Attribute-Based Privacy-Friendly Access Control with Context.

In the last decade, the Internet landscape transformed into a service platform. This evolution has brought more importance to security requirements like strong authentication. We propose a secure and privacy-friendly way to augment authentication mechanisms of Online services by taking context into account. Contextual information, such as location, proximity or the current role of a user in a system is useful to help authenticate and authorize users. Context, however, is often of a personal nature and introduces privacy risks. In addition, a source of such contextual information should provide trustworthy information. In this work, a policy language to express attribute-based and contextual requirements is proposed. In addition, we define a set of protocols to gather, verify and use contextual information and user-attributes originating from third-party systems. The system protects the user's privacy as service providers do not learn precise context information, and avoids linkabilities. Finally, we have implemented this system and our experimental evaluation shows that it is practical to use.