{"title":"Anonymous yet accountable access control","authors":"M. Backes, J. Camenisch, Dieter Sommer","doi":"10.1145/1102199.1102208","DOIUrl":null,"url":null,"abstract":"This paper introduces a novel approach for augmenting attribute-based access control systems in a way that allows them to offer fully anonymous access to resources while at the same time achieving strong accountability guarantees. We assume that users hold attribute certificates and we show how to exploit cryptographic zero-knowledge proofs to allow requesting users to prove that they hold suitable certificates for accessing a resource. In contrast to the commonly taken approach of sending all possibly relevant certificates to the access control system, our approach hence does not release any information to the access control system except for the presence of a set of certificates satisfying the access condition. This constitutes the minimal amount of information that has to be released for coming up with a correct access decision, and our approach is the first to achieve this. Additionally given a trusted third party for identity escrow, we furthermore show that a concise application of zero-knowledge proofs offers the access control system the capability to hold a requesting user accountable for her actions under specific, well-defined conditions. All the employed cryptographic techniques are highly efficient, and an architecture for exploiting our approach in practical scenarios is already in place.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"18 1","pages":"40-46"},"PeriodicalIF":0.0000,"publicationDate":"2005-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"56","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1102199.1102208","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 56
Abstract
This paper introduces a novel approach for augmenting attribute-based access control systems in a way that allows them to offer fully anonymous access to resources while at the same time achieving strong accountability guarantees. We assume that users hold attribute certificates and we show how to exploit cryptographic zero-knowledge proofs to allow requesting users to prove that they hold suitable certificates for accessing a resource. In contrast to the commonly taken approach of sending all possibly relevant certificates to the access control system, our approach hence does not release any information to the access control system except for the presence of a set of certificates satisfying the access condition. This constitutes the minimal amount of information that has to be released for coming up with a correct access decision, and our approach is the first to achieve this. Additionally given a trusted third party for identity escrow, we furthermore show that a concise application of zero-knowledge proofs offers the access control system the capability to hold a requesting user accountable for her actions under specific, well-defined conditions. All the employed cryptographic techniques are highly efficient, and an architecture for exploiting our approach in practical scenarios is already in place.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
