ETSI has released two new technical specifications, TS 103 458 and TS 103 532, that define Attribute-Based Encryption (ABE) standards to enable secure, fine-grained access control for personal data in distributed systems like 5G and IoT. These standards utilize an asymmetric cryptographic scheme where data decryption is possible only when a user’s attributes match the encryption policy, offering stronger security assurance and space efficiency compared to software-based solutions. The specifications support both Ciphertext Policy and Key Policy variants, ensuring interoperability and scalability while facilitating compliance with the GDPR through pseudonymous identity protection. Additionally, the extensible cryptographic layer is designed to accommodate future industry needs and post-quantum security requirements.
Keywords: attribute-based encryption, fine-grained access control, GDPR compliance, post-quantum cryptography, IoT security