Exploiting Hierarchical Identity-Based Encryption for Access Control to Pervasive Computing Information

Access control to confidential information in pervasive computing environments is challenging for multiple reasons: First, a client requesting access might not know which access rights are necessary in order to be granted access to the requested information. Second, access control must support flexible access rights that include context-sensitive constraints. Third, pervasive computing environments consist of a multitude of information services, which makes simple management of access rights essential. We discuss the shortcomings of existing access-control schemes that rely on either clients presenting a proof of access to a service or services encrypting information before handing the information over to a client. We propose a proofbased access-control architecture that employs hierarchical identity-based encryption in order to enable services to inform clients of the required proof of access in a covert way, without leaking information. Furthermore, we introduce an encryption-based access-control architecture that exploits hierarchical identity-based encryption in order to deal with multiple, hierarchical constraints on access rights. We present an example implementation of our proposed architectures and discuss the performance of this implementation.

[1]  Hilarie K. Orman,et al.  Hidden Credentials , 2003, WPES '03.

[2]  Kent E. Seamons,et al.  Concealing complex policies with hidden credentials , 2004, CCS '04.

[3]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[4]  David Garlan,et al.  Project Aura: Toward Distraction-Free Pervasive Computing , 2002, IEEE Pervasive Comput..

[5]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[6]  Fabien L. Gandon,et al.  A Semantic E-Wallet to Reconcile Privacy and Context Awareness , 2003, SEMWEB.

[7]  Lujo Bauer,et al.  A General and Flexible Access-Control System for the Web , 2002, USENIX Security Symposium.

[8]  Harry Chen,et al.  Semantic Web in the context broker architecture , 2004, Second IEEE Annual Conference on Pervasive Computing and Communications, 2004. Proceedings of the.

[9]  Indrajit Ray,et al.  A cryptographic solution to implement access control in a hierarchy and more , 2002, SACMAT '02.

[10]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[11]  Marianne Winslett,et al.  A unified scheme for resource protection in automated trust negotiation , 2003, 2003 Symposium on Security and Privacy, 2003..

[12]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[13]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[14]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[15]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[16]  Jennifer Seberry,et al.  New Solutions to the Problem of Access Control in a Hierarchy , 1993 .

[17]  Jon Howell,et al.  End-to-end authorization , 2000, OSDI.

[18]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[19]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..

[20]  Diana K. Smetters,et al.  Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC , 2003, USENIX Security Symposium.

[21]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[22]  Nigel P. Smart Access Control Using Pairing Based Cryptography , 2003, CT-RSA.

[23]  Bob Briscoe,et al.  MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences , 1999, Networked Group Communication.

[24]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[25]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[26]  Yevgeniy Dodis,et al.  ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption , 2004, CCS '04.