Safe Data Sharing and Data Dissemination on Smart Devices

TL;DR

This paper presents a client-based access control method for data sharing on smart devices, leveraging hardware security elements to enable dynamic, personalized access rights without re-encrypting data.

Contribution

It introduces a novel approach using hardware security elements to evaluate dynamic access control rules on encrypted data, enhancing flexibility and security.

Findings

Validated on a real smart card platform

Demonstrated applicability in collaborative and parental control applications

Addressed hardware constraints like limited memory and throughput

Abstract

The erosion of trust put in traditional database servers, the growing interest for different forms of data dissemination and the concern for protecting children from suspicious Internet content are different factors that lead to move the access control from servers to clients. Several encryption schemes can be used to serve this purpose but all suffer from a static way of sharing data. In a precedent paper, we devised smarter client-based access control managers exploiting hardware security elements on client devices. The goal pursued is being able to evaluate dynamic and personalized access control rules on a ciphered XML input document, with the benefit of dissociating access rights from encryption. In this demonstration, we validate our solution using a real smart card platform and explain how we deal with the constraints usually met on hardware security elements (small memory and low throughput). Finally, we illustrate the generality of the approach and the easiness of its deployment through two different applications: a collaborative application and a parental control application on video streams.