Publication
CCS 2005
Workshop paper

Anonymous yet accountable access control

View publication

Abstract

This paper introduces a novel approach for augmenting attribute-based access control systems in a way that allows them to offer fully anonymous access to resources while at the same time achieving strong accountability guarantees. We assume that users hold attribute certificates and we show how to exploit cryptographic zero-knowledge proofs to allow requesting users to prove that they hold suitable certificates for accessing a resource. In contrast to the commonly taken approach of sending all possibly relevant certificates to the access control system, our approach hence does not release any information to the access control system except for the presence of a set of certificates satisfying the access condition. This constitutes the minimal amount of information that has to be released for coming up with a correct access decision, and our approach is the first to achieve this. Additionally given a trusted third party for identity escrow, we furthermore show that a concise application of zero-knowledge proofs offers the access control system the capability to hold a requesting user accountable for her actions under specific, well-defined conditions. All the employed cryptographic techniques are highly efficient, and an architecture for exploiting our approach in practical scenarios is already in place. Copyright 2005 ACM.

Date

Publication

CCS 2005

Authors

Share