This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Attribute-Based Access Control with Hidden Policies and Hidden Credentials
October 2006 (vol. 55 no. 10)
pp. 1259-1270
In an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is granted if Alice's credentials satisfy Bob's access policy. The literature contains many scenarios in which it is desirable to carry out such trust negotiations in a privacy-preserving manner, i.e., so as minimize the disclosure of credentials and/or of access policies. Elegant solutions were proposed for achieving various degrees of privacy-preservation through minimal disclosure. In this paper, we present protocols that protect both sensitive credentials and sensitive policies. That is, Alice gets the resource only if she satisfies the policy, Bob does not learn anything about Alice's credentials (not even whether Alice got access), and Alice learns neither Bob's policy structure nor which credentials caused her to gain access. Our protocols are efficient in terms of communication and in rounds of interaction.

[1] D. Balfanz, G. Durfee, N. Shankar, D. Smetters, J. Staddon, and H.-C. Wong, “Secret Handshakes from Pairing-Based Key Agreements,” Proc. IEEE Symp. Security and Privacy, pp. 180-196, May 2003.
[2] M. Bellare and S. Micali, “Non-Interactive Oblivious Transfer and Applications,” Advances in Cryptology— CRYPTO 1989, pp. 547-557, 1989.
[3] M. Blaze, J. Feigenbaum, and J. Lacy, “Decentralized Trust Management,” Proc. IEEE Symp. Security and Privacy, pp. 164-173, May 1996.
[4] P. Bonatti and P. Samarati, “Regulating Service Access and Information Release on the Web,” Proc. Seventh ACM Conf. Computer and Comm. Security, pp. 134-143, Nov. 2000.
[5] D. Boneh and M. Franklin, “Identity-Based Encryption from the Weil Pairing,” Advances in Cryptology— Proc. CRYPTO 2001, pp. 213-229, 2001.
[6] R. Bradshaw, J. Holt, and K. Seamons, “Concealing Complex Policies with Hidden Credentials,” Proc. 11th ACM Conf. Computer and Comm. Security, pp. 146-157, Oct. 2004.
[7] R. Canetti, “Security and Composition of Multiparty Cryptographic Protocols,” J. Cryptology, vol. 13, no. 1, pp. 143-202, 2000.
[8] R. Canetti, Y. Lindell, R. Ostrovsky, and A. Sahai, “Universally Composable Two-Party and Multi-Party Secure Computation,” Proc. 24th ACM Symp. Theory of Computing, pp. 494-503, 2002.
[9] C. Cocks, “An Identity Based Encryption Scheme Based on Quadratic Residues,” Proc. Eighth IMA Int'l Conf. Cryptography and Coding, pp. 360-363. Dec. 2001.
[10] J. Daemen and V. Jijmen, The Design of Rijndael: AES— The Advanced Encryption Standard. Springer, 2002.
[11] I. Damgård and M. Jurik, “A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System,” Proc. Fourth Int'l Workshop Practice and Theory in Public Key Cryptosystems, pp. 119-136, 2001.
[12] C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen, SPKI Certificate Theory. IETF RFC 2693, Sept. 1999.
[13] S. Even, O. Goldreich, and A. Lempel, “A Randomized Protocol for Signing Contracts,” Comm. ACM, vol. 28, no. 6, pp. 637-647, 1985.
[14] M. Freedman, K. Nissim, B. Pinkas, “Efficient Private Matching and Set Intersection,” Advances in Cryptology— Proc. EUROCRYPT 2004, pp. 1-19, May 2004.
[15] O. Goldreich, “Cryptography and Cryptographic Protocols,” Distributed Computing, vol. 16, nos. 2-3, pp. 177-199, 2003.
[16] O. Goldreich, Foundations of Cryptography: Volume II Basic Application. Cambridge Univ. Press, 2004.
[17] O. Goldreich, S. Micali, and A. Wigderson, “How to Play Any Mental Game or a Completeness Theorem for Protocols with Honest Majority,” Proc. 19th ACM Symp. Theory of Computing, pp. 218-229, May 1986.
[18] J.E. Holt, R.W. Bradshaw, K.E. Seamons, and H. Orman, “Hidden Credentials,” Proc. Second ACM Workshop Privacy in the Electronic Soc., pp. 1-8, Oct. 2003.
[19] J. Katz and R. Ostrovsky, “Round-Optimal Secure Two-Party Computation,” Advances in Cryptology— Proc. CRYPTO 2004, pp. 335-354, 2004.
[20] N. Li, W. Du, and D. Boneh, “Oblivious Signature-Based Envelope,” Proc. 22nd ACM Symp. Principles of Distributed Computing, pp. 182-189, July 2003.
[21] N. Li, J.C. Mitchell, and W.H. Winsborough, “Design of a Role-Based Trust Management Framework,” Proc. IEEE Symp. Security and Privacy, pp. 114-130, May 2002.
[22] N. Li, W.H. Winsborough, and J.C. Mitchell, “Distributed Credential Chain Discovery in Trust Management,” J. Computer Security, vol. 11, no. 1, pp. 35-86, Feb. 2003.
[23] D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella, “Fairplay— A Secure Two-Party Computation System,” Proc. Usenix Security, pp. 287-302, Aug. 2004.
[24] M. Naor and B. Pinkas, “Efficient Oblivious Transfer Protocols,” Proc. SIAM Symp. Discrete Algorithms, pp. 448-457, Jan. 2001.
[25] T. Okamoto, S. Uchiyama, and E. Fujisaki, Epoc: Efficient Probabilistic Public-Key Encryption Submission to IEEE p1363a., 1998.
[26] P. Paillier, “Public-Key Cryptosystems Based on Composite Degree Residuosity Classes,” Advances in Cryptology— Proc. EUROCRYPT 1999, pp. 223-238, 1999.
[27] R.L. Rivest and B. Lampson, SDSI— A Simple Distributed Security Infrastructure, Oct. 1996, http://theory.lcs.mit.edu/~rivestsdsi11.html .
[28] K.E. Seamons, M. Winslett, and T. Yu, “Limiting the Disclosure of Access Control Policies During Automated Trust Negotiation,” Proc. Symp. Network and Distributed System Security, Feb. 2001.
[29] A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” Advances in Cryptology— Proc. CRYPTO 1984, pp. 47-53, 1984.
[30] L. Valiant, “Universal Circuits (Preliminary Report),” Proc. Eighth ACM Symp. Theory of Computing, pp. 196-203, 1976.
[31] W.H. Winsborough and N. Li, “Towards Practical Automated Trust Negotiation,” Proc. Third Int'l Workshop Policies for Distributed Systems and Networks, pp. 92-103, June 2002.
[32] W.H. Winsborough and N. Li, “Safety in Automated Trust Negotiation,” Proc. IEEE Symp. Security and Privacy, pp. 147-160, May 2004.
[33] W.H. Winsborough, K.E. Seamons, and V.E. Jones, “Automated Trust Negotiation,” Proc. DARPA Information Survivability Conf. and Exposition, vol. I, pp. 88-102, Jan. 2000.
[34] M. Winslett, T. Yu, K.E. Seamons, A. Hess, J. Jacobson, R. Jarvis, B. Smith, and L. Yu, “Negotiating Trust on the Web,” IEEE Internet Computing, vol. 6, no. 6, pp. 30-37, Nov. 2002.
[35] A. Yao, “How to Generate and Exchange Secrets,” Proc. 27th IEEE Symp. Foundations of Computer Science, pp. 162-167, 1986.
[36] A.C. Yao, “How to Generate and Exchange Secrets,” Proc. 27th IEEE Symp. Foundations of Computer Science, pp. 162-167, 1986.
[37] T. Yu and M. Winslett, “A Unified Scheme for Resource Protection in Automated Trust Negotiation,” Proc. IEEE Symp. Security and Privacy, pp. 110-122, May 2003.
[38] T. Yu, M. Winslett, and K.E. Seamons, “Interoperable Strategies in Automated Trust Negotiation,” Proc. Eighth ACM Conf. Computer and Comm. Security, pp. 146-155, Nov. 2001.

Index Terms:
Electronic commerce-security, management of computing and information systems, security and protection, authentication, access control, trust negotiation, hidden credentials, privacy.
Citation:
Keith Frikken, Mikhail Atallah, Jiangtao Li, "Attribute-Based Access Control with Hidden Policies and Hidden Credentials," IEEE Transactions on Computers, vol. 55, no. 10, pp. 1259-1270, Oct. 2006, doi:10.1109/TC.2006.158
Usage of this product signifies your acceptance of the Terms of Use.