Cryptology ePrint Archive: Report 2008/474

Access Controls for Oblivious and Anonymous Systems

Scott Coull and Matthew Green and Susan Hohenberger

Abstract: The use of privacy-enhancing cryptographic protocols, such as anonymous credentials and oblivious transfer, often has a detrimental effect on the ability of providers to effectively implement access controls on their content. In this paper, we propose a stateful anonymous credential system that allows the provider to implement non-trivial, real-world access controls on oblivious protocols conducted with anonymous users. Our stateful anonymous credential system models the behavior of users as a state machine, and embeds that state within an anonymous credential to restrict access to resources based on the state information. The use of state machine models of user behavior allows the provider to restrict the users' actions according to a wide variety of access control models without learning anything about the users' identities or actions. Our system is secure in the standard model under basic assumptions, and, after an initial setup phase, each transaction requires only constant time. As a concrete example, we show how to implement the Brewer-Nash (Chinese Wall) and Bell-La Padula (Multilevel Security) access control models within our credential system. Furthermore, we combine our credential system with a simulatable, adaptive oblivious transfer scheme to create a privacy-friendly oblivious database with strong access controls.

Category / Keywords: oblivious transfer, anonymous credentials, privacy

Date: received 10 Nov 2008, last revised 11 Jan 2010

Contact author: mgreen at cs jhu edu

Available format(s): PDF | BibTeX Citation

Version: 20100112:043336 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]