Skip to main content
SpringerLink
Log in
Book cover

International Conference on E-Business and Telecommunications

ICETE 2016: E-Business and Telecommunications pp 291–315Cite as

Attribute-Based Privacy-Friendly Access Control with Context

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 764))

Abstract

In the last decade, the Internet landscape transformed into a service platform. This evolution has brought more importance to security requirements like strong authentication. We propose a secure and privacy-friendly way to augment authentication mechanisms of Online services by taking context into account. Contextual information, such as location, proximity or the current role of a user in a system is useful to help authenticate and authorize users. Context, however, is often of a personal nature and introduces privacy risks. In addition, a source of such contextual information should provide trustworthy information.

In this work, a policy language to express attribute-based and contextual requirements is proposed. In addition, we define a set of protocols to gather, verify and use contextual information and user-attributes originating from third-party systems. The system protects the user’s privacy as service providers do not learn precise context information, and avoids linkabilities. Finally, we have implemented this system and our experimental evaluation shows that it is practical to use.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Note that these attributes can remain hidden during a credential show.

  2. 2.

    Although smartphone applications do not have access to cell tower authenticity information, such a feature is technically possible and the source is controlled by a trustworthy entity.

  3. 3.

    Details about the cryptographic protocol of uCentive, and how uCentive prevents users from providing someone else’s pseudonym can be found in [29].

  4. 4.

    Note that, due to the limited validity of these signatures, the security parameters can be relaxed compared to certificate signatures.

References

  1. Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)

    Article  Google Scholar 

  2. Stanislav, M.: Two-factor authentication (2015)

    Google Scholar 

  3. Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: USENIX Security, pp. 301–316 (2012)

    Google Scholar 

  4. Abowd, G.D., Dey, A.K., Brown, P.J., Davies, N., Smith, M., Steggles, P.: Towards a better understanding of context and context-awareness. In: Gellersen, H.-W. (ed.) HUC 1999. LNCS, vol. 1707, pp. 304–307. Springer, Heidelberg (1999). doi:10.1007/3-540-48157-5_29

    Chapter  Google Scholar 

  5. Groopman, J.: Consumer perceptions of privacy in the internet of things. Altimeter Group (2015)

    Google Scholar 

  6. Put, A., De Decker, B.: PACCo: privacy-friendly access control with context. In: SECRYPT (2016)

    Google Scholar 

  7. Rissanen, E., et al.: eXtensible access control markup language (XACML) version 3.0 (2013)

    Google Scholar 

  8. Matheus, A., Herrmann, J.: Geospatial eXtensible access control markup language (GeoXACML). Open Geospatial Consortium Inc., OGC (2008)

    Google Scholar 

  9. Ray, I., Toahchoodee, M.: A spatio-temporal role-based access control model. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 211–226. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73538-0_16

    Chapter  Google Scholar 

  10. Atluri, V., Chun, S.A.: A geotemporal role-based authorisation system. Int. J. Inf. Comput. Secur. 1(1–2), 143–168 (2007)

    Google Scholar 

  11. Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 113–122. ACM (2008)

    Google Scholar 

  12. Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web-services. Distrib. Parallel Databases 18(1), 83–105 (2005)

    Article  Google Scholar 

  13. Hu, J., Weaver, A.C.: A dynamic, context-aware security infrastructure for distributed healthcare applications. In: Proceedings of the First Workshop on Pervasive Privacy Security, Privacy, and Trust, pp. 1–8. Citeseer (2004)

    Google Scholar 

  14. Ardagna, C.A., Di Vimercati, S.D.C., Foresti, S., Grandison, T.W., Jajodia, S., Samarati, P.: Access control for smarter healthcare using policy spaces. Comput. Secur. 29(8), 848–858 (2010)

    Article  Google Scholar 

  15. Jafarian, J.H., Amini, M.: CAMAC: a context-aware mandatory access control model. ISC Int. J. Inf. Secur. 1(1), 35–54 (2009)

    Google Scholar 

  16. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: 2005 IEEE International Conference on Web Services. IEEE (2005)

    Google Scholar 

  17. Vimercati, S.D.C.D., Foresti, S., Jajodia, S., Paraboschi, S., Psaila, G., Samarati, P.: Integrating trust management and access control in data-intensive web applications. ACM Trans. Web (TWEB) 6(2), 6 (2012)

    Google Scholar 

  18. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31540-4_4

    Chapter  Google Scholar 

  19. Hintze, D., Findling, R.D., Muaaz, M., Koch, E., Mayrhofer, R.: CORMORANT: towards continuous risk-aware multi-modal cross-device authentication. In: UbiComp/ISWC 2015 Adjunct (2015)

    Google Scholar 

  20. Shebaro, B., Oluwatimi, O., Bertino, E.: Context-based access control systems for mobile devices. IEEE Trans. Dependable Secure Comput. 12(2), 150–163 (2015)

    Article  Google Scholar 

  21. Hayashi, E., Das, S., Amini, S., Hong, J., Oakley, I.: CASA: context-aware scalable authentication. In: Proceedings of the Ninth Symposium on Usable Privacy and Security. SOUPS 2013, pp. 3:1–3:10. ACM, New York (2013)

    Google Scholar 

  22. Hulsebosch, R., Salden, A., Bargh, M., Ebben, P., Reitsma, J.: Context sensitive access control. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 111–119. ACM (2005)

    Google Scholar 

  23. Housley, R., Polk, W., Ford, W., Solo, D.: Internet x. 509 public key infrastructure certificate and certificate revocation list (CRL) profile (2002)

    Google Scholar 

  24. Sabouri, A., Krontiris, I., Rannenberg, K.: Attribute-based credentials for trust (ABC4Trust). In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 218–219. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32287-7_21

    Chapter  Google Scholar 

  25. Paquin, C., Zaverucha, G.: U-prove cryptographic specification v1. 1. Technical report, Microsoft Technical Report (2011). http://connect.microsoft.com/site1188

  26. Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003). doi:10.1007/3-540-36413-7_20

    Chapter  Google Scholar 

  27. Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM (2002)

    Google Scholar 

  28. Camenisch, J., Stadler, M., Camenisch, J., Camenisch, J.: Proof systems for general statements about discrete logarithms. Citeseer (1997)

    Google Scholar 

  29. Milutinovic, M., Dacosta, I., Put, A., Decker, B.D.: uCentive: an efficient, anonymous and unlinkable incentives scheme. In: Trustcom/BigDataSE/ISPA, 2015 IEEE. vol. 1, pp. 588–595. IEEE (2015)

    Google Scholar 

  30. Abe, M., Okamoto, T.: Provably secure partially blind signatures. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 271–286. Springer, Heidelberg (2000). doi:10.1007/3-540-44598-6_17

    Chapter  Google Scholar 

  31. Singelee, D., Preneel, B.: Location verification using secure distance bounding protocols. In: IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, p. 7-pp. IEEE (2005)

    Google Scholar 

  32. Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). doi:10.1007/3-540-48285-7_30

    Chapter  Google Scholar 

  33. Put, A., Dacosta, I., Milutinovic, M., De Decker, B.: PriMan: facilitating the development of secure and privacy-preserving applications. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 403–416. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55415-5_34

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, imec-DistriNet, KU Leuven, Celestijnenlaan 200A, 3001, Heverlee, Belgium

    Andreas Put & Bart De Decker

Authors
  1. Andreas Put
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bart De Decker
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andreas Put .

Editor information

Editors and Affiliations

  1. Department of Computer and Information Science, Fordham University, Bronx, New York, USA

    Mohammad S. Obaidat

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Put, A., De Decker, B. (2017). Attribute-Based Privacy-Friendly Access Control with Context. In: Obaidat, M. (eds) E-Business and Telecommunications. ICETE 2016. Communications in Computer and Information Science, vol 764. Springer, Cham. https://doi.org/10.1007/978-3-319-67876-4_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67876-4_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67875-7

  • Online ISBN: 978-3-319-67876-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation