Skip to main content
SpringerLink
Log in

Privacy-Friendly Access Control Based on Personal Attributes

  • Conference paper
Advances in Information and Computer Security (IWSEC 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8639))

Included in the following conference series:

Abstract

In attribute-based access control systems, the attribute ownership instead of identity is verified before an access to private services or areas is granted. This approach allows more privacy-friendly verification of users since only individual attributes (such as age, citizenship or ticket ownership) are disclosed to service providers, not the complete identity. Unfortunately, there are very few cryptographic systems allowing practical attribute-based access control system implementations. The lack of cryptographic schemes is caused by the fact that the good balance between privacy and accountability is very difficult to achieve. In this paper, the first implementation of the HM12 attribute-based scheme and a practical choice of its security parameters are presented. The cryptographic scheme is implemented on off-the-shelf hardware, namely on MultOS programmable smart-cards and, experimentally, on Android devices. Finally, the results from our pilot deployment of the access-control system and the obtained user feedback are presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. U-prove sdk overview. White paper. Tech. rep., Credentica Inc. (2007), http://www.credentica.com/GovOnline.pdf

  2. Apache maven project (2014), http://maven.apache.org

  3. I reveal my attributes, irma (2014), https://www.irmacard.org

  4. Abendroth, J., Liagkou, V., Pyrgelis, A., Raptopoulos, C., et al.: D7. 1 application description for students. Technical report, ABC4Trust (2012)

    Google Scholar 

  5. Bao, F.: An efficient verifiable encryption scheme for encryption of discrete logarithms. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 2000. LNCS, vol. 1820, pp. 213–220. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  6. Bcheri, S., Goetze, N., Orski, M., Zwingelberg, H.: D6. 1 application description for the school deployment. Technical report, ABC4Trust (2012)

    Google Scholar 

  7. Bichsel, P., Camenisch, J., Gro, T., Shoup, V.: Anonymous credentials on a standard java card. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 600–610. ACM Press (2009)

    Google Scholar 

  8. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  9. Brands, S.A.: Rethinking public key infrastructures and digital certificates. MIT Press (c2000)

    Google Scholar 

  10. Camenisch, J., et al.: Specification of the identity mixer cryptographic library, Tech. rep. (2010)

    Google Scholar 

  11. Camenisch, J., Kohlweiss, M., Soriente, C.: Solving revocation with efficient update of anonymous credentials. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 454–471. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  12. Camenisch, J., Stadler, M.: Proof systems for general statements about discrete logarithms. Tech. rep. (1997)

    Google Scholar 

  13. Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 21–30. ACM, New York (2002)

    Google Scholar 

  14. Cramer, R.: Modular Design of Secure, yet Practical Cryptographic Protocols. Ph.D. thesis, University of Amsterdam (1996)

    Google Scholar 

  15. Cramer, R., Damgård, I., MacKenzie, P.: Efficient zero-knowledge proofs of knowledge without intractability assumptions. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 354–373. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  16. Danes, L.: Smart card integration in the pseudonym system idemix. Master’s thesis, University of Groningen (2007)

    Google Scholar 

  17. Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)

    Chapter  Google Scholar 

  18. Gallagher, P., Kerry, C.: Fips pub 186-4: Digital signature standard, dss (2013), http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

  19. Gosling, J., et al.: The java language specification, java se 7 edition (2013)

    Google Scholar 

  20. Hajny, J., Malina, L.: Unlinkable attribute-based credentials with practical revocation on smart-cards. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 62–76. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  21. Hajny, J., Malina, L., Martinasek, Z., Tethal, O.: Performance evaluation of primitives for privacy-enhancing cryptography on current smart-cards and smart-phones. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W.M. (eds.) DPM 2013 and SETOP 2013. LNCS, vol. 8247, pp. 17–33. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  22. Johnson, R., et al.: The spring framework - reference documentation, version 2.5.6 (2008)

    Google Scholar 

  23. Lapon, J., Kohlweiss, M., De Decker, B., Naessens, V.: Performance analysis of accumulator-based revocation mechanisms. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 289–301. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  24. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  25. Mostowski, W., Vullers, P.: Efficient U-prove implementation for anonymous credentials on smart cards. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds.) SecureComm 2011. LNICST, vol. 96, pp. 243–260. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  26. Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 308–318. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  27. Paquin, C.: U-prove cryptographic specification v1.1, Tech. rep. (2011)

    Google Scholar 

  28. Tews, H., Jacobs, B.: Performance issues of selective disclosure and blinded issuing protocols on java card. In: Markowitch, O., Bilas, A., Hoepman, J.-H., Mitchell, C.J., Quisquater, J.-J. (eds.) WISTP 2009. LNCS, vol. 5746, pp. 95–111. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cryptology Research Group, Brno University of Technology, Czech Republic

    Jan Hajny & Lukas Malina

  2. OKsystem, Czech Republic

    Ondrej Tethal

Authors
  1. Jan Hajny
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lukas Malina
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ondrej Tethal
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Network Security Research Institute, National Institute of Information and Communications Technology (NICT), 4-2-1 Nukui-Kitamachi, 184-8795, Koganei, Tokyo, Japan

    Maki Yoshida

  2. College of Information Science and Engineering, Ritsumeikan University, 1-1-1 Nojihigashi, 525-8577, Kusatsu, Shiga, Japan

    Koichi Mouri

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Hajny, J., Malina, L., Tethal, O. (2014). Privacy-Friendly Access Control Based on Personal Attributes. In: Yoshida, M., Mouri, K. (eds) Advances in Information and Computer Security. IWSEC 2014. Lecture Notes in Computer Science, vol 8639. Springer, Cham. https://doi.org/10.1007/978-3-319-09843-2_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-09843-2_1

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-09842-5

  • Online ISBN: 978-3-319-09843-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation