Resolving conflicts between negotiation success and sensitive information protection in automated trust negotiation

Bailing LIU, Feng XIAO, Ke DENG

PDF(329 KB)
PDF(329 KB)
Front. Comput. Sci. ›› 2011, Vol. 5 ›› Issue (2) : 135-147. DOI: 10.1007/s11704-011-9307-7
RESEARCH ARTICLE

Resolving conflicts between negotiation success and sensitive information protection in automated trust negotiation

Author information +
History +

Abstract

Automated trust negotiation (ATN) is an approach to establishing mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing digitally signed credentials. In ATN, there are conflicts between negotiation success and sensitive information protection, that is, these two needs cannot be given priority at the same time, which is a challenging problem to resolve. In this paper, a language independent ATN framework, which is dynamic, flexible and adaptive, is presented to address this problem, ensuring negotiation success without sensitive information leakage. This framework is independent of the policy language which is used. However, the language used should have the capability to specify all kinds of sensitive information appearing in credentials and policies, and support the separation of attribute disclosure from credential disclosure. Thus definitions of new language features, which can be incorporated into existing policy languages, are given, enabling the used language to support the capabilities mentioned above.

Keywords

automated trust negotiation (ATN) / negotiation success / sensitive information protection / framework / policy language

Cite this article

EndNote

Ris (Procite)

Bibtex

Download citation ▾
Bailing LIU, Feng XIAO, Ke DENG. Resolving conflicts between negotiation success and sensitive information protection in automated trust negotiation. Front Comput Sci Chin, 2011, 5(2): 135‒147 https://doi.org/10.1007/s11704-011-9307-7

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]
Bradshaw R, Holt J, Seamons K. Concealing complex policies with hidden credentials. In: Proceedings of 11th ACM Conference on Computer and Communications Security. 2004, 146–157
CrossRef Google scholar
[2]
Holt J E, Bradshaw R W, Seamons K E, Orman H. Hidden credentials. In: Proceedings of 2nd ACM Workshop on Privacy in the Electronic Society. 2003, 1–8
[3]
Winsborough W H, Li N. Towards practical automated trust negotiation. In: Proceedings of 3rd International Workshop on Policies for Distributed Systems and Networks. 2002, 92–103
CrossRef Google scholar
[4]
Irwin K, Yu T. Preventing attribute information leakage in automated trust negotiation. In: Proceedings of 12th ACM Conference on Computer and Communications Security. 2005, 36–45
CrossRef Google scholar
[5]
Lu H, Liu B. Improved policy database system for protecting possession sensitive attributes in automated trust negotiation. In: Proceedings of Japan-China Joint Workshop on Frontier of Computer Science and Technology. 2007, 61–66
CrossRef Google scholar
[6]
Cramer R, Damgård I. Zero-knowledge proof for finite field arithmetic, or: can zero-knowledge be for free? In: Proceedings of 18th Annual International Cryptology Conference on Advances in Cryptology. 1998, 424–441
[7]
Cramer R, Franklin M, Schoenmakers B, Yung M. Multi-authority secret-ballot elections with linear work. In: Proceedings of 15th Annual International Conference on Theory and Application of Cryptographic Techniques. 1996, 72–83
[8]
Li J, Li N. Policy-hiding access control in open environment. In: Proceedings of 24th Annual ACM Symposium on Principles of Distributed Computing. 2005, 29–38
[9]
Li J, Li N. OACerts: oblivious attribute certificates. In: Proceedings of 3rd Conference on Applied Cryptography and Network Security. 2005, 301–317
CrossRef Google scholar
[10]
Camenisch J, Herreweghen E V. Design and implementation of the idemix anonymous credential system. In: Proceedings of 9th ACM Conference on Computer and Communications Security. 2002, 21–30
CrossRef Google scholar
[11]
Camenisch J, Lysyanskaya A. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Proceedings of International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology. 2001, 93–118
[12]
Li N, Du W, Boneh D. Oblivious signature-based envelope. In: Proceedings of 22nd ACM Symposium on Principles of Distributed Computing. 2003, 182–189
[13]
Li J,Li N, Winsborough W H. Automated trust negotiation using cryptographic credentials. In: Proceedings of 12th ACM Conference on Computer and Communications Security. 2005, 46–57
CrossRef Google scholar
[14]
Bertino E, Ferrari E, Squicciarini A C. Trust-X: a peer-to-peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering, 2004, 16(7): 827–842
CrossRef Google scholar
[15]
Winsborough W H, Seamons K E, Jones V E. Automated trust negotiation. In: Proceedings of DARPA Information Survivability Conference and Exposition. 2000, 88–102
[16]
Yu T, Ma X, Winslett M. PRUNES: an efficient and complete strategy for automated trust negotiation on the internet. In: Proceedings of 7th ACM Conference on Computer and Communication Security. 2000, 210–219
CrossRef Google scholar
[17]
Yu T, Winslett M, Seamons K E. Interoperable strategies in automated trust negotiation. In: Proceedings of 8th ACM Conference on Computer and Communication Security. 2001, 146–155
CrossRef Google scholar

RIGHTS & PERMISSIONS

2014 Higher Education Press and Springer-Verlag Berlin Heidelberg
AI Summary AI Mindmap
PDF(329 KB)

Accesses

Citations

Detail
Sections
Recommended

/