Privacy-Preserving Enforcement of Spatially Aware RBAC

Michael S. Kirkpatrick; Gabriel Ghinita; Elisa Bertino

doi:10.1109/TDSC.2011.62

Publication
2012
Issue No. 5 - Sept.-Oct.
Abstract - Privacy-Preserving Enforcement of Spatially Aware RBAC

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael S. Kirkpatrick Articles by Gabriel Ghinita Articles by Elisa Bertino

Privacy-Preserving Enforcement of Spatially Aware RBAC

Sept.-Oct. 2012 (vol. 9 no. 5)

pp. 627-640

	ASCII Text	x
	Michael S. Kirkpatrick, Gabriel Ghinita, Elisa Bertino, "Privacy-Preserving Enforcement of Spatially Aware RBAC," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 5, pp. 627-640, Sept.-Oct., 2012.

	BibTex	x
	@article{ 10.1109/TDSC.2011.62, author = {Michael S. Kirkpatrick and Gabriel Ghinita and Elisa Bertino}, title = {Privacy-Preserving Enforcement of Spatially Aware RBAC}, journal ={IEEE Transactions on Dependable and Secure Computing}, volume = {9}, number = {5}, issn = {1545-5971}, year = {2012}, pages = {627-640}, doi = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2011.62}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Dependable and Secure Computing TI - Privacy-Preserving Enforcement of Spatially Aware RBAC IS - 5 SN - 1545-5971 SP627 EP640 EPD - 627-640 A1 - Michael S. Kirkpatrick, A1 - Gabriel Ghinita, A1 - Elisa Bertino, PY - 2012 KW - Access control KW - Protocols KW - Encryption KW - Servers KW - Privacy KW - applied cryptography. KW - RBAC KW - privacy KW - security KW - access control VL - 9 JA - IEEE Transactions on Dependable and Secure Computing ER -

Michael S. Kirkpatrick, James Madison University, Harrisonburg

Gabriel Ghinita, University of Massachusetts, Boston

Elisa Bertino, Purdue University, West Lafayette

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2011.62

Several models for incorporating spatial constraints into role-based access control (RBAC) have been proposed, and researchers are now focusing on the challenge of ensuring such policies are enforced correctly. However, existing approaches have a major shortcoming, as they assume the server is trustworthy and require complete disclosure of sensitive location information by the user. In this work, we propose a novel framework and a set of protocols to solve this problem. Specifically, in our scheme, a user provides a service provider with role and location tokens along with a request. The service provider consults with a role authority and a location authority to verify the tokens and evaluate the policy. However, none of the servers learn the requesting user's identity, role, or location. In this paper, we define the protocols and the policy enforcement scheme, and present a formal proof of a number of security properties.

[1] M.L. Daimani, E. Bertino, B. Catania, and P. Perlasca, "GEO-RBAC: A Spatially Aware RBAC," ACM Trans. Information and System Security, vol. 10, pp. 1-34, 2007.
[2] F. Hansen and V. Oleschuk, "SRBAC: A Spatial Role-Based Access Control Model for Mobile Systems," Proc. Eighth Nordic Workshop Secure IT Systems (NORDSEC), pp. 129-141, Oct. 2003.
[3] S. Aich, S. Sural, and A.K. Majumdar, "STARBAC: Spatiotemporal Role Based Access Control," Proc. OTM Conf. the Move to Meaningful Internet Systems, 2007.
[4] I. Ray, M. Kumar, and L. Yu, "LRBAC: A Location-Aware Role-Based Access Control Model," Proc. Int'l Conf. Information Systems Security (ICISS), pp. 147-161, 2006.
[5] G. Ghinita, P. Kalnis, A. Khoshgozaran, C. Shahabi, and K.-L. Tan, "Private Queries in Location Based Services: Anonymizers Are Not Necessary," Proc. ACM SIGMOD Int'l Conf. Management of Data, pp. 121-132, 2008.
[6] J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-Policy Attribute-Based Encryption," Proc. IEEE Symp. Security and Privacy, pp. 321-334, 2007.
[7] A. Sahai and B. Waters, "Fuzzy Identity Based Encryption," Proc. Workshop the Theory and Application of Cryptographic Techniques (EUROCRYPT '05), vol. 3494, pp. 457-473, 2005.
[8] C.S. Jensen, H. Lu, and B. Yang, "Graph Model Based Indoor Tracking," Proc. 10th Int'l Conf. Mobile Data Management (MDM), pp. 122-131, 2009.
[9] C.S. Jensen, H. Lu, and B. Yang, "Indoor—A New Data Management Frontier," IEEE Data Eng. Bull., vol. 33, no. 2, pp. 12-17, June 2010.
[10] M.O. Rabin, "How to Exchange Secrets with Oblivious Transfer," Technical Report TR-81, Aiken Computation Lab, Harvard Univ., 1981.
[11] B. Chor, E. Kushilevitz, O. Goldreich, and M. Sudan, "Private Information Retrieval," J. ACM, vol. 45, pp. 965-981, Nov. 1998.
[12] J. Katz and Y. Lindell, Introduction to Modern Cryptography. Chapman & Hall/CRC, 2008.
[13] J. Camenisch, M. Dubovitskaya, and G. Neven, "Oblivious Transfer with Access Control," Proc. 16th ACM Conf. Computer and Comm. Security (CCS), pp. 131-140, 2009.
[14] T.P. Pedersen, "Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing," Proc. 11th Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO), pp. 129-140, 1992.
[15] D. Dolev and A. Yao, "On the Security of Public-Key Protocols," IEEE Trans. Information Theory, vol. IT-29, no. 2, pp. 198-208, Mar. 1983.
[16] A. Datta, A. Derek, J.C. Mitchell, and A. Roy, "Protocol Composition Logic (PCL)," Electronic Notes Theoretical Computer Science, vol. 172, pp. 311-358, Apr. 2007.
[17] C. Ardagna, M. Cremonini, S. De Capitani di Vimercati, and P. Samarati, "Access Control in Location-Based Services," Privacy in Location-Based Applications, C. Bettini, S. Jajodia, P. Samarati, and X. Wang, eds., pp. 106-126, Springer, 2009.
[18] N.B. Priyantha, A. Chakraborty, and H. Balakrishnan, "The Cricket Location-Support System," Proc. MobiCom, pp. 32-43, 2000.
[19] M.S. Kirkpatrick and E. Bertino, "Enforcing Spatial Constraints for Mobile Rbac Systems," Proc. 15th ACM Symp. Access Control Models and Technologies (SACMAT), pp. 99-108, 2010.
[20] L. Bauer, L.F. Cranor, M.K. Reiter, and K. Vaniea, "Lessons Learned from the Deployment of a Smartphone-Based Access-Control System," Proc. Third Symp. Usable Privacy and Security (SOUPS), 2007.
[21] N. Sastry, U. Shankar, and D. Wagner, "Secure Verification of Location Claims," Proc. Second ACM Workshop Wireless Security (WiSe), pp. 1-10, 2003.
[22] P. Bahl and V.N. Padmanabhan, "RADAR: An In-building RF-based User Location and Tracking System," Proc. IEEE INFOCOM, pp. 775-784, 2000.
[23] M.J. Covington, W. Long, S. Srinivasan, A.K. Dev, M. Ahamad, and G.D. Abowd, "Securing Context-Aware Applications Using Environment Roles," Proc. Sixth ACM Symp. Access Control Models and Technologies (SACMAT), pp. 10-20, 2001.
[24] C.A. Ardagna, M. Cremonini, E. Damiani, S.D.C. di Vimercati, and P. Samarati, "Supporting Location-Based Conditions in Access Control Policies," Proc. First ACM Symp. Information, Computer and Comm. Security (ASIACCS), 2006.
[25] B. Yang, H. Lu, and C.S. Jensen, "Probabilistic Threshold k Nearest Neighbor Queries over Moving Objects in Symbolic Indoor Space," Proc. 13th Int'l Conf. Extending Database Technology (EDBT), pp. 335-346, 2010.
[26] M. Naor and B. Pinkas, "Oblivious Transfer and Polynomial Evaluation," Proc. 31st Ann. ACM Symp. Theory of Computing (STOC), pp. 245-254, 1999.
[27] B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, "Private Information Retrieval," Proc. 36th Ann. Symp. Foundations of Computer Science (FOCS), pp. 41-50, 1995.
[28] A. Beimel, Y. Ishai, E. Kushilevitz, and Jean-Fran, "Breaking the Barrier for Information-Theoretic Private Information Retrieval," Proc. 43rd Ann. Symp. Foundations of Computer Science (FOCS), pp. 261-270, 2002.
[29] S. Yekhanin, "Locally Decodable Codes and Private Information Retrieval Schemes," PhD dissertation, MIT, 2007.
[30] E. Kushilevitz and R. Ostrovsky, "Replication Is Not Needed: Single Database, Computationally-Private Information Retrieval," Proc. 38th Ann. Symp. Foundations of Computer Science (FOCS), pp. 364-373, 1997.
[31] C. Cachin, S. Micali, and M. Stadler, "Computationally Private Information Retrieval with Polylogarithmic Communication," Proc. 17th Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '99), pp. 402-414, 1999.
[32] H. Lipmaa, "An Oblivious Transfer Protocol with Log-squared Total Communication," Proc. Information Security Conf. (ISC), pp. 314-328, 2005.
[33] Y.-C. Chan, "Single Database Private Information Retrieval with Logarithmic Communication," Proc. Australasian Conf. Information Security and Privacy (ACISP), pp. 50-61, 2004.
[34] P. Paillier, "Public-Key Cryptosystems Based on Composite Degree Residuosity Classes," Proc. 17th Int'l Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT '99), pp. 223-238, 1999.
[35] C. Gentry and Z. Ramzan, "Single-Database Private Information Retrieval with Constant Communication Rate," Proc. Int'l Colloquium Automata, Languages and Programming (ICALP), pp. 803-815, 2005.

Index Terms:

Access control,Protocols,Encryption,Servers,Privacy,applied cryptography.,RBAC,privacy,security,access control

Citation:

Michael S. Kirkpatrick, Gabriel Ghinita, Elisa Bertino, "Privacy-Preserving Enforcement of Spatially Aware RBAC," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 5, pp. 627-640, Sept.-Oct. 2012, doi:10.1109/TDSC.2011.62

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.