Attribute-Based Access Control with Hidden Policies and Hidden Credentials

Authors:
Keith Frikken;Mikhail Atallah;Jiangtao Li
Affiliations:
-;-;-
Venue:
IEEE Transactions on Computers
Year:
2006

Citing 25
Cited 21

A randomized protocol for signing contracts

Communications of the ACM
Identity-based cryptosystems and signature schemes

Proceedings of CRYPTO 84 on Advances in cryptology
How to play ANY mental game

STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Non-interactive oblivious transfer and applications

CRYPTO '89 Proceedings on Advances in cryptology
Regulating service access and information release on the Web

Proceedings of the 7th ACM conference on Computer and communications security
Efficient oblivious transfer protocols

SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
Interoperable strategies in automated trust negotiation

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Universally composable two-party and multi-party secure computation

STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
The Design of Rijndael

The Design of Rijndael
Negotiating Trust on the Web

IEEE Internet Computing
Distributed credential chain discovery in trust management

Journal of Computer Security
Universal circuits (Preliminary Report)

STOC '76 Proceedings of the eighth annual ACM symposium on Theory of computing
Design of a Role-Based Trust-Management Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Unified Scheme for Resource Protection in Automated Trust Negotiation

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Secret Handshakes from Pairing-Based Key Agreements

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Oblivious signature-based envelope

Proceedings of the twenty-second annual symposium on Principles of distributed computing
Towards Practical Automated Trust Negotiation

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Decentralized Trust Management

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Cryptography and cryptographic protocols

Distributed Computing - Papers in celebration of the 20th anniversary of PODC
Foundations of Cryptography: Volume 2, Basic Applications

Foundations of Cryptography: Volume 2, Basic Applications
Hidden Credentials

Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Concealing complex policies with hidden credentials

Proceedings of the 11th ACM conference on Computer and communications security
Fairplay—a secure two-party computation system

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
How to generate and exchange secrets

SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Public-key cryptosystems based on composite degree residuosity classes

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques

Policy decomposition for collaborative access control

Proceedings of the 13th ACM symposium on Access control models and technologies
Preserving confidentiality of security policies in data outsourcing

Proceedings of the 7th ACM workshop on Privacy in the electronic society
Distributed Authorization by Multiparty Trust Negotiation

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
PBES: a policy based encryption system with application to data sharing in the power grid

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Towards a dynamic and composable model of trust

Proceedings of the 14th ACM symposium on Access control models and technologies
Practical Secure Evaluation of Semi-private Functions

ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Oblivious enforcement of hidden information release policies

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Universally-composable two-party computation in two rounds

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Privacy-preserving trust verification

Proceedings of the 15th ACM symposium on Access control models and technologies
A secure collaboration service for dynamic virtual organizations

Information Sciences: an International Journal
Fine-grained disclosure of access policies

ICICS'10 Proceedings of the 12th international conference on Information and communications security
Oblivious transfer with hidden access control policies

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Privacy enhanced access control by means of policy blinding

ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
Enabling privacy-preserving semantic presence in instant messaging systems

CONTEXT'11 Proceedings of the 7th international and interdisciplinary conference on Modeling and using context
Eyeing your exposure: quantifying and controlling information sharing for improved privacy

Proceedings of the Seventh Symposium on Usable Privacy and Security
Efficient oblivious transfers with access control

Computers & Mathematics with Applications
Mitigating the malicious trust expansion in social network service

ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Anonymity in attribute-based group signatures

ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage

Computers and Electrical Engineering
Fine-grained access control for cloud computing

International Journal of Grid and Utility Computing
A systematic approach to practically efficient general two-party secure function evaluation protocols and their modular design

Journal of Computer Security

Quantified Score

Hi-index	14.98

Visualization

Abstract

In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is granted if Alice's credentials satisfy Bob's access policy. The literature contains many scenarios in which it is desirable to carry out such trust negotiations in a privacy-preserving manner, i.e., so as minimize the disclosure of credentials and/or of access policies. Elegant solutions were proposed for achieving various degrees of privacy-preservation through minimal disclosure. In this paper, we present protocols that protect both sensitive credentials and sensitive policies. That is, Alice gets the resource only if she satisfies the policy, Bob does not learn anything about Alice's credentials (not even whether Alice got access), and Alice learns neither Bob's policy structure nor which credentials caused her to gain access. Our protocols are efficient in terms of communication and in rounds of interaction.