One-way accumulators: a decentralized alternative to digital signatures
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Protecting sensitive attributes in automated trust negotiation
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Hidden access control policies with hidden credentials
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Concealing complex policies with hidden credentials
Proceedings of the 11th ACM conference on Computer and communications security
Hi-index | 0.00 |
The notion of Hidden Credentials can be applied to protection of sensitive credentials, resources and policies in Trust Negotiation. It allows the server to encrypt a resource so that only the client with the correct credentials can decrypt it. The existing scheme of hidden credentials requires that the server grant access to the encrypted resource directly to the client during the negotiation without knowing whether or not the client can decrypt it. It would be a burden if the resources were very large. We found that when the server grants access to services rather than resources, the existing hidden credentials schemes are insecure under our policy attacks, since the server can illegally learn the client's credentials from the attack. In this paper, we propose a scheme to stop the server from mounting a policy attack.