A Privacy Preserving Access Control Scheme using Anonymous Identification for Ubiquitous Environments

Diep, Nguyen Ngoc; Lee, Sungyoung; Lee, Young-Koo; Lee, Hee Jo

doi:10.1109/rtcsa.2007.11

Cited by 6 publications

(10 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…4 propose that pseudonyms should be changed within a MIX zone , in order to hide the identity of a user belonging to a group of users with similar characteristics. In another work 9, it is suggested that user's sensitive (context) data are encrypted by the user and stored at server side to ensure context privacy.…”

Section: Related Workmentioning

confidence: 99%

“…Naturally, there is a tradeoff between user privacy and access control in PCEs 8, 9. From the user's point of view, a privacy adversary should not be able to: (a) trace the real identity of the user, (b) link different sessions between the user and the system, and (c) obtain context information (e.g., location, time and duration, and type of service).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SCN‐SI‐021 achieving privacy and access control in pervasive computing environments

Magkos

Kotzanikolaou

2011

Security Comm Networks

View full text Add to dashboard Cite

This paper focuses on the inherent trade-off between privacy and access control in pervasive computing environments (PCEs). On one hand, service providers require user authentication and authorization for the provision of a service, while at the same time end users require untraceability and unlinkability for their transactions. There are also cases where the anonymity of a specific credential must be revoked and a real identity be traced, in order to establish accountability. We analyze privacy and security requirements for PCEs and we show that existing privacy-preserving access control schemes do not fully satisfy these requirements. Then we propose two approaches towards privacy-preserving access control in PCEs. Our goal is twofold: (a) to enhance privacy by achieving untraceability and unlinkability even against malicious insiders and (b) to enhance security by achieving conditional traceability of user credentials, and if possible, non-repudiation of evidence concerning the user's participating in a transaction. Finally, we analyze and compare the proposed schemes against existing schemes.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

SCN‐SI‐021 achieving privacy and access control in pervasive computing environments

Magkos

Kotzanikolaou

2011

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…Recently, a number of security protocols for privacy-preserving access control in PCEs have been proposed [9,26,1,10,27,28]. A representative scheme of this category is the RL scheme [1], which was the first attempt to provide a secure communication model for privacy-preserving access control in PCEs.…”

Section: Related Workmentioning

confidence: 99%

“…In [27,28] the RL scheme is tweaked to increase performance while in [28], an impersonation attack against the RL scheme was described and addressed. Finally, the work in [10] where non-unique temporal IDs are issued by the access point to system users, achieves authentication and unlikability against back-end authorities, but fails to establish accountability and untraceability against front-end entities.…”

Section: Related Workmentioning

confidence: 99%

“…Clearly, there is an inherent tradeoff between privacy and access control in PCEs [9,10]. Indeed, from the point of view of a user, no one should be able to: (a) trace the real identity of the user, (b) link different sessions between the user and the system, (c) obtain context information (location, time and duration, type of service etc).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Enhancing Privacy-Preserving Access Control for Pervasive Computing Environments

Magkos

Kotzanikolaou

2010

Security and Privacy in Mobile Information and Communication Systems

View full text Add to dashboard Cite

Abstract. The exchange of user-related sensitive data within a Pervasive Computing Environment (PCE) raises security and privacy concerns. On one hand, service providers require user authentication and authorization prior to the provision of a service, while at the same time users require anonymity, i.e., untraceability and unlinkability for their transactions. In this paper we discuss privacy and security requirements for access control in PCEs and show why a recently proposed efficient scheme [1] fails to satisfy these requirements. Furthermore, we discuss a generic approach for achieving a desired level of privacy against malicious insiders, while balancing with competing demands for access control and accountability.

show abstract

Purpose-Based Privacy Preserving Access Control for Secure Service Provision and Composition

Amini

Osanloo

2019

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

A Privacy Preserving Access Control Scheme using Anonymous Identification for Ubiquitous Environments

Cited by 6 publications

References 5 publications

SCN‐SI‐021 achieving privacy and access control in pervasive computing environments

SCN‐SI‐021 achieving privacy and access control in pervasive computing environments

Enhancing Privacy-Preserving Access Control for Pervasive Computing Environments

Purpose-Based Privacy Preserving Access Control for Secure Service Provision and Composition

Contact Info

Product

Resources

About