This paper presents Droplet, a decentralized data access control service. Droplet enables data owners to securely and selectively share their encrypted data while guaranteeing data confidentiality in the presence of unauthorized parties and compromised data servers. Droplet's contribution lies in coupling two key ideas: (i) a cryptographically-enforced access control construction for encrypted data streams which enables users to define fine-grained stream-specific access policies, and (ii) a decentralized authorization service that serves user-defined access policies. In this paper, we present Droplet's design, the reference implementation of Droplet, and the experimental results of three case-study applications deployed with Droplet: Fitbit activity tracker, Ava health tracker, and ECOviz smart meter dashboard, demonstrating Droplet's applicability for secure sharing of IoT streams.
翻译:本文介绍一个分散的数据访问控制服务 " 液滴 " 。 " 液滴 " 使数据所有者能够安全和有选择地分享其加密数据,同时在未经授权的当事方和失密的数据服务器面前保证数据保密。 " 液滴 " 的贡献在于将两个关键想法结合起来:(一) 加密数据流的加密强化出入控制结构,使用户能够定义细微的流访问政策,以及(二) 一种为用户定义的访问政策服务的分散授权服务。本文介绍了 " 液滴 " 的设计、 " 液滴 " 的参考实施,以及三个与 " 液滴 " 一起部署的案例研究应用的实验结果: " Fitbit 活动跟踪器 " 、 " Ava健康追踪器 " 和 " Ecoviz " 智能仪表仪,展示 " 液滴 " 可用于安全共享IoT流。