Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project

Journal of Computer Security

Volumn 18, Issue 1, 2010, Pages 123-160

  Ardagna, Claudio A ^a   Camenisch, Jan ^b   Kohlweiss, Markulf ^c   Leenes, Ronald ^d   Neven, Gregory ^b   Priem, Bart ^d   Samarati, Pierangela ^a   Sommer, Dieter ^b   Verdicchio, Mario ^b  

^a UNIVERSITY OF MILAN   (Italy)

^b IBM RESEARCH ZURICH   (Switzerland)

^c UNIVERSITY OF LEUVEN   (Belgium)

^d TILBURG UNIVERSITY   (Netherlands)

Author keywords

Access control; Anonymous credentials; Data handling; Identity management; Privacy policies

Indexed keywords

ANONYMOUS CREDENTIAL; ANONYMOUS CREDENTIALS; ELECTRONIC MEDIA; IDENTITY MANAGEMENT; IDENTITY MANAGEMENT SYSTEMS; INFORMATION SOCIETY; KEY ELEMENTS; PERSONAL INFORMATION; POLICY LANGUAGE; PRIME PROJECTS; PRIVACY POLICIES; PRIVACY-ENHANCING TECHNOLOGIES;

ACCESS CONTROL; DATA HANDLING; INFORMATION TECHNOLOGY; PROJECT MANAGEMENT; QUERY LANGUAGES; SECURITY SYSTEMS;

DATA PRIVACY;

EID: 71849091813     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2010-0367     Document Type: Article

References (77)

1. C.A. Ardagna, M. Cremonini, E. Damiani, S. De Capitani di Vimercati and P. Samarati, Supporting location-based conditions in access control policies, in: Proc. of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'06), Taipei, Taiwan, March 2006, pp. 212-222.
2. C.A. Ardagna, M. Cremonini, S. De Capitani di Vimercati and P. Samarati, A privacy-aware access control system, Journal of Computer Security (JCS) 16(4) (2008), 369-392.
3. C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati and P. Samarati, Towards privacy-enhanced authorization policies and languages, in: Proc. of the 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Storrs, CA, USA, August 2005, pp. 16-27.
4. G.-J. Ahn and J. Lam, Managing privacy p in federated identity management, in: Proc. of the ACMWorkshop on Digital Identity Management, Fairfax, VA, USA, November 2005, pp. 28-36.
5. P. Ashley, S. Hada, G. Karjoth, C. Powers and M. Schunter, Enterprise privacy authorization language (EPAL 1.1), Technical report, IBM Research, 2003; http://www.zurich.ibm.com/security/ enterprise-privacy/epal.
6. P. Ashley, S. Hada, G. Karjoth and M. Schunter, E-P3P privacy policies and privacy authorization, in: Proc. of the ACM workshop on Privacy in the Electronic Society (WPES 2002),Washington, DC, USA, November 2002, pp. 103-109.
7. N. Asokan, V. Shoup and M. Waidner, Optimistic fair exchange of digital signatures, IEEE Journal of Selected Areas in Communications 18(4) (2000), 591-610.
8. M. Backes, J. Camenisch and D. Sommer, Anonymous yet accountable access control, in: Proc. of the 2005 ACM Workshop on Privacy in the Electronic Society, Alexandria, VA, USA, November 2005, pp. 40-46.
9. O. Berthold, H. Federrath and S. Köpsell, Web MIXes: A system for anonymous and unobservable Internet access, in: Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, H. Federrath, ed., Lecture Notes in Computer Science, vol.2009, Springer, 2000, pp. 115-129.
10. C. Bettini, S. Jajodia, X. Sean Wang and D. Wijesekera, Provisions and obligations in policy management and security applications, in: Proc. of the 28th VLDB Conference, Hong Kong, China, August 2002, pp. 502-513.
11. J.-F. Blanchette and D.G. Johnson, Data retention and the panoptic society: The social benefits of forgetfulness, The Information Society 18 (2002), 33-45.
12. P.A. Bonatti and P. Samarati, A unified framework for regulating access and information release on the web, Journal of Computer Security 10(3) (2002), 241-272.
13. S. Brands, Restrictive blinding of secret-key certificates, Technical Report CSR9509, CWI Amsterdam, 1995.
14. S. Brands, Rethinking public key infrastructure and digital certificates - building in privacy, PhD thesis, Technical University Eindhoven, 1999.
15. E.F. Brickell, J. Camenisch and L. Chen, Direct anonymous attestation, in: 11th ACM Conference on Computer and Communications Security, CCS 2004, ACM, 2004, pp. 132-145.
16. M. Casassa Mont and F. Beato, On parametric obligation policies: Enabling privacy-aware information lifecycle management in enterprises, in: Proc. of the 8th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2007), Bologna, Italy, June 2007, pp. 51-55.
17. D. Chaum, Security without identification: Transaction systems to make big brother obsolete, Communications of the ACM 28(10) (1985), 1030-1044.
18. D. Chaum and J.-H. Evertse, A secure and privacy-protecting protocol for transmitting personal information between organizations, in: Advances in Cryptology - CRYPTO'86, A.M. Odlyzko, ed., Lecture Notes in Computer Science, vol.263, Springer, 1987, pp. 118-167.
19. J. Camenisch and I. Damgård, Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes, in: Advances in Cryptology - ASIACRYPT 2000, T. Okamoto, ed., Lecture Notes in Computer Science, vol.1976, Springer, 2000, pp. 331-345.
20. J. Camenisch, S. Hohenberger, M. Kohlweiss, A. Lysyanskaya and M. Meyerovich, How to win the clonewars: efficient periodic n-times anonymous authentication, in: 13th ACM Conference on Computer and Communications Security, CCS 2006, A. Juels, R.N. Wright and S. De Capitani di Vimercati, eds, ACM, 2006, pp. 201-210.
21. J. Camenisch, S. Hohenberger and A. Lysyanskaya, Compact e-cash, in: Advances in Cryptology - EUROCRYPT 2005, R. Cramer, ed., Lecture Notes in Computer Science, vol.3494, Springer, 2005, pp. 302-321.
22. J. Camenisch and A. Lysyanskaya, An efficient system for non-transferable anonymous credentials with optional anonymity revocation, in: Advances in Cryptology - EUROCRYPT 2001, B. Pfitzmann, ed., Lecture Notes in Computer Science, vol.2045, Springer, 2001, pp. 93-118.
23. J. Camenisch and A. Lysyanskaya, A signature scheme with efficient protocols, in: Security in Communication Networks, Third International Conference, S. Cimato, C. Galdi and G. Persiano, eds, Lecture Notes in Computer Science, vol.2576, Springer, 2003, pp. 268-289.
24. J. Camenisch and A. Lysyanskaya, Signature schemes and anonymous credentials from bilinear maps, in: Advances in Cryptology - CRYPTO 2004, M.K. Franklin, ed., Lecture Notes in Computer Science, vol.3152, Springer, 2004, pp. 56-72.
25. J. Camenisch and V. Shoup, Practical verifiable encryption and decryption of discrete logarithms, in: Advances in Cryptology - CRYPTO 2003, D. Boneh, ed., Lecture Notes in Computer Science, vol.2729, Springer, 2003, pp. 126-144.
26. J. Camenisch and E. Van Herreweghen, Design and implementation of the Idemix anonymous credential system, in: 9th ACM Conference on Computer and Communications Security, CCS 2002, V. Atluri, ed., ACM, 2002, pp. 21-30.
27. R. Clarke, The digital persona and its application to data surveillance, The Information Society 10 (1994), 77-92.
28. L.F. Cranor, Web Privacy with P3P, O'Reilly & Associates, 2002.
29. I. Damgård, Payment systems and credential mechanisms with provable security against abuse by individuals, in: Advances in Cryptology - CRYPTO'88, S. Goldwasser, ed., Lecture Notes in Computer Science, vol.403, Springer, 1990, pp. 328-335.
30. I. Damgård, K. Dupont and M.ø. Pedersen, Unclonable group identification, in: EUROCRYPT, S. Vaudenay, ed., Lecture Notes in Computer Science, vol.4004, Springer, 2006, pp. 555-572.
31. R. Dhamija and L. Dusseault, The seven flaws of identity management: Usability and security challenges, IEEE Security and Privacy 6(2) (2008), 24-29.
32. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281, 23/11/1995, pp. 31-50.
33. R. Dingledine, N. Mathewson and P.F. Syverson, Tor: The second-generation onion router, in: USENIX Security Symposium, USENIX, 2004, pp. 303-320.
34. eXtensible Access Control Markup Language (XACML) Version 2.0, February 2005; http://docs. oasis-open.org/xacml/2.0/access-control-xacml-2.0-core-spec- os.pdf.
35. C. Fried, Privacy, The Yale Law Journal 77 (1968), 475-493.
36. O.H. Gandy, The Panoptic Sort. A Political Economy of Personal Information, Critical Studies in Communication and in the Cultural Industries, Westview Press, San Francisco, Boulder, Oxford, 1993.
37. R. Gavriloaie,W. Nejdl, D. Olmedilla, K. Seamons andM.Winslett, No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web, in: Proc. of the 1st First European Semantic Web Symposium, Heraklion, Greece, May 2004, pp. 342-356.
38. E. Goffman, The Presentation of Self in Everyday Life, Doubleday Anchor Books, Garden City, New York, 1959.
39. O. Goldreich, S. Micali and A. Wigderson, How to prove all NP statements in zero-knowledge and a methodology of cryptographic protocol design, in: Advances in Cryptology - CRYPTO'86, A.M. Odlyzko, ed., Lecture Notes in Computer Science, vol.263, Springer, 1987, pp. 171-185.
40. S. Goldwasser, S. Micali and R. Rivest, A digital signature scheme secure against adaptive chosenmessage attacks, SIAM Journal on Computing 17(2) (1988), 281-308.
41. M. Hildebrandt and S. Gutwirth (eds), Profiling the European Citizen, Springer, 2008.
42. IDEntity MIXer (IDEMIX); http://www.zurich.ibm.com/security/idemix/.
43. K. Irwin and T. Yu, Preventing attribute information leakage in automated trust negotiation, in: Proc. of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA, November 2005, pp. 35-46.
44. D.L. Jutla and P. Bodorik, Sociotechnical architecture for online privacy, IEEE Security & Privacy, 2005, pp. 29-39.
45. N. Li, J.C. Mitchell andW.H.Winsborough, Beyond proof-of-compliance: Security analysis in trust management, Journal of the ACM 52(3) (2005), 474-514.
46. R. Leenes, J. Schallaböck and M. Hansen, Prime white paper v2, 2007.
47. A. Lysyanskaya, Signature schemes and applications to cryptographic protocol design, PhD thesis, Massachusetts Institute of Technology, 2002.
48. L. Nguyen and R. Safavi-Naini, Dynamic k-times anonymous authentication, in: ACNS, J. Ioannidis, A.D. Keromytis and M. Yung, eds, Lecture Notes in Computer Science, vol.3531, 2005, pp. 318- 333.
49. T. Olsen, T. Mahler, C. Seddon, V. Cooper, S. Williams, M. Valdes and S.M. Arias, Privacy & identity management, Technical report, Senter for rettsinformatikk, 2007.
50. J. Ni, N. Li and W.H. Winsborough, Automated trust negotiation using cryptographic credentials, in: Proc. of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA, November 2005, pp. 46-57.
51. Organization for Economic Co-operation and Development, OECD guidelines on the protection of privacy and transborder flows of personal data, 1980; http://www.oecd.org/document/18/0,2340,en- 2649-34255-1815186-119820-1-1-1,00. html.
52. A.S. Patrick and S. Kenny, From privacy legislation to interface design: Implementing information privacy in human-computer interfaces, in: PET2003, Dresden, 2003, pp. 107-124.
53. PRIME Consortium, Architecture v3, Deliverable D14.2.c, 2008.
54. PRIME Consortium, Framework v3, Deliverable D14.1.c, 2008.
55. PRIME Consortium, Requirements for privacy enhancing tools (forthcoming), Deliverable, 2008.
56. C.D. Raab, Perspectives on "personal identity", BT Technology Journal 23 (2005), 15-24.
57. J. Rachels, Why privacy is important, in: Philosophy and Public Affairs, 1975, pp. 323-333.
58. R.L. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM 21(2) (1978), 120-126.
59. T. Ryutov, L. Zhou, C. Neuman, T. Leithead and K.E. Seamons, Adaptive trust negotiation and access control, in: Proc. of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, June 2005, pp. 139-146. (Pubitemid 43087470)
60. K.E. Seamons, W. Winsborough and M. Winslett, Internet credential acceptance policies, in: Proc. of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium, July 1997, pp. 415-432.
61. K. Seamons, M. Winslett and T. Yu, Limiting the disclosure of access control policies during automated trust negotiation, in: Proc. of the Network and Distributed System Security Symposium (NDSS 2001), San Diego, CA, USA, April 2001.
62. A. Shostack, People won't pay for privacy, reconsidered, 2003.
63. F. Stalder, The failure of privacy enhancing technologies (pets) and the voiding of privacy, Sociological Research Online 7(2) (2002).
64. I. Teranishi, J. Furukawa and K. Sako, k-times anonymous authentication (extended abstract), in: ASIACRYPT, P.J. Lee, ed., Lecture Notes in Computer Science, vol.3329, Springer, 2004, pp. 308- 322.
65. Trusted Computing Group, TCG TPM specification version 1.2, url: www.trustedcomputinggroup. org.
66. T.W. van der Horst, T. Sundelin, K.E. Seamons and C.D. Knutson, Mobile trust negotiation: Authentication and authorization in dynamic mobile networks, in: Proc. of the Eighth IFIP Conference on Communications and Multimedia Security, Lake Windermere, England, September 2004, pp. 97- 109.
67. Web services policy framework, March 2006; http://www.ibm.com/ developerworks/webservices/ library/specification/ws-polfram/?S-TACT= 105AGX04&S-CMP=LP.
68. A. Westin, Privacy and Freedom, Atheneum, New York, 1967.
69. M. Winslett, N. Ching, V. Jones and I. Slepchin, Assuring security and privacy for digital library transactions on the web: Client and server security policies, in: Proc. of the ADL'97 - Forum on Research and Tech. Advances in Digital Libraries, Washington, DC, USA, May 1997, pp. 140-152.
70. WorldWideWeb Consortium, The Platform for Privacy P 1.1 (P3P1.1) Specification, July 2005; http://www.w3.org/TR/2005/WD-P3P11-20050701.
71. World Wide Web Consortium, A P3P Preference Exchange Language 1.0 (APPEL1.0), April 2002; http://www.w3.org/TR/P3P-p/.
72. T. Yu, X. Ma and M. Winslett, An efficient complete strategy for automated trust negotiation over the internet, in: Proc. of the 7th ACM Computer and Communication Security, Athens, Greece, November 2000, pp. 210-219.
73. T. Yu and M. Winslett, A unified scheme for resource protection in automated trust negotiation, in: Proc. of the IEEE Symposium on Security and Privacy, Berkeley, CA, May 2003, pp. 110-122.
74. T. Yu, M. Winslett and K.E. Seamons, Interoperable strategies in automated trust negotiation, in: Proc. of the 8th ACM Conference on Computer and Communications Security (CCS 2001), Philadelphia, PA, USA, November 2001, pp. 146-155.
75. T. Yu,M.Winslett and K.E. Seamons, Supporting structured credentials and sensitive policies trough interoperable strategies for automated trust, ACM Transactions on Information and System Security (TISSEC), 6(1) (2003), 1-42.
76. T. Zarsky, Mine your own business!: Making the case for the implications of the data mining or personal information in the forum of public opinion, Yale Journal of Law & Technology 5 (2002), 17-47.
77. T. Zarsky, Desperately seeking solutions: Using implementation-based solutions for the troubles of information privacy in the age of data mining and the internet society, Maine Law Review 56 (2004), 14-59.