Apurva Mohan's Resume

GT Attribute based Rich Presence Information Disclosure Service

This framework provides Location Privacy through Attribute based Access Control. The presentity shares different granularities of his location information with other entities, which may hold different verifiable attributes. The framework captures presentity preferences in configurable disclosure policies, which may be re-configured dynamically. These policies are expressed in XACML. For example, the presentity may choose to disclose his exact location to people holding a specific set of attributes, but may choose to only disclose a lower granularity of his location information for people who hold only a subset of these attributes.

Each user in the system has a network resident agent called the Identity Agent (IdA). The IdA is responsible for running the policy engine, verifying querying user’s attributes and releasing the proper granularity of presentity location information according to his disclosure policies. The prototype for this architecture is built leveraging several Georgia Tech campus services. All the users are in a single trust domain. The location information is provided through whereami, which is a wireless network based location tracking service and the querying user's attributes are verified using GT directory.

Apurva Mohan

A typical flow is as follows. The presentity connects to the IdA, who forwards him to the GT CAS, where the presentity authenticates using his GT Prism ID and password. Upon successful authentication, the CAS redirects the user back to the IdA and sends the logged in username to the IdA. The presentity then sets his presence information disclosure policies on the IdA. Thereafter the presentity queries the whereami periodically for self-location and updates this information in the IdA. The whereami supports only first party lookups, meaning any user can only query his self location. The whereami maintains a table of the users MAC address and the access point to which the user is currently attached. When queried it returns the user its location with a building name, building number and room numbers, with an accuracy of 50 meters. All this information is based on the wireless access point the user is attached to.

The IdA stores this information for each user. A querier logs in the system using his prism ID and password and wishes to query presentity location. He sends a request to the IdA. The IdA fetches the queries attributes from the GT directory and matches these attributes with the Presentity disclosure policies. The system supports different granularities of information, for e.g. if the querier has all the attributes defined in the disclosure policy, the IdA release the presence information with the highest granularity. If the querier only holds a subset of the desired attributes, the IdA releases a lower granularity of the presence information in accordance with the policy. If the querier holds none of the desired attributes, the request is denied.