Abstract
In the last decade, the Internet landscape transformed into a service platform. This evolution has brought more importance to security requirements like strong authentication. We propose a secure and privacy-friendly way to augment authentication mechanisms of Online services by taking context into account. Contextual information, such as location, proximity or the current role of a user in a system is useful to help authenticate and authorize users. Context, however, is often of a personal nature and introduces privacy risks. In addition, a source of such contextual information should provide trustworthy information.
In this work, a policy language to express attribute-based and contextual requirements is proposed. In addition, we define a set of protocols to gather, verify and use contextual information and user-attributes originating from third-party systems. The system protects the user’s privacy as service providers do not learn precise context information, and avoids linkabilities. Finally, we have implemented this system and our experimental evaluation shows that it is practical to use.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Note that these attributes can remain hidden during a credential show.
- 2.
Although smartphone applications do not have access to cell tower authenticity information, such a feature is technically possible and the source is controlled by a trustworthy entity.
- 3.
Details about the cryptographic protocol of uCentive, and how uCentive prevents users from providing someone else’s pseudonym can be found in [29].
- 4.
Note that, due to the limited validity of these signatures, the security parameters can be relaxed compared to certificate signatures.
References
Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)
Stanislav, M.: Two-factor authentication (2015)
Riva, O., Qin, C., Strauss, K., Lymberopoulos, D.: Progressive authentication: deciding when to authenticate on mobile phones. In: USENIX Security, pp. 301–316 (2012)
Abowd, G.D., Dey, A.K., Brown, P.J., Davies, N., Smith, M., Steggles, P.: Towards a better understanding of context and context-awareness. In: Gellersen, H.-W. (ed.) HUC 1999. LNCS, vol. 1707, pp. 304–307. Springer, Heidelberg (1999). doi:10.1007/3-540-48157-5_29
Groopman, J.: Consumer perceptions of privacy in the internet of things. Altimeter Group (2015)
Put, A., De Decker, B.: PACCo: privacy-friendly access control with context. In: SECRYPT (2016)
Rissanen, E., et al.: eXtensible access control markup language (XACML) version 3.0 (2013)
Matheus, A., Herrmann, J.: Geospatial eXtensible access control markup language (GeoXACML). Open Geospatial Consortium Inc., OGC (2008)
Ray, I., Toahchoodee, M.: A spatio-temporal role-based access control model. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 211–226. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73538-0_16
Atluri, V., Chun, S.A.: A geotemporal role-based authorisation system. Int. J. Inf. Comput. Secur. 1(1–2), 143–168 (2007)
Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 113–122. ACM (2008)
Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web-services. Distrib. Parallel Databases 18(1), 83–105 (2005)
Hu, J., Weaver, A.C.: A dynamic, context-aware security infrastructure for distributed healthcare applications. In: Proceedings of the First Workshop on Pervasive Privacy Security, Privacy, and Trust, pp. 1–8. Citeseer (2004)
Ardagna, C.A., Di Vimercati, S.D.C., Foresti, S., Grandison, T.W., Jajodia, S., Samarati, P.: Access control for smarter healthcare using policy spaces. Comput. Secur. 29(8), 848–858 (2010)
Jafarian, J.H., Amini, M.: CAMAC: a context-aware mandatory access control model. ISC Int. J. Inf. Secur. 1(1), 35–54 (2009)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: 2005 IEEE International Conference on Web Services. IEEE (2005)
Vimercati, S.D.C.D., Foresti, S., Jajodia, S., Paraboschi, S., Psaila, G., Samarati, P.: Integrating trust management and access control in data-intensive web applications. ACM Trans. Web (TWEB) 6(2), 6 (2012)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31540-4_4
Hintze, D., Findling, R.D., Muaaz, M., Koch, E., Mayrhofer, R.: CORMORANT: towards continuous risk-aware multi-modal cross-device authentication. In: UbiComp/ISWC 2015 Adjunct (2015)
Shebaro, B., Oluwatimi, O., Bertino, E.: Context-based access control systems for mobile devices. IEEE Trans. Dependable Secure Comput. 12(2), 150–163 (2015)
Hayashi, E., Das, S., Amini, S., Hong, J., Oakley, I.: CASA: context-aware scalable authentication. In: Proceedings of the Ninth Symposium on Usable Privacy and Security. SOUPS 2013, pp. 3:1–3:10. ACM, New York (2013)
Hulsebosch, R., Salden, A., Bargh, M., Ebben, P., Reitsma, J.: Context sensitive access control. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 111–119. ACM (2005)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet x. 509 public key infrastructure certificate and certificate revocation list (CRL) profile (2002)
Sabouri, A., Krontiris, I., Rannenberg, K.: Attribute-based credentials for trust (ABC4Trust). In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 218–219. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32287-7_21
Paquin, C., Zaverucha, G.: U-prove cryptographic specification v1. 1. Technical report, Microsoft Technical Report (2011). http://connect.microsoft.com/site1188
Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003). doi:10.1007/3-540-36413-7_20
Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM (2002)
Camenisch, J., Stadler, M., Camenisch, J., Camenisch, J.: Proof systems for general statements about discrete logarithms. Citeseer (1997)
Milutinovic, M., Dacosta, I., Put, A., Decker, B.D.: uCentive: an efficient, anonymous and unlinkable incentives scheme. In: Trustcom/BigDataSE/ISPA, 2015 IEEE. vol. 1, pp. 588–595. IEEE (2015)
Abe, M., Okamoto, T.: Provably secure partially blind signatures. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 271–286. Springer, Heidelberg (2000). doi:10.1007/3-540-44598-6_17
Singelee, D., Preneel, B.: Location verification using secure distance bounding protocols. In: IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, p. 7-pp. IEEE (2005)
Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). doi:10.1007/3-540-48285-7_30
Put, A., Dacosta, I., Milutinovic, M., De Decker, B.: PriMan: facilitating the development of secure and privacy-preserving applications. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 403–416. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55415-5_34
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Put, A., De Decker, B. (2017). Attribute-Based Privacy-Friendly Access Control with Context. In: Obaidat, M. (eds) E-Business and Telecommunications. ICETE 2016. Communications in Computer and Information Science, vol 764. Springer, Cham. https://doi.org/10.1007/978-3-319-67876-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-67876-4_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67875-7
Online ISBN: 978-3-319-67876-4
eBook Packages: Computer ScienceComputer Science (R0)