D4.6 Final CITADEL Security Toolkit
Total Page:16
File Type:pdf, Size:1020Kb
D4.6 – Final CITADEL security toolkit Version 1.0 – Final. Date: 31.03.2019 Empowering Citizens to Transform European Public Administrations Deliverable D4.6 Final CITADEL security toolkit Editor(s): Domenico Rotondi, Diomede Illuzzi, Marco Saltarella Responsible Partner: Fincons Status-Version: V1.0 Date: 31/03/2019 Distribution level (CO, PU): PU Project Title: CITADEL Contract No. GA 726755 www.citadel-h2020.eu Page 1 of 67 D4.6 – Final CITADEL security toolkit Version 1.0 – Final. Date: 31.03.2019 Project Number: GA 726755 Project Title: CITADEL Title of Deliverable: Initial CITADEL Security toolkit Due Date of Delivery to the EC: 31/03/2019 Workpackage responsible for WP4 – ICT Enablers to transform the Deliverable: Diomede Illuzzi (FINCONS) Editor(s): Domenico Rotondi (FINCONS) Marco Saltarella (FINCONS) Contributor(s): Marisa Escalante (TECNALIA) Reviewer(s): Gorka Benguria (TECNALIA) Approved by: All Partners Recommended/mandatory WP5 readers: Abstract: This toolkit will include the final development of the service that contains engines for privacy policy computation and data anonymization, privacy watchdog, access rights enforcement and anonymized big data analytics. Keyword List: Security, Privacy, Blockchain Licensing information: Anonymization components are released under Apache 2 Licence and 3 Access and Encryption Manager are released under GPL2. The document itself is delivered as a description for the European Commission about the released software, so it is not public. Disclaimer This document reflects only the author’s views and neither Agency nor the Commission are responsible for any use that may be made of the information contained therein Project Title: CITADEL Contract No. GA 726755 www.citadel-h2020.eu Page 2 of 67 D4.6 – Final CITADEL security toolkit Version 1.0 – Final. Date: 31.03.2019 Document Description Document Revision History Modifications Introduced Version Date Modification Reason Modified by v0.1 01/12/2018 First TOC and sections assignment. FINCONS v0.2 19/01/2019 Access and Encryption Manager FINCONS description first update V0.3 20/02/2019 Access and Encryption Manager FINCONS description final update V0.4 22/03/2019 Internal review of the document FINCONS V0.5 27/03/2019 Review of the document TECNALIA V0.6 30/03/2019 Implementation of modifications FINCONS required by the internal reviewer V1.0 31/03/2019 Ready for submission TECNALIA Project Title: CITADEL Contract No. GA 726755 www.citadel-h2020.eu Page 3 of 67 D4.6 – Final CITADEL security toolkit Version 1.0 – Final. Date: 31.03.2019 Table of Contents Table of Contents .......................................................................................................................... 4 List of Figures ................................................................................................................................ 5 List of Tables .................................................................................................................................. 6 Terms and abbreviations ............................................................................................................... 7 Executive Summary ....................................................................................................................... 8 1 Introduction .......................................................................................................................... 9 1.1 About this deliverable ................................................................................................... 9 1.2 Fitting into overall CITADEL Architecture ...................................................................... 9 1.3 Document structure ...................................................................................................... 9 2 Anonymization component ................................................................................................. 10 2.1 Implementation ........................................................................................................... 10 2.1.1 Functional description ......................................................................................... 10 2.1.2 Technical description .......................................................................................... 11 2.1.2.1 Prototype architecture .................................................................................... 11 2.1.2.2 Technical specifications ................................................................................... 13 2.2 Delivery and usage ...................................................................................................... 14 2.2.1 Package information ........................................................................................... 14 2.2.2 Installation instructions ....................................................................................... 17 2.2.2.1 Pre-Requirements ........................................................................................... 18 2.2.3 User Manual ........................................................................................................ 18 2.2.4 Licensing information .......................................................................................... 23 2.2.5 Download ............................................................................................................ 23 3 Access and Encryption Manager ......................................................................................... 25 3.1 Implementation ........................................................................................................... 25 3.1.1 Functional description ......................................................................................... 25 3.1.2 Design constraints ............................................................................................... 26 3.1.3 Technical description .......................................................................................... 31 3.1.3.1 System Architecture ........................................................................................ 34 3.1.3.2 Municipality of Bari pilot specification ............................................................ 36 3.1.3.3 Technical specifications ................................................................................... 40 3.2 Delivery and usage ...................................................................................................... 40 3.2.1 Package information ........................................................................................... 40 3.2.1.1 Package extensions to support the Smart Working validation scenario ........ 41 3.2.2 Installation instructions ....................................................................................... 42 3.2.2.1 Pre-Requirements ........................................................................................... 42 3.2.2.2 OpenLDAP configuration and startup ............................................................. 42 Project Title: CITADEL Contract No. GA 726755 www.citadel-h2020.eu Page 4 of 67 D4.6 – Final CITADEL security toolkit Version 1.0 – Final. Date: 31.03.2019 3.2.2.3 OrientDB configuration and startup ................................................................ 44 3.2.2.4 General configuration ..................................................................................... 44 3.2.2.5 Web applications deployment and configuration ........................................... 45 3.2.2.6 HTTPS configuration ........................................................................................ 47 3.2.2.7 Parity configuration and synchronization ....................................................... 49 3.2.2.8 Oracles deployment and configuration ........................................................... 49 3.2.3 User Manual ........................................................................................................ 50 3.2.3.1 Smart Working App User Manual ................................................................... 53 3.2.4 Licensing information .......................................................................................... 55 3.2.5 Download ............................................................................................................ 55 4 Conclusions ......................................................................................................................... 56 References ................................................................................................................................... 57 Annex 1: AuthZ/AuthN and Encryption client libraries .............................................................. 59 Annex 2: Anonymization API ...................................................................................................... 66 List of Figures FIGURE 1. ACCESS AND ENCRYPTION MANAGER WITHIN THE CITADEL ECOSYSTEM ..................................... 9 FIGURE 2. GENERAL ARCHITECTURE OF ANONYMIZATION COMPONENT. ................................................... 12 FIGURE 3. ANONYMIZATION COMPONENT M15 PROTOTYPE HIGH LEVEL ARCHITECTURE ............................ 12 FIGURE 4. UML DIAGRAM OF THE MOST IMPORTANT CLASSES IN THE PUBLIC API [3] ................................. 13 FIGURE 5. EXAMPLE OF K-ANONYMITY, WHERE K=2 AND QUASI IDENTIFIER = {RACE, BIRTH, GENDER, ZIP} ... 14 FIGURE 6. SOURCE FOLDER STRUCTURE OF ANONYMIZATION COMPONENT IN M15 (ARX LIBRARIES) ........... 15 FIGURE