Access control to people location information

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Access control to people location information

Full text

Pdf (357 KB)

Source

ACM Transactions on Information and System Security (TISSEC) archive
Volume 8 , Issue 4 (November 2005) table of contents

Pages: 424 - 456

Year of Publication: 2005

ISSN:1094-9224

Authors

Urs Hengartner	University of Waterloo, Ontario, Canada
Peter Steenkiste	Carnegie Mellon University, Pittsburgh PA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 31, Downloads (12 Months): 253, Citation Count: 1

Additional Information:

abstract references cited by index terms review collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1108906.1108910 What is a DOI?

ABSTRACT

Ubiquitous computing uses a variety of information for which access needs to be controlled. For instance, a person's current location is a sensitive piece of information that only authorized entities should be able to learn. Several challenges arise in the specification and implementation of policies controlling access to location information. For example, there can be multiple sources of location information. The sources can be within different administrative domains, which might allow different entities to specify policies, and policies need to be flexible. We address these issues in our design of a distributed access control mechanism for a people location system. Our design encodes policies as digital certificates, which enables decentralized storage of policies. We also present an algorithm for the discovery of distributed certificates. Furthermore, we discuss several privacy issues and show how our design addresses them. To show feasibility of our design, we built an example implementation based on SPKI/SDSI certificates. Using measurements, we quantify the influence of access control on query processing time. We also discuss trade-offs between RSA-based and DSA-based signature schemes for digital certificates.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Jalal Al-Muhtadi , Anand Ranganathan , Roy Campbell , M. Dennis Mickunas, Cerberus: A Context-Aware Security Scheme for Smart Spaces, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, p.489, March 23-26, 2003
	2	Bahl, P. and Padmanabhan, V. 2000. RADAR: An in-building RF-based user location and tracking system. In Proceedings of IEEE Infocom 2000. 775--784.
	3	Lujo Bauer , Michael A. Schneider , Edward W. Felten, A General and Flexible Access-Control System for the Web, Proceedings of the 11th USENIX Security Symposium, p.93-108, August 05-09, 2002
	4	Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: A temporal role-based access control model, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.191-233, August 2001 [doi>10.1145/501978.501979]
	5	Bertino, E., Ferrari, E., and Squicciarini, A. C. 2003. Trust-χ: An XML framework for trust negotations. In Proceedings of Communications and Multimedia Security 2003. 146--157.
	6	Bhatti, R. 2003. X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control. Tech. Rep. 2003-27, CERIAS, Purdue University.
	7	Blaze, M., Ioannidis, J., and Keromytis, A. 1999. The KeyNote trust-management system version 2. RFC 2704.
	8	David L. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, v.24 n.2, p.84-90, Feb. 1981 [doi>10.1145/358549.358563]
	9	Harry Chen , Tim Finin , Anupam Joshi, Semantic Web in the Context Broker Architecture, Proceedings of the Second IEEE International Conference on Pervasive Computing and Communications (PerCom'04), p.277, March 14-17, 2004
	10	Dwaine Clarke , Jean-Emile Elien , Carl Ellison , Matt Fredette , Alexander Morcos , Ronald L. Rivest, Certificate chain discovery in SPKI?SDSI, Journal of Computer Security, v.9 n.4, p.285-322, January 2001
	11	Michael J. Covington , Prahlad Fogla , Zhiyuan Zhan , Mustaque Ahamad, A Context-Aware Security Architecture for Emerging Applications, Proceedings of the 18th Annual Computer Security Applications Conference, p.249, December 09-13, 2002
	12	Michael J. Covington , Wende Long , Srividhya Srinivasan , Anind K. Dev , Mustaque Ahamad , Gregory D. Abowd, Securing context-aware applications using environment roles, Proceedings of the sixth ACM symposium on Access control models and technologies, p.10-20, May 2001, Chantilly, Virginia, United States [doi>10.1145/373256.373258]
	13	Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., and Reagle, J. 2002. The platform for privacy preferences 1.0 (P3P1.0) specification. W3C Recommendation.
	14	Day, M., Aggarwal, S., Mohr, G., and Vincent, J. 2000. Instant messaging/presence protocol requirements. RFC 2779.
	15	Whitfield Diffie , Paul C. Van Oorschot , Michael J. Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography, v.2 n.2, p.107-125, June 1992 [doi>10.1007/BF00124891]
	16	Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., and Ylonen, T. 1999. SPKI certificate theory. RFC 2693.
	17	Gandon, F. and Sadeh, N. 2003. A semantic eWallet to reconcile privacy and context awareness. In Proceedings of 2nd International Semantic Web Conference (ISWC2003).
	18	David Garlan , Dan Siewiorek , Asim Smailagic , Peter Steenkiste, Project Aura: Toward Distraction-Free Pervasive Computing, IEEE Pervasive Computing, v.1 n.2, p.22-31, April 2002 [doi>10.1109/MPRV.2002.1012334 ]
	19	Godik, S. and Moses, T. 2003. eXtensible access control markup language (XACML) version 1.0. OASIS Standard.
	20	Joseph Y. Halpern , Ron Van der Meyden, A Logical Reconstruction of SPKI, Proceedings of the 14th IEEE Workshop on Computer Security Foundations, p.59, June 11-13, 2001
	21	Harter, A. and Hopper, A. 1994. A distributed location system for the active office. IEEE Network 8, 1 (Jan.), 62--70.
	22	Urs Hengartner , Peter Steenkiste, Implementing access control to people location information, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA [doi>10.1145/990036.990039]
	23	Hengartner, U. and Steenkiste, P. 2005. Exploiting hierarchical identity-based encryption for access control to pervasive computing information. In Proceedings of First IEEE/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks (IEEE/CreateNet SecureComm 2005). 384--393.
	24	Jon Howell , David Kotz, A Formal Semantics for SPKI, Proceedings of the 6th European Symposium on Research in Computer Security, p.140-158, October 04-06, 2000
	25	Howell, J. and Kotz, D. 2000b. End-to-end authorization. In Proceedings of 4th Symposium on Operating System Design & Implementation (OSDI 2000). 151--164.
	26	ICAL. ftp://ftp.scriptics.com/pub/tcl/apps/ical/.
	27	Glenn Judd , Peter Steenkiste, Providing Contextual Information to Pervasive Computing Applications, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, p.133, March 23-26, 2003
	28	Lalana Kagal , Tim Finin , Anupam Joshi, A Policy Language for a Pervasive Computing Environment, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, p.63, June 04-06, 2003
	29	Michael Kaminsky , George Savvides , David Mazieres , M. Frans Kaashoek, Decentralized user authentication in a global file system, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	30	Ulf Leonhardt , Jeff Magee, Security Considerations for a Distributed LocationService, Journal of Network and Systems Management, v.6 n.1, p.51-70, March 01, 1998 [doi>10.1023/A:1018777802208 ]
	31	Li, N. and Mitchell, J. C. 2003. Understanding SPKI/SDSI using first-order logic. In Proceedings of 16th IEEE Computer Security Foundations Workshop (CSFW-16). 89-- 103.
	32	Ninghui Li , William H. Winsborough , John C. Mitchell, Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.123, May 11-14, 2003
	33	Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management, Journal of Computer Security, v.11 n.1, p.35-86, February 2003
	34	Patrick McDaniel, On context in authorization policy, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy [doi>10.1145/775412.775422]
	35	Ginger Myles , Adrian Friday , Nigel Davies, Preserving Privacy in Environments with Location-Based Applications, IEEE Pervasive Computing, v.2 n.1, p.56-64, January 2003 [doi>10.1109/MPRV.2003.1186726 ]
	36	Neuman, B. 1993. Proxy-based authorization and accounting for distributed systems. In Proceedings of International Conference on Distributed Computing Systems. 283--291.
	37	Orkut. http://www.orkut.com.
	38	Nissanka B. Priyantha , Anit Chakraborty , Hari Balakrishnan, The Cricket location-support system, Proceedings of the 6th annual international conference on Mobile computing and networking, p.32-43, August 06-11, 2000, Boston, Massachusetts, United States [doi>10.1145/345910.345917]
	39	Brian Shand , Nathan Dimmock , Jean Bacon, Trust for Ubiquitous, Transparent Collaboration, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, p.153, March 23-26, 2003
	40	Sollins, K. R. 1988. Cascaded authentication. In Proceedings of IEEE Symposium on Security and Privacy. 156--163.
	41	Mike Spreitzer , Marvin Theimer, Providing location information in a ubiquitous computing environment (panel session), Proceedings of the fourteenth ACM symposium on Operating systems principles, p.270-283, December 05-08, 1993, Asheville, North Carolina, United States
	42	Paul F. Syverson , David M. Goldschlag , Michael G. Reed, Anonymous Connections and Onion Routing, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.44, May 04-07, 1997
	43	Roberto Tamassia , Danfeng Yao , William H. Winsborough, Role-based cascaded delegation, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA [doi>10.1145/990036.990061]
	44	Ward, A., Jones, A., and Hopper, A. 1997. A new location technique for the active office. IEEE Personal Communications 4, 5 (Oct.), 42--47.
	45	Ylonen, T. 2003. SSH transport layer protocol. Internet Draft.

CITED BY

Ben Greenstein , Ramakrishna Gummadi , Jeffrey Pang , Mike Y. Chen , Tadayoshi Kohno , Srinivasan Seshan , David Wetherall, Can Ferris Bueller still have his day off? protecting privacy in the wireless era, Proceedings of the 11th USENIX workshop on Hot topics in operating systems, p.1-6, May 07-09, 2007, San Diego, CA

INDEX TERMS

Primary Classification:
D. Software
D.4 OPERATING SYSTEMS
D.4.6 Security and Protection
Subjects: Access controls

Additional Classification:
E. Data
E.3 DATA ENCRYPTION

K. Computing Milieux
K.4 COMPUTERS AND SOCIETY
K.4.1 Public Policy Issues
Subjects: Privacy

Keywords:
Certificates, DSA, RSA, SPKI/SDSI, credential discovery, delegation, location, privacy, trust

REVIEW

"Fjodor J. Ruzic : Reviewer"

This comprehensive work on security issues discusses access control within a ubiquitous network environment, where people-location information is the key issue for privacy-safeguarding measures. The access control category is analyzed with the pub more...

Collaborative Colleagues:

Urs Hengartner: colleagues

Peter Steenkiste: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player