PACCo: Privacy-friendly Access Control with Context

Andreas Put, Bart De Decker


We propose a secure and privacy friendly way to strengthen authentication mechanisms of online services by taking context into account. The use of context, however, is often of a personal nature (e.g. location) and introduces privacy risks. Furthermore, some context sources can be spoofed, and hence, the level of trust of a verifier in a context source can vary. In this paper, a policy language to express contextual constraints is proposed. In addition, a set of protocols to gather, verify and use contextual information in access control decisions is described. The system protects user privacy as service providers do not learn precise context information, and avoids linkabilities. Finally, we have implemented this system and our experimental evaluation shows that it is practical to use.


