Issue No. 04 - October-December (2006 vol. 3)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2006.54
Jiangtao Li , IEEE
Ninghui Li , IEEE
We propose Oblivious Attribute Certificates (OACerts), an attribute certificate scheme in which a certificate holder can select which attributes to use and how to use them. In particular, a user can use attribute values stored in an OACert obliviously, i.e., the user obtains a service if and only if the attribute values satisfy the policy of the service provider, yet the service provider learns nothing about these attribute values. This way, the service provider's access control policy is enforced in an oblivious fashion. To enable the oblivious access control using OACerts, we propose a new cryptographic primitive called Oblivious Commitment-Based Envelope (OCBE). In an OCBE scheme, Bob has an attribute value committed to Alice and Alice runs a protocol with Bob to send an envelope (encrypted message) to Bob such that: 1) Bob can open the envelope if and only if his committed attribute value satisfies a predicate chosen by Alice and 2) Alice learns nothing about Bob's attribute value. We develop provably secure and efficient OCBE protocols for the Pedersen commitment scheme and comparison predicates as well as logical combinations of them.
Security and privacy protection, access controls, privacy, cryptographic controls.
N. Li and J. Li, "OACerts: Oblivious Attribute Certificates," in IEEE Transactions on Dependable and Secure Computing, vol. 3, no. , pp. 340-352, 2006.