Abstract
The use of privacy-enhancing cryptographic protocols, such as anonymous credentials and oblivious transfer, could have a detrimental effect on the ability of providers to effectively implement access controls on their content. In this article, we propose a stateful anonymous credential system that allows the provider to implement nontrivial, real-world access controls on oblivious protocols conducted with anonymous users. Our system models the behavior of users as a state machine and embeds that state within an anonymous credential to restrict access to resources based on the state information. The use of state machine models of user behavior allows the provider to restrict the users' actions according to a wide variety of access control models without learning anything about the users' identities or actions. Our system is secure in the standard model under basic assumptions and, after an initial setup phase, each transaction requires only constant time. As a concrete example, we show how to implement the Brewer--Nash (Chinese Wall) and Bell-La Padula (Multilevel Security) access control models within our credential system. Furthermore, we combine our credential system with an adaptive oblivious transfer scheme to create a privacy-friendly oblivious database with strong access controls.
- Aiello, W., Ishai, Y., and Reingold, O. 2001. Priced oblivious transfer: How to sell digital goods. In Advances in Cryptology (EUROCRYPT'01), Lecture Notes in Computer Science, vol. 2045, Springer, Berlin, 119--135. Google ScholarDigital Library
- Bell, D. E. and Padula, L. J. L. 1988. Secure computer system: Unified exposition and Multics interpretation. MITRE Corp., Bedford, MA.Google Scholar
- Biba, K. J. 1977. Integrity considerations for secure computer systems. Tech. rep. ESD-TR-76-372, MITRE Corp. Bedford, MA.Google Scholar
- Blake, I. F. and Kolesnikov, V. 2004. Strong Conditional Oblivious Transfer and Computing on Intervals. In Advances in Cryptology (ASIACRYPT'04), Lecture Notes in Computer Science, vol. 3329, Springer, Berlin, 515--529.Google Scholar
- Boneh, D. and Boyen, X. 2004. Short signatures without random oracles. In Advances in Cryptology (EUROCRYPT'04), Lecture Notes in Computer Science, vol. 3027, Springer, Berlin, 56--73.Google Scholar
- Boneh, D., Boyen, X., and Shacham, H. 2004. Short group signatures. In Advances in Cryptology (CRYPTO'04), Lecture Notes in Computer Science, vol. 3152, Springer, Berlin, 227--242.Google Scholar
- Boudot, F. 2000. Efficient proofs that a committed number lies in an interval. In Advances in Cryptology (EUROCRYPT'00), Lecture Notes in Computer Science, vol. 1807, Springer, Berlin, 431--444. Google ScholarDigital Library
- Brands, S. 1997. Rapid demonstration of linear relations connected by boolean operators. In Advances in Cryptology (EUROCRYPT'97), Lecture Notes in Computer Science, vol. 1233. Springer, Berlin, 318--333. Google ScholarDigital Library
- Brewer, D. F. C. and Nash, M. J. 1989. The Chinese Wall security policy. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 206--214.Google Scholar
- Camenisch, J. and Damgard, I. 2000. Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In Advances in Cryptology (ASIACRYPT '00), Lecture Notes in Computer Science, vol. 1976, 331--345. Google ScholarDigital Library
- Camenisch, J., Dubovitskaya, M., and Neven, G. 2009. Oblivious transfer with access controls. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS'09). ACM, New York, 131--140. Google ScholarDigital Library
- Camenisch, J., Dubovitskaya, M., and Neven, G. 2010. Unlinkable priced oblivious transfer with rechargeable wallets. In Financial Cryptography and Data Security, Lecture Notes in Computer Science, vol. 6052, Springer, Berlin. Google ScholarDigital Library
- Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., and Meyerovich, M. 2006. How to win the clone wars: Efficient periodic n-times anonymous authentication. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06). ACM, New York, 201--210. Google ScholarDigital Library
- Camenisch, J., Hohenberger, S., and Lysyanskaya, A. 2005. Compact e-cash. In Advances in Cryptology (EUROCRYPT'05), Lecture Notes in Computer Science, vol. 3494, Springer, Berlin, 302--321. Google ScholarDigital Library
- Camenisch, J., Hohenberger, S., and Lysyanskaya, A. 2006. Balancing accountability and privacy using e-cash. In Security and Cryptography for Networks, Lecture Notes in Computer Science, vol. 4116, Springer, Berlin, 141--155. Google ScholarDigital Library
- Camenisch, J. and Lysyanskaya, A. 2001. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In Advances in Cryptology (EUROCRYPT'01), Lecture Notes in Computer Science, vol. 2045, Springer, Berlin, 93--118. Google ScholarDigital Library
- Camenisch, J. and Lysyanskaya, A. 2003. A signature scheme with efficient protocols. In Security in Communication Networks, Lecture Notes in Computer Science, vol. 2576, Springer, Berlin, 268--289. Google ScholarDigital Library
- Camenisch, J. and Lysyanskaya, A. 2004. Signature schemes and anonymous credentials from bilinear maps. In Advances in Cryptology (CRYPTO'04), Lecture Notes in Computer Science, vol. 3152, Springer, Berlin, 56--72.Google Scholar
- Camenisch, J. and Michels, M. 1999a. Proving in zero-knowledge that a number n is the product of two safe primes. In Advances in Cryptology (EUROCRYPT'99), Lecture Notes in Computer Science, vol. 1592, Springer, Berlin, 107--122. Google ScholarDigital Library
- Camenisch, J. and Michels, M. 1999b. Seperability and efficiency for generic group signature schemes. InAdvances in Cryptology (CRYPTO'99), Lecture Notes in Computer Science, vol. 1666, Springer, Berlin, 413--430. Google ScholarDigital Library
- Camenisch, J., Neven, G., and Shelat, A. 2007. Simulatable adaptive oblivious transfer. InAdvances in Cryptology (EUROCRYPT'07), Lecture Notes in Computer Science, vol. 4515, Springer, Berlin, 573--590. Google ScholarDigital Library
- Camenisch, J. 1998. Group signature schemes and payment systems based on the discrete logarithm problem. Ph.D. dissertation, ETH Zurich.Google Scholar
- Chan, A., Frankel, Y., and Tsiounis, Y. 1998. Easy come-easy go divisible cash. In Advances in Cryptology (EUROCRYPT'98), Lecture Notes in Computer Science, vol. 1403, Springer, Berlin, 561--575.Google Scholar
- Chaum, D. 1985. Security without identification: Transaction systems to make big brother obsolete. Comm. ACM 28,10, 1030--1044. Google ScholarDigital Library
- Chaum, D. and Pedersen, T. P. 1992. Wallet databases with observers. In Advances in Cryptology (CRYPTO'92), Lecture Notes in Computer Science, vol. 740, Springer, Berlin, 89--105. Google ScholarDigital Library
- Chor, B., Kushilevitz, E., Goldreich, O., and Sudan, M. 1998. Private information retrieval. J. ACM 45, 6, 965--981. Google ScholarDigital Library
- Clark, D. D. and Wilson, D. R. 1987. A Comparison of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Washington, D.C., 27--29.Google Scholar
- Cramer, R., Damgard, I., and MacKenzie, P. 2000. Efficient zero-knowledge proofs of knowledge without intractability assumptions. In Public Key Cryptography, Lecture Notes in Computer Science, vol. 1751, 354--372. Google ScholarDigital Library
- Cramer, R., Damgard, I., and Schoenmakers, B. 1994. Proofs of partial knowledge and simplified design of witness hiding protocols. In Advances in Cryptology (CRYPTO'94), Lecture Notes in Computer Science, vol. 839, Springer, Berlin, 174--187. Google ScholarDigital Library
- Crescenzo, G. D., Ostrovsky, R., and Rajagopolan, S. 1999. Conditional oblivious transfer and time released encryption. In Advances in Cryptology (EUROCRYPT'99), Lecture Notes in Computer Science, vol. 1592, Springer, Berlin, 74--89. Google ScholarDigital Library
- Damgard, I. and Fujisaki, E. 2002. An integer commitment scheme based on groups with hidden order. In Advances in Cryptology (ASIACRYPT'02), Lecture Notes in Computer Science, vol. 2501, Springer, Berlin, 125--142. Google ScholarDigital Library
- Department of Defense. 1985. Trusted computer system evaluation criteria. Tech. rep. DoD 5200.28-STD.Google Scholar
- Dodis, Y. and Yampolskiy, A. 2005. A verifiable random function with short proofs and keys. In Public Key Cryptology (PKC'05), Lecture Notes in Computer Science, vol. 3386. Springer, Berlin, 416--431. Google ScholarDigital Library
- Fischlin, M. and Schroder, D. 2009. Security of blind signatures under aborts. In Public Key Cryptography (PKC'09), Lecture Notes in Computer Science, vol. 5443, Springer, Berlin, 297--316. Google ScholarDigital Library
- Fujisaki, E. and Okamoto, T. 1997. Statistical zero knowledge protocols to prove modular polynomial relations. In Advances in Cryptology (CRYPTO'97), Lecture Notes in Computer Science, vol. 1294, Springer, Berlin, 16--30. Google ScholarDigital Library
- Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. ACM 33, 4, 792--807. Google ScholarDigital Library
- Goldreich, O., Micali, S., and Wigderson, A. 1986. Proofs that yield nothing but their validity and a methodology of cryptographic protocol design. In Proceeding of the 27th Annual Symposium on Foundations of Computer Science (FOCS'86), IEEE, Los Alamitos, CA, 174--187. Google ScholarDigital Library
- Goldwasser, S., Micali, S., and Rivest, R. L. 1988. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 2, 281--308. Google ScholarDigital Library
- Google. 2009. Google Health. https://www.google.com/health.Google Scholar
- Green, M. and Hohenberger, S. 2007. Blind identity-based encryption and simulatable oblivious transfer. In Advances in Cryptology (ASIACRYPT'07), Lecture Notes in Computer Science, vol. 4833, Springer, Berlin, 265--282. Google ScholarDigital Library
- Jarecki, S. and Liu, X. 2009. Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection. In Theory of Cryptography, Lecture Notes in Computer Science, vol. 5444, Springer, Berlin, 577--594. Google ScholarDigital Library
- Lampson, B. W. 1969. Dynamic protection structures. In Proceedings of the AFIPS '69 Fall Joint Computer Conference. ACM, New York, 27--38. Google ScholarDigital Library
- Lysyanskaya, A. 2002. Signature schemes and applications to cryptographic protocol design. Ph.D. dissertation, MIT, Cambridge, MA. Google ScholarDigital Library
- Microsoft. 2009. Microsoft HealthVault. http://www.healthvault.com/.Google Scholar
- Naor, M. and Pinkas, B. 1999. Oblivious transfer with adaptive queries. In Advances in Cryptology (CRYPTO'99), Lecture Notes in Computer Science, vol. 1666, Springer, Berlin, 573--590. Google ScholarDigital Library
- Naor, M. and Reingold, O. 1997. Number-theoretic constructions of efficient pseudo-random functions. In Proceedings of the Annual IEEE Symposium on Foundations of Computer Science (FOCS'97). IEEE, Los Alamitos, CA, 458--467. Google ScholarDigital Library
- Ogata, W. and Kurosawa, K. 2004. Oblivious keyword search. Special issue on coding and cryptography. J. Complexity 20, 2--3, 356--371. Google ScholarDigital Library
- Pedersen, T. P. 1992. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology (CRYPTO'92). Lecture Notes in Computer Science, vol. 576, Springer, Berlin, 129--140. Google ScholarDigital Library
- Schnorr, C.-P. 1991. Efficient signature generation for smart cards. J. Cryptology 4, 3, 239--252.Google ScholarDigital Library
- Teranishi, I., Furukawa, J., and Sako, K. 2004. k-times anonymous authentication. In Advances in Cryptology (ASIACRYPT'04), Lecture Notes in Computer Science, vol. 3329, Springer, Berlin, 308--322.Google Scholar
- Waters, B. 2005. Efficient identity-based encryption without random oracles. In Advances in Cryptology (EUROCRYPT'05), Lecture Notes in Computer Science, vol. 3494, Springer, Berlin, 114--127. Google ScholarDigital Library
Index Terms
- Access controls for oblivious and anonymous systems
Recommendations
Oblivious transfer with access control
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityWe present a protocol for anonymous access to a database where the different records have different access control permissions. These permissions could be attributes, roles, or rights that the user needs to have in order to access the record. Our ...
Universally composable adaptive oblivious transfer (with access control) from standard assumptions
DIM '13: Proceedings of the 2013 ACM workshop on Digital identity managementIn this paper, we provide the first scheme that realises an attribute-based access control system for static resources that offers maximal privacy and is secure in the universal composability framework (UC). More precisely, we offer a protocol for ...
Oblivious transfer with hidden access control policies
PKC'11: Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptographyConsider a database where each record has different access control policies. These policies could be attributes, roles, or rights that the user needs to have in order to access the record. Here we provide a protocol that allows the users to access the ...
Comments