Your SlideShare is downloading. ×
Privacy preserving enforcement of spatially aware rbac
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Privacy preserving enforcement of spatially aware rbac


Published on

For more projects visit @

For more projects visit @

Published in: Technology, Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. branches: hyderabad nagpurPrivacy-Preserving Enforcement of Spatially Aware RBACABSRACT:Several models for incorporating spatial constraints into role-based access control(RBAC) have been proposed, and researchers are now focusing on the challenge of ensuringsuch policies are enforced correctly. However, existing approaches have a major shortcoming, asthey assume the server is trustworthy and require complete disclosure of sensitive locationinformation by the user. In this work, we propose a novel framework and a set of protocols tosolve this problem. Specifically, in our scheme, a user provides a service provider with role andlocation tokens along with a request. The service provider consults with a role authority and alocation authority to verify the tokens and evaluate the policy. However, none of the serverslearn the requesting user’s identity, role, or location. In this paper, we define the protocols andthe policy enforcement scheme, and present a formal proof of a number of security properties.EXISTING SYSTEM:In the Existing system the server has to check for everything about user and his behaviorthis makes server busy. While the challenge of creating enforcement architectures has receivedsome focus, existing solutions require disclosure of the requesting user’s logical location orphysical coordinates. Previous work has acknowledged the severe privacy threats that may occuras a result of disclosing fine-grained location information with high frequency. This problembecomes even more serious in a decentralized, loosely coupled environment, such as cloudcomputing, where services (e.g., data storage) are outsourced to an external provider. Thus, it isno longer the case that all components involved in the authorization process can be fully trustedto protect the privacy of the principals. Even though authorization and auditing mechanisms mayprevent unauthorized disclosure of sensitive records and reduce the impact of a leak, similarprotection mechanisms for the privacy of the requesting principals’ locations do not exist. Evenwhen a centralized authorization infrastructure exists and all GEO-RBAC components residewithin the administrative control of a single organization, it is possible for a rogue administrator
  • 2. branches: hyderabad nagpurto collect and use principals’ locations for malicious purposes (e.g., stalking, blackmail).Furthermore, the presence of malware at the service provider (SP) can also be a threat to users.PROPOSED SYSTEM:(RBAC) has become the industry standard for authorization, and it is widely deployed asit provides organizations with a simplified mechanism for granting privileged access to sensitiveresources. Although RBAC systems traditionally consider only identity attributes, such as jobtitle, the emergence of location-based applications has led to the enrichment of the model withspatial features. A number of RBAC extensions incorporate location constraints into accesscontrol policies, providing organizations with the ability to control resource access based on thephysical coordinates ofthe requesting users.Geo-spatial RBAC (GEO-RBAC) has a large number of applications, in both militaryand civilian applications. Consider a military application, where physical presence in a securedroom is required for a principal to access a confidential document. Such a protection model canprevent personnel from unintentionally exposing secrets in an environment where principalswithout the appropriate clearance are present. Alternatively, a policy may state that strictlyconfidential documents must only be accessed in a room that has been checked thoroughly toensure there are no unauthorized surveillance devices present. GEO-RBAC addresses theseneeds and supports permission manipulation at a fine granularity. In this work, we propose aframework for privacy preserving GEO-RBAC (Privacy) that enforces location-basedauthorization without revealing the identity attributes or physical coordinates of requesting usersto the policy enforcement point (PEP). Our approach uses a combination of cryptographictechniques and separation of functionality. The trust assumption in our model is reduced to onecomponent, which generates all cryptographic secrets required for evaluation but does notparticipate in the online operations of the PEP; therefore, this component can be effectivelyshielded from attacks. The protocols we define ensure that the other components that participatein the online enforcement cannot learn the user’s identity, role, or location, even under verypowerful adversarial assumptions. Our work reconciles competing goals of security and privacyby supporting fine-grained spatially aware RBAC while simultaneously preserving the privacy ofrequesting users. There are clear parallels between our work and access control mechanisms built
  • 3. branches: hyderabad nagpuron attribute-based encryption, That is, location and role are used as attributes for policyevaluation.However, existing attribute-based schemes are built on the premise that attributes (e.g., adriver’s license number or date of birth) are fairly persistent for a user, and the user simply needsa credential that certifies that the user possesses the respective attributes. In GEO-RBAC, rolesand locations are inherently transient. While one user may activate a role for a short time, he willeventually be replaced by another user; additionally, users are assumed to be mobile. Given thehigh frequency of attribute changes, temporary credentials that are dynamically andautomatically generated are mandatory for usability. To the best of our knowledge, ours is thefirst work to address the challenge of attribute-based access control with transient credentials.Based on the results of this work, we believe that future work in this direction would be valuable.The encoded roles, locations, and policies are then delivered to the Role Authority (RA),Location Authority (LA), and Service Provider, respectively. The SP stores the protected objectsand ultimately makes the decision of whether to grant access or not. Based on the encodedvalues, the RA, LA, and SP are not able to link real roles or locations with the access request. theuser initiates a role session with the RA, acquiring a role token, then presents the role token to aLocation Device (LD), acquiring a location token that is bound to the role token . The user thensends the credentials (which do not reveal the role and location) to the SP, who subsequentlyperforms an oblivious transfer (OT) and a private information retrieval (PIR) protocol with theRA and LA, respectively, thus retrieving data to evaluate the access control policy. The privateretrieval steps are necessary in order to protect the access pattern of the principals: the RA andthe LA do not learn anything about the encrypted credentials that are being used in the currentaccess. The SP evaluates the access condition , and if the condition is satisfied, it grants access tothe user.
  • 4. branches: hyderabad nagpurHARDWARE REQUIREMENTSProcessor: Pentium IVRAM: 1GBOperating System: Windows XP (ServicePack3)Working Environment: Microsoft Visual Studio 2010Framework: DOTNET Framework 4.0Language: visual C#Back End: Microsoft SQL SERVER 2005MODULESRole AuthorityLocation AuthorityService ProviderUser