Detail publikace

Privacy-Friendly Access Control Based on Personal Attributes

HAJNÝ, J. MALINA, L. TĚTHAL, O.

Originální název

Privacy-Friendly Access Control Based on Personal Attributes

Anglický název

Privacy-Friendly Access Control Based on Personal Attributes

Jazyk

en

Originální abstrakt

In attribute-based access control systems, the attribute ownership instead of identity is verified before an access to private services or areas is granted. This approach allows more privacy-friendly verification of users since only individual attributes (such as age, citizenship or ticket ownership) are disclosed to service providers, not the complete identity. Unfortunately, there are very few cryptographic systems allowing practical attribute-based access control system implementations. The lack of cryptographic schemes is caused by the fact that the good balance between privacy and accountability is very difficult to achieve. In this paper, the first implementation of the HM12 attribute-based scheme and a practical choice of its security parameters are presented. The cryptographic scheme is implemented on off-the-shelf hardware, namely on MultOS programmable smart-cards and, experimentally, on Android devices. Finally, the results from our pilot deployment of the access-control system and the obtained user feedback are presented.

Anglický abstrakt

In attribute-based access control systems, the attribute ownership instead of identity is verified before an access to private services or areas is granted. This approach allows more privacy-friendly verification of users since only individual attributes (such as age, citizenship or ticket ownership) are disclosed to service providers, not the complete identity. Unfortunately, there are very few cryptographic systems allowing practical attribute-based access control system implementations. The lack of cryptographic schemes is caused by the fact that the good balance between privacy and accountability is very difficult to achieve. In this paper, the first implementation of the HM12 attribute-based scheme and a practical choice of its security parameters are presented. The cryptographic scheme is implemented on off-the-shelf hardware, namely on MultOS programmable smart-cards and, experimentally, on Android devices. Finally, the results from our pilot deployment of the access-control system and the obtained user feedback are presented.

Dokumenty

BibTex


@inproceedings{BUT109140,
  author="Jan {Hajný} and Lukáš {Malina} and Ondřej {Těthal}",
  title="Privacy-Friendly Access Control Based on Personal Attributes",
  annote="In attribute-based access control systems, the attribute ownership instead of identity is verified before an access to private services or areas is granted. This approach allows more privacy-friendly verification of users since only individual attributes (such as age, citizenship or ticket ownership) are disclosed to service providers, not the complete identity. Unfortunately, there are very few cryptographic systems allowing practical attribute-based access control system implementations. The lack of cryptographic schemes is caused by the fact that the good balance between privacy and accountability is very difficult to achieve. In this paper, the first implementation of the HM12 attribute-based scheme and a practical choice of its security parameters are presented. The cryptographic scheme is implemented on off-the-shelf hardware, namely on MultOS programmable smart-cards and, experimentally, on Android devices. Finally, the results from our pilot deployment of the access-control system and the obtained user feedback are presented.",
  address="Springer",
  booktitle="Proceedings of IWSEC 14",
  chapter="109140",
  edition="LNCS",
  howpublished="print",
  institution="Springer",
  number="8639",
  year="2014",
  month="august",
  pages="1--16",
  publisher="Springer",
  type="conference paper"
}