Computer Science Department
School of Computer Science, Carnegie Mellon University
Exploiting Hierarchical Identity-Based Encryption
for Access Control to Pervasive Computing Information
Urs Hengartner, Peter Steenkiste
Keywords: Access control, identity-based encryption, pervasive
Access control to sensitive information available in pervasive
computing environments is challenging for multiple reasons: First,
access control must support flexible access rights that include
context-based constraints. Second, a client requesting access to
sensitive information might not know which of its access rights are
necessary in order to be granted access to the requested information.
Third, pervasive computing environments consist of a multitude of
information services, which makes simple management of access rights
essential. Given this setting, we discuss the shortcomings of
existing access control schemes that rely either on information
services encrypting sensitive information before handing it over
to clients or on clients presenting a proof of access to a service
before being granted access. To address these shortcomings, we
develop a solution based on hierarchical identity-based encryption.
Namely, we present an encryption-based access control architecture
that exploits hierarchical identity-based encryption in order to
deal with multiple, hierarchical constraints on access rights.
Furthermore, we introduce a proof-based access control architecture
that employs hierarchical identity-based encryption in order to
enable services to inform clients of the required proof of access
in a covert way, without leaking information. We present an example
implementation of our proposed schemes and discuss its performance.