TY - JOUR
T1 - Distributed access control with privacy support in wireless sensor networks
AU - He, Daojing
AU - Bu, Jiajun
AU - Zhu, Sencun
AU - Chan, Sammy
AU - Chen, Chun
N1 - Funding Information:
This work was supported by the National Science Foundation of China (Grant No. 61070155), the Program for New Century Excellent Talents in University (NCET-09-0685), grant NSF CAREER 0643906, and a grant from the Research Grants Council of the Hong Kong SAR, China [Project No. City U 111208].
PY - 2011/10
Y1 - 2011/10
N2 - A distributed access control module in wireless sensor networks (WSNs) allows the network to authorize and grant user access privileges for in-network data access. Prior research mainly focuses on designing such access control modules for WSNs, but little attention has been paid to protect user's identity privacy when a user is verified by the network for data accesses. Often, a user does not want the WSN to associate his identity to the data he requests. In this paper, we present the design, implementation, and evaluation of a novel approach, Priccess, to ensure distributed privacy-preserving access control. In Priccess, users who have similar access privileges are organized into the same group by the network owner. A network user signs a query command on behalf of his group and then sends the signed query to the sensor nodes of his interest. The signature can be verified by its recipient as coming from someone authorized without exposing the actual signer. In addition to the theoretical analysis that demonstrates the security properties of Priccess, this paper also reports the experimental results of Priccess in a network of Imote2 motes, which show the efficiency of Priccess in practice.
AB - A distributed access control module in wireless sensor networks (WSNs) allows the network to authorize and grant user access privileges for in-network data access. Prior research mainly focuses on designing such access control modules for WSNs, but little attention has been paid to protect user's identity privacy when a user is verified by the network for data accesses. Often, a user does not want the WSN to associate his identity to the data he requests. In this paper, we present the design, implementation, and evaluation of a novel approach, Priccess, to ensure distributed privacy-preserving access control. In Priccess, users who have similar access privileges are organized into the same group by the network owner. A network user signs a query command on behalf of his group and then sends the signed query to the sensor nodes of his interest. The signature can be verified by its recipient as coming from someone authorized without exposing the actual signer. In addition to the theoretical analysis that demonstrates the security properties of Priccess, this paper also reports the experimental results of Priccess in a network of Imote2 motes, which show the efficiency of Priccess in practice.
UR - http://www.scopus.com/inward/record.url?scp=80855130876&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80855130876&partnerID=8YFLogxK
U2 - 10.1109/TWC.2011.072511.102283
DO - 10.1109/TWC.2011.072511.102283
M3 - Article
AN - SCOPUS:80855130876
SN - 1536-1276
VL - 10
SP - 3472
EP - 3481
JO - IEEE Transactions on Wireless Communications
JF - IEEE Transactions on Wireless Communications
IS - 10
M1 - 5967978
ER -