This Article 
 Bibliographic References 
 Add to: 
Privacy-Preserving Enforcement of Spatially Aware RBAC
Sept.-Oct. 2012 (vol. 9 no. 5)
pp. 627-640
Michael S. Kirkpatrick, James Madison University, Harrisonburg
Gabriel Ghinita, University of Massachusetts, Boston
Elisa Bertino, Purdue University, West Lafayette
Several models for incorporating spatial constraints into role-based access control (RBAC) have been proposed, and researchers are now focusing on the challenge of ensuring such policies are enforced correctly. However, existing approaches have a major shortcoming, as they assume the server is trustworthy and require complete disclosure of sensitive location information by the user. In this work, we propose a novel framework and a set of protocols to solve this problem. Specifically, in our scheme, a user provides a service provider with role and location tokens along with a request. The service provider consults with a role authority and a location authority to verify the tokens and evaluate the policy. However, none of the servers learn the requesting user's identity, role, or location. In this paper, we define the protocols and the policy enforcement scheme, and present a formal proof of a number of security properties.

[1] M.L. Daimani, E. Bertino, B. Catania, and P. Perlasca, "GEO-RBAC: A Spatially Aware RBAC," ACM Trans. Information and System Security, vol. 10, pp. 1-34, 2007.
[2] F. Hansen and V. Oleschuk, "SRBAC: A Spatial Role-Based Access Control Model for Mobile Systems," Proc. Eighth Nordic Workshop Secure IT Systems (NORDSEC), pp. 129-141, Oct. 2003.
[3] S. Aich, S. Sural, and A.K. Majumdar, "STARBAC: Spatiotemporal Role Based Access Control," Proc. OTM Conf. the Move to Meaningful Internet Systems, 2007.
[4] I. Ray, M. Kumar, and L. Yu, "LRBAC: A Location-Aware Role-Based Access Control Model," Proc. Int'l Conf. Information Systems Security (ICISS), pp. 147-161, 2006.
[5] G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan, "Private Queries in Location Based Services: Anonymizers Are Not Necessary," Proc. ACM SIGMOD Int'l Conf. Management of Data, pp. 121-132, 2008.
[6] J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-Policy Attribute-Based Encryption," Proc. IEEE Symp. Security and Privacy, pp. 321-334, 2007.
[7] A. Sahai and B. Waters, "Fuzzy Identity Based Encryption," Proc. Workshop the Theory and Application of Cryptographic Techniques (EUROCRYPT '05), vol. 3494, pp. 457-473, 2005.
[8] C.S. Jensen, H. Lu, and B. Yang, "Graph Model Based Indoor Tracking," Proc. 10th Int'l Conf. Mobile Data Management (MDM), pp. 122-131, 2009.
[9] C.S. Jensen, H. Lu, and B. Yang, "Indoor—A New Data Management Frontier," IEEE Data Eng. Bull., vol. 33, no. 2, pp. 12-17, June 2010.
[10] M.O. Rabin, "How to Exchange Secrets with Oblivious Transfer," Technical Report TR-81, Aiken Computation Lab, Harvard Univ., 1981.
[11] B. Chor, E. Kushilevitz, O. Goldreich, and M. Sudan, "Private Information Retrieval," J. ACM, vol. 45, pp. 965-981, Nov. 1998.
[12] J. Katz and Y. Lindell, Introduction to Modern Cryptography. Chapman & Hall/CRC, 2008.
[13] J. Camenisch, M. Dubovitskaya, and G. Neven, "Oblivious Transfer with Access Control," Proc. 16th ACM Conf. Computer and Comm. Security (CCS), pp. 131-140, 2009.
[14] T.P. Pedersen, "Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing," Proc. 11th Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO), pp. 129-140, 1992.
[15] D. Dolev and A. Yao, "On the Security of Public-Key Protocols," IEEE Trans. Information Theory, vol. IT-29, no. 2, pp. 198-208, Mar. 1983.
[16] A. Datta, A. Derek, J.C. Mitchell, and A. Roy, "Protocol Composition Logic (PCL)," Electronic Notes Theoretical Computer Science, vol. 172, pp. 311-358, Apr. 2007.
[17] C. Ardagna, M. Cremonini, S. De Capitani di Vimercati, and P. Samarati, "Access Control in Location-Based Services," Privacy in Location-Based Applications, C. Bettini, S. Jajodia, P. Samarati, and X. Wang, eds., pp. 106-126, Springer, 2009.
[18] N.B. Priyantha, A. Chakraborty, and H. Balakrishnan, "The Cricket Location-Support System," Proc. MobiCom, pp. 32-43, 2000.
[19] M.S. Kirkpatrick and E. Bertino, "Enforcing Spatial Constraints for Mobile Rbac Systems," Proc. 15th ACM Symp. Access Control Models and Technologies (SACMAT), pp. 99-108, 2010.
[20] L. Bauer, L.F. Cranor, M.K. Reiter, and K. Vaniea, "Lessons Learned from the Deployment of a Smartphone-Based Access-Control System," Proc. Third Symp. Usable Privacy and Security (SOUPS), 2007.
[21] N. Sastry, U. Shankar, and D. Wagner, "Secure Verification of Location Claims," Proc. Second ACM Workshop Wireless Security (WiSe), pp. 1-10, 2003.
[22] P. Bahl and V.N. Padmanabhan, "RADAR: An In-building RF-based User Location and Tracking System," Proc. IEEE INFOCOM, pp. 775-784, 2000.
[23] M.J. Covington, W. Long, S. Srinivasan, A.K. Dev, M. Ahamad, and G.D. Abowd, "Securing Context-Aware Applications Using Environment Roles," Proc. Sixth ACM Symp. Access Control Models and Technologies (SACMAT), pp. 10-20, 2001.
[24] C.A. Ardagna, M. Cremonini, E. Damiani, S.D.C. di Vimercati, and P. Samarati, "Supporting Location-Based Conditions in Access Control Policies," Proc. First ACM Symp. Information, Computer and Comm. Security (ASIACCS), 2006.
[25] B. Yang, H. Lu, and C.S. Jensen, "Probabilistic Threshold k Nearest Neighbor Queries over Moving Objects in Symbolic Indoor Space," Proc. 13th Int'l Conf. Extending Database Technology (EDBT), pp. 335-346, 2010.
[26] M. Naor and B. Pinkas, "Oblivious Transfer and Polynomial Evaluation," Proc. 31st Ann. ACM Symp. Theory of Computing (STOC), pp. 245-254, 1999.
[27] B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, "Private Information Retrieval," Proc. 36th Ann. Symp. Foundations of Computer Science (FOCS), pp. 41-50, 1995.
[28] A. Beimel, Y. Ishai, E. Kushilevitz, and Jean-Fran, "Breaking the Barrier for Information-Theoretic Private Information Retrieval," Proc. 43rd Ann. Symp. Foundations of Computer Science (FOCS), pp. 261-270, 2002.
[29] S. Yekhanin, "Locally Decodable Codes and Private Information Retrieval Schemes," PhD dissertation, MIT, 2007.
[30] E. Kushilevitz and R. Ostrovsky, "Replication Is Not Needed: Single Database, Computationally-Private Information Retrieval," Proc. 38th Ann. Symp. Foundations of Computer Science (FOCS), pp. 364-373, 1997.
[31] C. Cachin, S. Micali, and M. Stadler, "Computationally Private Information Retrieval with Polylogarithmic Communication," Proc. 17th Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '99), pp. 402-414, 1999.
[32] H. Lipmaa, "An Oblivious Transfer Protocol with Log-squared Total Communication," Proc. Information Security Conf. (ISC), pp. 314-328, 2005.
[33] Y.-C. Chan, "Single Database Private Information Retrieval with Logarithmic Communication," Proc. Australasian Conf. Information Security and Privacy (ACISP), pp. 50-61, 2004.
[34] P. Paillier, "Public-Key Cryptosystems Based on Composite Degree Residuosity Classes," Proc. 17th Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '99), pp. 223-238, 1999.
[35] C. Gentry and Z. Ramzan, "Single-Database Private Information Retrieval with Constant Communication Rate," Proc. Int'l Colloquium Automata, Languages and Programming (ICALP), pp. 803-815, 2005.

Index Terms:
Access control,Protocols,Encryption,Servers,Privacy,applied cryptography.,RBAC,privacy,security,access control
Michael S. Kirkpatrick, Gabriel Ghinita, Elisa Bertino, "Privacy-Preserving Enforcement of Spatially Aware RBAC," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 5, pp. 627-640, Sept.-Oct. 2012, doi:10.1109/TDSC.2011.62
Usage of this product signifies your acceptance of the Terms of Use.