Publication detail

Privacy-Friendly Access Control Based on Personal Attributes

HAJNÝ, J. MALINA, L. TĚTHAL, O.

Original Title

Privacy-Friendly Access Control Based on Personal Attributes

Czech Title

Řízení přístupu na základě atributů s ochranou soukromí

English Title

Privacy-Friendly Access Control Based on Personal Attributes

Type

conference paper

Language

en

Original Abstract

In attribute-based access control systems, the attribute ownership instead of identity is verified before an access to private services or areas is granted. This approach allows more privacy-friendly verification of users since only individual attributes (such as age, citizenship or ticket ownership) are disclosed to service providers, not the complete identity. Unfortunately, there are very few cryptographic systems allowing practical attribute-based access control system implementations. The lack of cryptographic schemes is caused by the fact that the good balance between privacy and accountability is very difficult to achieve. In this paper, the first implementation of the HM12 attribute-based scheme and a practical choice of its security parameters are presented. The cryptographic scheme is implemented on off-the-shelf hardware, namely on MultOS programmable smart-cards and, experimentally, on Android devices. Finally, the results from our pilot deployment of the access-control system and the obtained user feedback are presented.

Czech abstract

V tomto článku je prezentována implementace atributového schématu HM12 spolu s nastavením kryptografických parametrů. Schéma je implementováno na běžně dostupném hardwaru, konkrétně programovatelných kartách MultOS a Android zařízeních. Jsou prezentovány výsledky pilotního nasazení.

English abstract

In attribute-based access control systems, the attribute ownership instead of identity is verified before an access to private services or areas is granted. This approach allows more privacy-friendly verification of users since only individual attributes (such as age, citizenship or ticket ownership) are disclosed to service providers, not the complete identity. Unfortunately, there are very few cryptographic systems allowing practical attribute-based access control system implementations. The lack of cryptographic schemes is caused by the fact that the good balance between privacy and accountability is very difficult to achieve. In this paper, the first implementation of the HM12 attribute-based scheme and a practical choice of its security parameters are presented. The cryptographic scheme is implemented on off-the-shelf hardware, namely on MultOS programmable smart-cards and, experimentally, on Android devices. Finally, the results from our pilot deployment of the access-control system and the obtained user feedback are presented.

Keywords

Access Control;Anonymity;Smart-Cards;Privacy;Attributes;Security;Cryptography

RIV year

2014

Released

27.08.2014

Publisher

Springer

ISBN

978-3-319-09842-5

Book

Proceedings of IWSEC 14

Edition

LNCS

Edition number

8639

Pages from

1

Pages to

16

Pages count

287

BibTex


@inproceedings{BUT109140,
  author="Jan {Hajný} and Lukáš {Malina} and Ondřej {Těthal}",
  title="Privacy-Friendly Access Control Based on Personal Attributes",
  annote="In attribute-based access control systems, the attribute ownership instead of identity is verified before an access to private services or areas is granted. This approach allows more privacy-friendly verification of users since only individual attributes (such as age, citizenship or ticket ownership) are disclosed to service providers, not the complete identity. Unfortunately, there are very few cryptographic systems allowing practical attribute-based access control system implementations. The lack of cryptographic schemes is caused by the fact that the good balance between privacy and accountability is very difficult to achieve. In this paper, the first implementation of the HM12 attribute-based scheme and a practical choice of its security parameters are presented. The cryptographic scheme is implemented on off-the-shelf hardware, namely on MultOS programmable smart-cards and, experimentally, on Android devices. Finally, the results from our pilot deployment of the access-control system and the obtained user feedback are presented.",
  address="Springer",
  booktitle="Proceedings of IWSEC 14",
  chapter="109140",
  edition="LNCS",
  howpublished="print",
  institution="Springer",
  number="8639",
  year="2014",
  month="august",
  pages="1--16",
  publisher="Springer",
  type="conference paper"
}