skip to main content
10.1145/2512410.2512425acmconferencesArticle/Chapter ViewAbstractPublication PagesdareConference Proceedingsconference-collections
research-article

Secure and resilient proximity-based access control

Published: 01 November 2013 Publication History

Abstract

The ubiquity of mobile devices has increased the convenience of communication but it has also introduced personal privacy concerns. In the domain of portable medical records, it is vital to provide authentication which protects personal information from unauthorized users who are located out of legitimate regions. To support such location-based authentication, one possible approach in medical systems is exploiting distance-bounding protocols which allow detecting a user's current location to determine whether the user is in trusted physical locations such as a doctor's office. However, sensors that enable distance-bounding protocols are expensive and not widely deployed yet since the required protocols typically need special devices such as devices utilizing ultrasound. To overcome the lack of device deployment, we propose a secure proximity-based access control scheme based on the use of multiple location based service (LBS) devices utilizing Bluetooth which is cheap and already widely used. Furthermore, we provide several ways to prevent various attacks. We report experimental performance results which indicate that access control is executed within 100 ms on Intel i7 processor and in about two seconds on the Android platform. Furthermore, our proposed system achieves communication overhead in O(1) as opposed to digital signatures which grow in O(n).

References

[1]
Einar Mykletun, Maithili Narasimha, and Gene Tsudik, Authentication and Integrity in Outsourced Databases, NDSS'04
[2]
Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham, Aggregate and Verifiably Encrypted Signatures from Bilinear Maps, Eurocrypt'03
[3]
Kasper B. Rasmussen, Claude Castelluccia, Thomas Heydt-Benjamin, and Srdjan Capkun, "Proximity-based Access Control for Implantable Medical Devices," CCS 2009
[4]
Srdjan Capkun and Jean-Pierre Hubaux, "Secure Positioning of Wireless Devices with Application to Sensor Networks," INFOCOM 2005
[5]
Stefan Brands and David Chaum, "Distance-Bounding Protocols," Workshop on the theory and application of cryptographic techniques on Advances in cryptology, 1994
[6]
Andreas Savvides, Chih-Chieh Han and Mani B. Strivastava, "Dynamic Fine-Grained Localization in Ad-Hoc Networks of Sensors," ACM MOBICOM 2000
[7]
Robert J. Fontana and Steven J. Gunderson, "Ultra-Wideband Precision Asset Location System," IEEE UWST 2002
[8]
Kasper Bonne Rasmussen and Srdjan Capkun, "Realization of RF Distance Bounding," USENIX Security 2010
[9]
Srdjan Capkun and Jean-Pierre Hubaux, "Secure Positioning in Wireless Networks," IEEE JSAC 2006
[10]
Adnan Vora and Mikhail Nesterenko, "Secure Location Verification Using Radio Broadcast," IEEE TDSC 2006
[11]
Michael S. Kirkpatrick and Elisa Bertino, Enforcing Spatial Constraints for Mobile RBAC Systems, SACMAT 2010
[12]
https://personal.cis.strath.ac.uk/changyu.dong/jpair/jpair.html
[13]
D. Shaw and W. Kinsner, Multifractal Modelling of Radio Transmitter Transients for Classification, IEEE Conference on Communications, Power and Computing, 1997
[14]
http://standards.ieee.org/findstds/standard/802.15.1--2002.html
[15]
http://www.samsung.com/global/galaxys3/
[16]
http://crypto.stanford.edu/pbc/
[17]
http://en.wikipedia.org/wiki/Trusted_Platform_Module
[18]
http://www.android.com/about/ice-cream-sandwich/
[19]
http://www.zebra.com/us/en/solutions/location-solutions/location-solutions-overview.html
[20]
Halperin, D., Kohno, T., Heydt-Benjamin, T.S., Fu, K., Maisel, W.H., Security and Privacy for Implantable Medical Devices, IEEE Pervasive Computing Magazine, 2008
[21]
Venkatasubramanian, K.K., Vasserman, E.Y., Sokolsky, O., Insup Lee, Security and Interoperable-Medical-Device Systems, IEEE Security & Privacy Magazine, 2012
[22]
Matthew L. Lee and Anind K. Dey. 2008. Lifelogging memory appliance for people with episodic memory impairment. In Proceedings of the 10th international conference on Ubiquitous computing (UbiComp '08). ACM, New York, NY, USA, 44--53.
[23]
Seonguk Heo, Kyuchang Kang and Changseok Bae, Lifelog Collection Using a Smartphone for Medical History, IT Convergence and Services, 2011.
[24]
http://www.healthcare.philips.com/us_en/products/patient_monitoring/products/intellivue_mx40/
[25]
http://en.wikipedia.org/wiki/Bluesniping
[26]
Vladimir Brik, Suman Banerjee, Marco Gruteser, and Sangho Oh. 2008. Wireless device identification with radiometric signatures. In Mobicom'08

Cited By

View all
  • (2023)ICMS: A Flexible Location-Based Access Control System for Mobile DevicesIEEE Systems Journal10.1109/JSYST.2022.320269817:1(1536-1547)Online publication date: Mar-2023
  • (2016)Access control and privilege management in electronic health recordJournal of Medical Systems10.1007/s10916-016-0589-z40:12(1-9)Online publication date: 1-Dec-2016

Index Terms

  1. Secure and resilient proximity-based access control

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    DARE '13: Proceedings of the 2013 international workshop on Data management & analytics for healthcare
    November 2013
    34 pages
    ISBN:9781450324250
    DOI:10.1145/2512410
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 01 November 2013

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. access control
    2. proximity
    3. security

    Qualifiers

    • Research-article

    Conference

    CIKM'13
    Sponsor:

    Acceptance Rates

    DARE '13 Paper Acceptance Rate 5 of 7 submissions, 71%;
    Overall Acceptance Rate 5 of 7 submissions, 71%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)4
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 20 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2023)ICMS: A Flexible Location-Based Access Control System for Mobile DevicesIEEE Systems Journal10.1109/JSYST.2022.320269817:1(1536-1547)Online publication date: Mar-2023
    • (2016)Access control and privilege management in electronic health recordJournal of Medical Systems10.1007/s10916-016-0589-z40:12(1-9)Online publication date: 1-Dec-2016

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media