacy of the users to whom the documents are delivered and is based on an efficient and novel group key management scheme. Our document broadcasting approach is based on access control policies specifying which users can access which documents, or subdocuments. Based on such policies, a broadcast document is segmented into multiple subdocuments, each encrypted with a different key. In line with modern attribute-based access control, policies are specified against identity attributes of users. However our broadcasting approach is privacy-preserving in that users are granted access to a specific document, or subdocument, according to the policies without the need of providing in clear information about their identity attributes to the document publisher. Under our approach, not only does the document publisher not learn the values of the identity attributes of users, but it also does not learn which policy conditions are verified by which users, thus inferences about the values of identity attributes are prevented. Moreover, our key management scheme on which the proposed broadcasting approach is based is efficient in that it does not require to send the decryption keys to the users along with the encrypted document. Users are able to reconstruct the keys to decrypt the authorized portions of a document based on subscription information they have received from the document publisher. The scheme also efficiently handles new subscription of users and revocation of subscriptions.

Original languageEnglish
Title of host publication26th IEEE International Conference on Data Engineering, ICDE 2010 - Conference Proceedings
Pages944-955
Number of pages12
DOIs
Publication statusPublished - 2010
Externally publishedYes
Event26th IEEE International Conference on Data Engineering, ICDE 2010 - Long Beach, CA, United States
Duration: 1 Mar 20106 Mar 2010

Other

Other26th IEEE International Conference on Data Engineering, ICDE 2010
CountryUnited States
CityLong Beach, CA
Period1/3/106/3/10

Fingerprint

Broadcasting
Access control

ASJC Scopus subject areas

  • Software
  • Signal Processing
  • Information Systems

Cite this

Shang, N., Nabeel, M., Paci, F., & Bertino, E. (2010). A privacy-preserving approach to policy-based content dissemination. In 26th IEEE International Conference on Data Engineering, ICDE 2010 - Conference Proceedings (pp. 944-955). [5447902] https://doi.org/10.1109/ICDE.2010.5447902

A privacy-preserving approach to policy-based content dissemination. / Shang, Ning; Nabeel, Mohamed; Paci, Federica; Bertino, Elisa.

26th IEEE International Conference on Data Engineering, ICDE 2010 - Conference Proceedings. 2010. p. 944-955 5447902.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Shang, N, Nabeel, M, Paci, F & Bertino, E 2010, A privacy-preserving approach to policy-based content dissemination. in 26th IEEE International Conference on Data Engineering, ICDE 2010 - Conference Proceedings., 5447902, pp. 944-955, 26th IEEE International Conference on Data Engineering, ICDE 2010, Long Beach, CA, United States, 1/3/10. https://doi.org/10.1109/ICDE.2010.5447902
Shang N, Nabeel M, Paci F, Bertino E. A privacy-preserving approach to policy-based content dissemination. In 26th IEEE International Conference on Data Engineering, ICDE 2010 - Conference Proceedings. 2010. p. 944-955. 5447902 https://doi.org/10.1109/ICDE.2010.5447902
Shang, Ning ; Nabeel, Mohamed ; Paci, Federica ; Bertino, Elisa. / A privacy-preserving approach to policy-based content dissemination. 26th IEEE International Conference on Data Engineering, ICDE 2010 - Conference Proceedings. 2010. pp. 944-955
@inproceedings{dc7780f1864b4688bfc20bbc1f46e9dd,
title = "A privacy-preserving approach to policy-based content dissemination",
abstract = "We propose a novel scheme for selective distribution of content, encoded as documents, that preserves the privacy of the users to whom the documents are delivered and is based on an efficient and novel group key management scheme. Our document broadcasting approach is based on access control policies specifying which users can access which documents, or subdocuments. Based on such policies, a broadcast document is segmented into multiple subdocuments, each encrypted with a different key. In line with modern attribute-based access control, policies are specified against identity attributes of users. However our broadcasting approach is privacy-preserving in that users are granted access to a specific document, or subdocument, according to the policies without the need of providing in clear information about their identity attributes to the document publisher. Under our approach, not only does the document publisher not learn the values of the identity attributes of users, but it also does not learn which policy conditions are verified by which users, thus inferences about the values of identity attributes are prevented. Moreover, our key management scheme on which the proposed broadcasting approach is based is efficient in that it does not require to send the decryption keys to the users along with the encrypted document. Users are able to reconstruct the keys to decrypt the authorized portions of a document based on subscription information they have received from the document publisher. The scheme also efficiently handles new subscription of users and revocation of subscriptions.",
author = "Ning Shang and Mohamed Nabeel and Federica Paci and Elisa Bertino",
year = "2010",
doi = "10.1109/ICDE.2010.5447902",
language = "English",
isbn = "9781424454440",
pages = "944--955",
booktitle = "26th IEEE International Conference on Data Engineering, ICDE 2010 - Conference Proceedings",

}

TY - GEN

T1 - A privacy-preserving approach to policy-based content dissemination

AU - Shang, Ning

AU - Nabeel, Mohamed

AU - Paci, Federica

AU - Bertino, Elisa

PY - 2010

Y1 - 2010

N2 - We propose a novel scheme for selective distribution of content, encoded as documents, that preserves the privacy of the users to whom the documents are delivered and is based on an efficient and novel group key management scheme. Our document broadcasting approach is based on access control policies specifying which users can access which documents, or subdocuments. Based on such policies, a broadcast document is segmented into multiple subdocuments, each encrypted with a different key. In line with modern attribute-based access control, policies are specified against identity attributes of users. However our broadcasting approach is privacy-preserving in that users are granted access to a specific document, or subdocument, according to the policies without the need of providing in clear information about their identity attributes to the document publisher. Under our approach, not only does the document publisher not learn the values of the identity attributes of users, but it also does not learn which policy conditions are verified by which users, thus inferences about the values of identity attributes are prevented. Moreover, our key management scheme on which the proposed broadcasting approach is based is efficient in that it does not require to send the decryption keys to the users along with the encrypted document. Users are able to reconstruct the keys to decrypt the authorized portions of a document based on subscription information they have received from the document publisher. The scheme also efficiently handles new subscription of users and revocation of subscriptions.

AB - We propose a novel scheme for selective distribution of content, encoded as documents, that preserves the privacy of the users to whom the documents are delivered and is based on an efficient and novel group key management scheme. Our document broadcasting approach is based on access control policies specifying which users can access which documents, or subdocuments. Based on such policies, a broadcast document is segmented into multiple subdocuments, each encrypted with a different key. In line with modern attribute-based access control, policies are specified against identity attributes of users. However our broadcasting approach is privacy-preserving in that users are granted access to a specific document, or subdocument, according to the policies without the need of providing in clear information about their identity attributes to the document publisher. Under our approach, not only does the document publisher not learn the values of the identity attributes of users, but it also does not learn which policy conditions are verified by which users, thus inferences about the values of identity attributes are prevented. Moreover, our key management scheme on which the proposed broadcasting approach is based is efficient in that it does not require to send the decryption keys to the users along with the encrypted document. Users are able to reconstruct the keys to decrypt the authorized portions of a document based on subscription information they have received from the document publisher. The scheme also efficiently handles new subscription of users and revocation of subscriptions.

UR - http://www.scopus.com/inward/record.url?scp=77952783550&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77952783550&partnerID=8YFLogxK

U2 - 10.1109/ICDE.2010.5447902

DO - 10.1109/ICDE.2010.5447902

M3 - Conference contribution

AN - SCOPUS:77952783550

SN - 9781424454440

SP - 944

EP - 955

BT - 26th IEEE International Conference on Data Engineering, ICDE 2010 - Conference Proceedings

ER -