Enhancing Privacy-Preserving Access Control for Pervasive Computing Environments

The exchange of user-related sensitive data within a Pervasive Computing Environment (PCE) raises security and privacy concerns. On one hand, service providers require user authentication and authorization prior to the provision of a service, while at the same time users require anonymity, i.e., untraceability and unlinkability for their transactions. In this paper, the authors discuss privacy and security requirements for access control in PCEs and show why a recently proposed efficient scheme fails to satisfy these requirements. Furthermore, they discuss a generic approach for achieving a desired level of privacy against malicious insiders, while balancing with competing demands for access control and accountability.