Article

Hidden Credentials

Authors:

Jason E. Holt,

Robert W. Bradshaw,

Kent E. Seamons,

Hilarie OrmanAuthors Info & Claims

WPES '03: Proceedings of the 2003 ACM workshop on Privacy in the electronic society

Pages 1 - 8

https://doi.org/10.1145/1005140.1005142

Published: 30 October 2003 Publication History

Get Access

Abstract

Hidden Credentials are useful in situations where requests for service, credentials, access policies and resources are extremely sensitive. We show how transactions which depend on fulfillment of policies described by monotonic boolean formulae can take place in a single round of messages. We further show how credentials that are never revealed can be used to retrieve sensitive resources.

References

[1]

D. Balfanz, G. Durfee, N. Shankar, D. Smetters, J. Staddon, H. C. Wong. Secret Handshakes from Pairing-Based Key Agreements. IEEE Symposium on Security and Privacy (Oakland 2003), Oakland, California, June 2003.]]

Digital Library

Google Scholar

[2]

J. C. Benaloh and J. Leichter. Generalized Secret Sharing and Monotone Functions. Proceedings of Crypto 1988, Advances in Cryptology, Lecture Notes in Computer Science, Vol. 403, S. Goldwasser Ed., Springer-Verlag, pp. 27--35, 1990.]]

Digital Library

Google Scholar

[3]

P. A. Bonatti, P. Samarati. Regulating service access and information release on the Web. Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece, November 2000.]]

Digital Library

Google Scholar

[4]

D. Boneh and M. Franklin. Identity based encryption from the Weil pairing. Extended abstract in proceedings of Crypto 2001, Advances in Cryptology, Lecture Notes in Computer Science, Vol. 2139, Springer-Verlag, pp. 213--229, 2001.]]

Digital Library

Google Scholar

[5]

N. Li, W. Du, D. Boneh. Oblivious Signature-Based Envelope. ACM Symposium on Principles of Distributed Computing (PODC 2003), Boston, Massachusetts, July 2003.]]

Digital Library

Google Scholar

[6]

K. E. Seamons, M. Winslett, and T. Yu. Limiting the Disclosure of Access Control Policies During Automated Trust Negotiation. Network and Distributed System Security Symposium, San Diego, CA, February 2001.]]

Google Scholar

[7]

W. H. Winsborough and N. Li. Protecting Sensitive Attributes in Automated Trust Negotiation. Proceedings of ACM Workshop on Privacy in the Electronic Society, Washington, DC, November 2002.]]

Digital Library

Google Scholar

[8]

W. H. Winsborough and N. Li. Towards Practical Trust Negotiation. Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, California, June 2002.]]

Crossref

Google Scholar

[9]

W. H. Winsborough, K. E. Seamons, and V. E. Jones. Automated Trust Negotiation. DARPA Information Survivability Conference and Exposition, Hilton Head, SC, January 2000.]]

Google Scholar

[10]

M. Winslett, T. Yu, K. E. Seamons, A. Hess, J. Jacobson, R. Jarvis, B. Smith, and L. Yu. Negotiating Trust on the Web. IEEE Internet Computing, Volume 6, No. 6, November/December 2002.]]

Digital Library

Google Scholar

[11]

T. Yu, M. Winslett. A Unified Scheme for Resource Protection in Automated Trust Negotiation. IEEE Symposium on Security and Privacy (Oakland 2003), Oakland, California, June 2003.]]

Digital Library

Google Scholar

Cited By

View all

Rhee HLee D(2021)Anonymous IBE from PEKS: A Generic ConstructionInformation Security Applications10.1007/978-3-030-89432-0_9(105-118)Online publication date: 27-Oct-2021
https://doi.org/10.1007/978-3-030-89432-0_9
Upadhyay PMehta R(2020)TBSAC: Token-Based Secured Access Control for Cloud DataAmbient Communications and Computer Systems10.1007/978-981-15-1518-7_20(243-253)Online publication date: 14-Mar-2020
https://doi.org/10.1007/978-981-15-1518-7_20
Andersen MKumar SAbdelBaky MFierro GKolb JKim HCuller DPopa RHeninger NTraynor P(2019)WAVEProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361434(1375-1392)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361434
Show More Cited By

Index Terms

Hidden Credentials
1. Security and privacy
  1. Security services
    1. Access control
    2. Authentication
  2. Systems security
    1. Operating systems security

Recommendations

Concealing complex policies with hidden credentials
CCS '04: Proceedings of the 11th ACM conference on Computer and communications security

Hidden credentials are useful in protecting sensitive resource requests, resources, policies, and credentials. We propose a significant performance improvement when implementing hidden credentials using Boneh/Franklin Identity Based Encryption. We also ...
Attribute-Based Access Control with Hidden Policies and Hidden Credentials

In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is ...
Hidden access control policies with hidden credentials
WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society

In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is ...

Comments

Information & Contributors

Information

Published In

WPES '03: Proceedings of the 2003 ACM workshop on Privacy in the electronic society

October 2003

135 pages

ISBN:1581137761

DOI:10.1145/1005140

General Chair:
Sushil Jajodia
George Mason University
,
Program Chairs:
Pierangela Samarati
University of Milan, Italy
,
Paul Syverson
Naval Research Lab

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2003

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS03

Sponsor:

SIGSAC

CCS03: Tenth ACM Conference on Computer and Communications Security 2003

30 10 2003

Washington, DC

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

100
Total Citations
View Citations
637
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rhee HLee D(2021)Anonymous IBE from PEKS: A Generic ConstructionInformation Security Applications10.1007/978-3-030-89432-0_9(105-118)Online publication date: 27-Oct-2021
https://doi.org/10.1007/978-3-030-89432-0_9
Upadhyay PMehta R(2020)TBSAC: Token-Based Secured Access Control for Cloud DataAmbient Communications and Computer Systems10.1007/978-981-15-1518-7_20(243-253)Online publication date: 14-Mar-2020
https://doi.org/10.1007/978-981-15-1518-7_20
Andersen MKumar SAbdelBaky MFierro GKolb JKim HCuller DPopa RHeninger NTraynor P(2019)WAVEProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361434(1375-1392)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361434
Kuchta VSharma GSahu RMarkowitch O(2017)Generic Framework for Attribute-Based Group SignatureInformation Security Practice and Experience10.1007/978-3-319-72359-4_51(814-834)Online publication date: 8-Dec-2017
https://doi.org/10.1007/978-3-319-72359-4_51
Michalevsky YNath SLiu JChen YGruteser MHu YSundaresan K(2016)MASHaBLEProceedings of the 22nd Annual International Conference on Mobile Computing and Networking10.1145/2973750.2973778(387-400)Online publication date: 3-Oct-2016
https://dl.acm.org/doi/10.1145/2973750.2973778
He ZCai ZHan QTong WSun LLi Y(2016)An energy efficient privacy-preserving content sharing scheme in mobile social networksPersonal and Ubiquitous Computing10.1007/s00779-016-0952-620:5(833-846)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1007/s00779-016-0952-6
Wu DTaly AShankar ABoneh D(2016)Privacy, Discovery, and Authentication for the Internet of ThingsComputer Security – ESORICS 201610.1007/978-3-319-45741-3_16(301-319)Online publication date: 15-Sep-2016
https://doi.org/10.1007/978-3-319-45741-3_16
Gasti PRasmussen KRay IHopper NJansen R(2015)Privacy-preserving User MatchingProceedings of the 14th ACM Workshop on Privacy in the Electronic Society10.1145/2808138.2808148(111-120)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2808138.2808148
Ye X(2015)Access Control for Cloud Applications2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom)10.1109/UIC-ATC-ScalCom-CBDCom-IoP.2015.183(970-977)Online publication date: Aug-2015
https://doi.org/10.1109/UIC-ATC-ScalCom-CBDCom-IoP.2015.183
Lei JLi Y(2014)Vector-Based Sensitive Information Protecting Scheme in Automatic Trust NegotiationJournal of Networks10.4304/jnw.9.4.927-9319:4Online publication date: 1-Apr-2014
https://doi.org/10.4304/jnw.9.4.927-931
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Concealing complex policies with hidden credentials

Attribute-Based Access Control with Hidden Policies and Hidden Credentials

Hidden access control policies with hidden credentials

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations