PACCo: Privacy-friendly Access Control with Context

Andreas Put, Bart De Decker

2016

Abstract

We propose a secure and privacy friendly way to strengthen authentication mechanisms of online services by taking context into account. The use of context, however, is often of a personal nature (e.g. location) and introduces privacy risks. Furthermore, some context sources can be spoofed, and hence, the level of trust of a verifier in a context source can vary. In this paper, a policy language to express contextual constraints is proposed. In addition, a set of protocols to gather, verify and use contextual information in access control decisions is described. The system protects user privacy as service providers do not learn precise context information, and avoids linkabilities. Finally, we have implemented this system and our experimental evaluation shows that it is practical to use.

Paper Citation

in Harvard Style

Put A. and De Decker B. (2016). PACCo: Privacy-friendly Access Control with Context . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 159-170. DOI: 10.5220/0005969501590170

in Bibtex Style

@conference{secrypt16,
author={Andreas Put and Bart De Decker},
title={PACCo: Privacy-friendly Access Control with Context},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={159-170},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005969501590170},
isbn={978-989-758-196-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - PACCo: Privacy-friendly Access Control with Context
SN - 978-989-758-196-0
AU - Put A.
AU - De Decker B.
PY - 2016
SP - 159
EP - 170
DO - 10.5220/0005969501590170