Access controls for oblivious and anonymous systems

The use of privacy-enhancing cryptographic protocols, such as anonymous credentials and oblivious transfer, could have a detrimental effect on the ability of providers to effectively implement access controls on their content. In this article, we propose a stateful anonymous credential system that allows the provider to implement nontrivial, real-world access controls on oblivious protocols conducted with anonymous users. Our system models the behavior of users as a state machine and embeds that state within an anonymous credential to restrict access to resources based on the state information. The use of state machine models of user behavior allows the provider to restrict the users' actions according to a wide variety of access control models without learning anything about the users' identities or actions. Our system is secure in the standard model under basic assumptions and, after an initial setup phase, each transaction requires only constant time. As a concrete example, we show how to implement the Brewer--Nash (Chinese Wall) and Bell-La Padula (Multilevel Security) access control models within our credential system. Furthermore, we combine our credential system with an adaptive oblivious transfer scheme to create a privacy-friendly oblivious database with strong access controls.

[1]  Kaoru Kurosawa,et al.  Oblivious keyword search , 2004, J. Complex..

[2]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[3]  Marc Fischlin,et al.  Security of Blind Signatures under Aborts , 2009, Public Key Cryptography.

[4]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[5]  Butler W. Lampson,et al.  Dynamic protection structures , 1899, AFIPS '69 (Fall).

[6]  Ivan Damgård,et al.  An Integer Commitment Scheme based on Groups with Hidden Order , 2001, IACR Cryptol. ePrint Arch..

[7]  Ian F. Blake,et al.  Strong Conditional Oblivious Transfer and Computing on Intervals , 2004, ASIACRYPT.

[8]  Moni Naor,et al.  Oblivious Transfer with Adaptive Queries , 1999, CRYPTO.

[9]  Xiaomin Liu,et al.  Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection , 2009, TCC.

[10]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[11]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[12]  Jan Camenisch,et al.  Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[13]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[14]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[15]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[16]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[17]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[18]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[19]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[20]  Jan Camenisch,et al.  Oblivious transfer with access control , 2009, IACR Cryptol. ePrint Arch..

[21]  Anna Lysyanskaya,et al.  Signature schemes and applications to cryptographic protocol design , 2002 .

[22]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[23]  Kazue Sako,et al.  k-Times Anonymous Authentication , 2009, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[24]  Ivan Damgård,et al.  Verifiable Encryption, Group Encryption, and Their Applications to Separable Group Signatures and Signature Sharing Schemes , 2000, ASIACRYPT.

[25]  Stefan Brands,et al.  Rapid Demonstration of Linear Relations Connected by Boolean Operators , 1997, EUROCRYPT.

[26]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[27]  Jan Camenisch,et al.  How to win the clonewars: efficient periodic n-times anonymous authentication , 2006, CCS '06.

[28]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[29]  Matthew Green,et al.  Blind Identity-Based Encryption and Simulatable Oblivious Transfer , 2007, ASIACRYPT.

[30]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[31]  Jan Camenisch,et al.  Balancing accountability and privacy using E-cash , 2006 .

[32]  Yiannis Tsiounis,et al.  Easy Come - Easy Go Divisible Cash , 1998, EUROCRYPT.

[33]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[34]  Abhi Shelat,et al.  Simulatable Adaptive Oblivious Transfer , 2007, EUROCRYPT.

[35]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[36]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[37]  Kazue Sako,et al.  k-Times Anonymous Authentication (Extended Abstract) , 2004, ASIACRYPT.

[38]  Rafail Ostrovsky,et al.  Conditional Oblivious Transfer and Timed-Release Encryption , 1999, EUROCRYPT.

[39]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[40]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[41]  Jan Camenisch,et al.  Balancing Accountability and Privacy Using E-Cash (Extended Abstract) , 2006, SCN.

[42]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[43]  Ivan Damgård,et al.  Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions , 2000, Public Key Cryptography.

[44]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[45]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[46]  Pascale Charpin,et al.  Special Issue on Coding and Cryptography , 2006, Discret. Appl. Math..

[47]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[48]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[49]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[50]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[51]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[52]  Jan Camenisch,et al.  Unlinkable Priced Oblivious Transfer with Rechargeable Wallets , 2010, Financial Cryptography.

[53]  Jan Camenisch,et al.  Separability and Efficiency for Generic Group Signature Schemes , 1999, CRYPTO.

[54]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).