3.4 Reconciling Privacy and Security in Pervasive Computing (The Case for Pseudonymous Group Membership)
Ian Wakeman, University of Sussex
Dan Chalmers, University of Sussex
Michael Fry, University of Sydney
Abstract:
In this paper, we outline an approach to the identification of entities for access control that is based on the membership of groups, rather than individuals. By using group membership as a level of indirection between the individual and the system, we can increase privacy and provide incentives for better behaviour. Privacy comes from the use of pseudonyms generated within the group and which can be authenticated as belonging to the group. The incentives for better behaviour come from the continuous nature of groups - members may come and go, but the group lives on, and groups are organised so as to ensure group-longevity, and prevent actions which may harm the group’s reputation. We present a novel pseudonym generation mechanism suitable for use in groups without a centralised administration. Finally, we argue that the use of group membership as the basis for formulating policies on interaction is more efficient for disconnected operation, facilitating proxies and the efficient storage of revoked membership and distrusted organisations within bloom filters for small memory footprints.
ACM Copyright Notice Copyright © by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or permissions@acm.org.
Dan Chalmers, University of Sussex
Michael Fry, University of Sydney
Abstract:
In this paper, we outline an approach to the identification of entities for access control that is based on the membership of groups, rather than individuals. By using group membership as a level of indirection between the individual and the system, we can increase privacy and provide incentives for better behaviour. Privacy comes from the use of pseudonyms generated within the group and which can be authenticated as belonging to the group. The incentives for better behaviour come from the continuous nature of groups - members may come and go, but the group lives on, and groups are organised so as to ensure group-longevity, and prevent actions which may harm the group’s reputation. We present a novel pseudonym generation mechanism suitable for use in groups without a centralised administration. Finally, we argue that the use of group membership as the basis for formulating policies on interaction is more efficient for disconnected operation, facilitating proxies and the efficient storage of revoked membership and distrusted organisations within bloom filters for small memory footprints.
ACM Copyright Notice Copyright © by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or permissions@acm.org.
Comments