Privacy-friendly access control based on personal attributes

Abstract

In attribute-based access control systems, the attribute ownership instead of identity is verified before an access to private services or areas is granted. This approach allows more privacy-friendly verification of users since only individual attributes (such as age, citizenship or ticket ownership) are disclosed to service providers, not the complete identity. Unfortunately, there are very few cryptographic systems allowing practical attribute-based access control system implementations. The lack of cryptographic schemes is caused by the fact that the good balance between privacy and accountability is very difficult to achieve. In this paper, the first implementation of the HM12 attribute-based scheme and a practical choice of its security parameters are presented. The cryptographic scheme is implemented on off-the-shelf hardware, namely on MultOS programmable smart-cards and, experimentally, on Android devices. Finally, the results from our pilot deployment of the access-control system and the obtained user feedback are presented. © 2014 Springer International Publishing.