Access control to sensitive information available in pervasive computing environments is challenging for multiple reasons: First, access control must support flexible access rights that include context-based constraints. Second, a client requesting access to sensitive information might not know which of its access rights are necessary in order to be granted access to the requested information. Third, pervasive computing environments consist of a multitude of information services, which makes simple management of access rights essential. Given this setting, we discuss the shortcomings of existing access control schemes that rely either on information services encrypting sensitive information before handing it over to clients or on clients presenting a proof of access to a service before being granted access. To address these shortcomings, we develop a solution based on hierarchical identity-based encryption. Namely, we present an encryption-based access control architecture that exploits hierarchical identity-based encryption in order to deal with multiple, hierarchical constraints on access rights. Furthermore, we introduce a proof-based access control architecture that employs hierarchical identity-based encryption in order to enable services to inform clients of the required proof of access in a covert way, without leaking information. We present an example implementation of our proposed schemes and discuss its performance.

20 pages

Return to: SCS Technical Report Collection
School of Computer Science homepage

This page maintained by reports@cs.cmu.edu