Efficient and privacy-preserving enforcement of attribute-based access control

Symposium on Identity and Trust on the Internet Pub Date : 2010-04-13 DOI:10.1145/1750389.1750398

Ning Shang, F. Paci, E. Bertino

{"title":"Efficient and privacy-preserving enforcement of attribute-based access control","authors":"Ning Shang, F. Paci, E. Bertino","doi":"10.1145/1750389.1750398","DOIUrl":null,"url":null,"abstract":"Modern access control models, developed for protecting data from accesses across the Internet, require to verify the identity of users in order to make sure that users have the required permissions for accessing the data. User's identity consists of data, referred to as identity attributes, that encode relevant-security properties of the users. Because identity attributes often convey sensitive information about users, they have to be protected. The Oblivious Commitment-Based Envelope (OCBE) protocols address the protection requirements of both users and service providers. The OCBE protocols makes it possible for a party, referred as sender, to send an encrypted message to a receiver such that the receiver can open the message if and only if its committed value satisfies a predicate and that the sender does not learn anything about the receiver's committed value. The possible predicates are comparison predicates =, ≠, >, <, ≤, ≥. In this paper, we present an extension that improves the efficiency of EQ-OCBE protocol, that is, the OCBE protocol for equality predicates. Our extension allows a party to decrypt data sent by a service provider if and only if the party satisfies all the equality conditions in the access control policy.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium on Identity and Trust on the Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1750389.1750398","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Modern access control models, developed for protecting data from accesses across the Internet, require to verify the identity of users in order to make sure that users have the required permissions for accessing the data. User's identity consists of data, referred to as identity attributes, that encode relevant-security properties of the users. Because identity attributes often convey sensitive information about users, they have to be protected. The Oblivious Commitment-Based Envelope (OCBE) protocols address the protection requirements of both users and service providers. The OCBE protocols makes it possible for a party, referred as sender, to send an encrypted message to a receiver such that the receiver can open the message if and only if its committed value satisfies a predicate and that the sender does not learn anything about the receiver's committed value. The possible predicates are comparison predicates =, ≠, >, <, ≤, ≥. In this paper, we present an extension that improves the efficiency of EQ-OCBE protocol, that is, the OCBE protocol for equality predicates. Our extension allows a party to decrypt data sent by a service provider if and only if the party satisfies all the equality conditions in the access control policy.

查看原文本刊更多论文

高效且保护隐私的基于属性的访问控制

现代访问控制模型是为了防止数据在Internet上被访问而开发的，它需要验证用户的身份，以确保用户具有访问数据所需的权限。用户的身份由称为身份属性的数据组成，这些数据编码了用户的相关安全属性。由于身份属性经常传递有关用户的敏感信息，因此必须对其进行保护。基于遗忘承诺的信封(OCBE)协议解决了用户和服务提供者的保护需求。OCBE协议允许一方(称为发送方)向接收方发送加密消息，当且仅当消息的提交值满足谓词且发送方不了解接收方的提交值时，接收方才能打开消息。可能的谓词是比较谓词=、≠、>、<、≤、≥。本文提出了一种提高EQ-OCBE协议效率的扩展，即等价谓词的OCBE协议。我们的扩展允许一方解密由服务提供者发送的数据，当且仅当该方满足访问控制策略中的所有相等条件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Symposium on Identity and Trust on the Internet

自引率

0.00%

发文量