Exploiting hierarchical identity-based encryption for access control to pervasive computing information

Access control to confidential information in pervasive computing environments is challenging for multiple reasons: First, a client requesting access might not know which access rights are necessary in order to be granted access to the requested information. Second, access control must support flexible access rights that include context-sensitive constraints. Third, pervasive computing environments consist of a multitude of information services, which makes simple management of access rights essential. We discuss the shortcomings of existing access-control schemes that rely on either clients presenting a proof of access to a service or services encrypting information before handing the information over to a client. We propose a proof-based access-control architecture that employs hierarchical identity-based encryption in order to enable services to inform clients of the required proof of access in a covert way, without leaking information. Furthermore, we introduce an encryption-based access-control architecture that exploits hierarchical identity-based encryption in order to deal with multiple, hierarchical constraints on access rights. We present an example implementation of our proposed architectures and discuss the performance of this implementation.