ABSTRACT
In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is granted if Alice's credentials satisfy Bob's access policy. The literature contains many scenarios in which it is desirable to carry out such trust negotiations in a privacy-preserving manner, i.e., so as minimize the disclosure of credentials and/or of access policies. Elegant solutions were proposed for achieving various degrees of privacy-preservation through minimal disclosure. In this paper, we present an efficient protocol that protects both sensitive credentials and policies. That is, Alice gets the resource only if she satisfies Bob's policy, Bob does not learn anything about Alice's credentials (not even whether Alice got access or not), and Alice learns neither Bob's policy structure nor which credentials caused her to gain access.
- D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. In Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages 213--229. Springer, 2001.Google ScholarDigital Library
- J. E. Holt, R. W. Bradshaw, K. E. Seamons, and H. Orman. Hidden credentials. In Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society, Oct. 2003. Google ScholarDigital Library
- A. C. Yao. How to generate and exchange secrets. In Proceedings of the 27th IEEE Symposium on Foundations of Computer Science, pages 162--167. IEEE Computer Society Press, 1986.Google ScholarDigital Library
Index Terms
- Hidden access control policies with hidden credentials
Recommendations
Attribute-Based Access Control with Hidden Policies and Hidden Credentials
In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is ...
Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisions
PST '12: Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST)The growing adoption of cloud technology in sensitive application domains, such as medicine, gives rise to new problems in maintaining the privacy of the involved parties during authorisation. In such domains, an honest but curious service provider can ...
Oblivious transfer with hidden access control policies
PKC'11: Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptographyConsider a database where each record has different access control policies. These policies could be attributes, roles, or rights that the user needs to have in order to access the record. Here we provide a protocol that allows the users to access the ...
Comments