Please wait a minute...
购物车 申请加入邮件组 English
高级检索 图表检索
Frontiers of Computer Science

ISSN 2095-2228

ISSN 2095-2236(Online)

CN 10-1014/TP

邮发代号 80-970

2019 Impact Factor: 1.275

热点文章  |  下载排行  |  浏览排行
在线投稿 免费RSS订阅
Frontiers of Computer Science in China  2011, Vol. 5 Issue (2): 135-147   https://doi.org/10.1007/s11704-011-9307-7
  RESEARCH ARTICLE 本期目录
Resolving conflicts between negotiation success and sensitive information protection in automated trust negotiation
Resolving conflicts between negotiation success and sensitive information protection in automated trust negotiation
Bailing LIU1(), Feng XIAO2, Ke DENG3
1. Department of Information and Management, Huazhong Normal University, Wuhan 430079, China; 2. Huawei Technologies Co., Ltd, Wuhan 430000, China; 3. The No.92373 of PLA, Dalian 116001, China
 全文: PDF(329 KB)   HTML
Abstract

Automated trust negotiation (ATN) is an approach to establishing mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing digitally signed credentials. In ATN, there are conflicts between negotiation success and sensitive information protection, that is, these two needs cannot be given priority at the same time, which is a challenging problem to resolve. In this paper, a language independent ATN framework, which is dynamic, flexible and adaptive, is presented to address this problem, ensuring negotiation success without sensitive information leakage. This framework is independent of the policy language which is used. However, the language used should have the capability to specify all kinds of sensitive information appearing in credentials and policies, and support the separation of attribute disclosure from credential disclosure. Thus definitions of new language features, which can be incorporated into existing policy languages, are given, enabling the used language to support the capabilities mentioned above.
Key wordsautomated trust negotiation (ATN)    negotiation success    sensitive information protection    framework    policy language
收稿日期: 2009-01-17      出版日期: 2011-06-05
Corresponding Author(s): LIU Bailing,Email:bailing.cs@gmail.com   
 引用本文:   
. Resolving conflicts between negotiation success and sensitive information protection in automated trust negotiation[J]. Frontiers of Computer Science in China, 2011, 5(2): 135-147.
Bailing LIU, Feng XIAO, Ke DENG. Resolving conflicts between negotiation success and sensitive information protection in automated trust negotiation. Front Comput Sci Chin, 2011, 5(2): 135-147.
 链接本文:  
https://academic.hep.com.cn/fcs/CN/10.1007/s11704-011-9307-7
https://academic.hep.com.cn/fcs/CN/Y2011/V5/I2/135
Fig.1  
No.FeatureDescription
1<set of X>::=? |<X><set of X>
2<policy-base>::><set of cred-decl><set of attr-decl><set of policy-stmt>
3<cred-decl>::=<list-of-cred-name>“::” (“attr_sen” | “poss_sen” | “both”)
4<list-of-cred-name>::=<cred-name>|<cred-name>“,”<list-of-cred-name>
5<attr-decl>::=<attr-name>“(”<value>“)” [ “::” (“attr_sen” | “poss_sen” | “both”) ] “?”<list-of-cred-ref>
6<list-of-cred-ref>::=<cred-name>“(”<attr-name>“)” [ “::” “poss_ sen” ] |<cred-name>“(”<attr-name>“)” [ “::” “poss_sen” ] “,”<list-of-cred-ref>
7<policy-stmt>::><policy-head>“”<policy-body>
8<policy-head>::+<attr-name>“::” “val_sen<cred-name>“::” (“val_sen” | “req_sen”)
9<policy-body>::+(<cred-name>|<attr-name>) “::” “req_sen” [“(”<cred-req>“)”] <constraint>“::” “val_sen “true” “false”
10<cred-req>::=<cred-name>|<cred-name>“”<cred-req>|<cred-req>“”<cred-req>
Tab.1  
Fig.2  
Fig.3  
Fig.4  
Fig.5  
Fig.6  
ActionMeaningPositive replyNegative reply
Hidden_useMessage is encrypted using hidden credentialscontinue-
download
OSBE_useRunning an OSBE protocolcontinue-
download
OCBE_reqRequire the opponent to run an OCBE protocolacceptrefuse
download
CIPPE_reqRequire the opponent to run an CIPPE protocolacceptrefuse
downloadrefuse, OCBE_req
Zero-proof_reqRequire the opponent to run zero- knowledge protocolacceptrefuse
download
Tab.2  
1 Bradshaw R, Holt J, Seamons K. Concealing complex policies with hidden credentials. In: Proceedings of 11th ACM Conference on Computer and Communications Security . 2004, 146–157
doi: 10.1145/1030083.1030104
2 Holt J E, Bradshaw R W, Seamons K E, Orman H. Hidden credentials. In: Proceedings of 2nd ACM Workshop on Privacy in the Electronic Society . 2003, 1–8
3 Winsborough W H, Li N. Towards practical automated trust negotiation. In: Proceedings of 3rd International Workshop on Policies for Distributed Systems and Networks . 2002, 92–103
doi: 10.1109/POLICY.2002.1011297
4 Irwin K, Yu T. Preventing attribute information leakage in automated trust negotiation. In: Proceedings of 12th ACM Conference on Computer and Communications Security . 2005, 36–45
doi: 10.1145/1102120.1102128
5 Lu H, Liu B. Improved policy database system for protecting possession sensitive attributes in automated trust negotiation. In: Proceedings of Japan-China Joint Workshop on Frontier of Computer Science and Technology . 2007, 61–66
doi: 10.1109/FCST.2007.21
6 Cramer R, Damg?rd I. Zero-knowledge proof for finite field arithmetic, or: can zero-knowledge be for free? In: Proceedings of 18th Annual International Cryptology Conference on Advances in Cryptology . 1998, 424–441
7 Cramer R, Franklin M, Schoenmakers B, Yung M. Multi-authority secret-ballot elections with linear work. In: Proceedings of 15th Annual International Conference on Theory and Application of Cryptographic Techniques . 1996, 72–83
8 Li J, Li N. Policy-hiding access control in open environment. In: Proceedings of 24th Annual ACM Symposium on Principles of Distributed Computing . 2005, 29–38
9 Li J, Li N. OACerts: oblivious attribute certificates. In: Proceedings of 3rd Conference on Applied Cryptography and Network Security . 2005, 301–317
doi: 10.1007/11496137_21
10 Camenisch J, Herreweghen E V. Design and implementation of the idemix anonymous credential system. In: Proceedings of 9th ACM Conference on Computer and Communications Security . 2002, 21–30
doi: 10.1145/586110.586114
11 Camenisch J, Lysyanskaya A. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Proceedings of International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology . 2001, 93–118
12 Li N, Du W, Boneh D. Oblivious signature-based envelope. In: Proceedings of 22nd ACM Symposium on Principles of Distributed Computing . 2003, 182–189
13 Li J,Li N, Winsborough W H. Automated trust negotiation using cryptographic credentials. In: Proceedings of 12th ACM Conference on Computer and Communications Security . 2005, 46–57
doi: 10.1145/1102120.1102129
14 Bertino E, Ferrari E, Squicciarini A C. Trust-X: a peer-to-peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering , 2004, 16(7): 827–842
doi: 10.1109/TKDE.2004.1318565
15 Winsborough W H, Seamons K E, Jones V E. Automated trust negotiation. In: Proceedings of DARPA Information Survivability Conference and Exposition . 2000, 88–102
16 Yu T, Ma X, Winslett M. PRUNES: an efficient and complete strategy for automated trust negotiation on the internet. In: Proceedings of 7th ACM Conference on Computer and Communication Security . 2000, 210–219
doi: 10.1145/352600.352633
17 Yu T, Winslett M, Seamons K E. Interoperable strategies in automated trust negotiation. In: Proceedings of 8th ACM Conference on Computer and Communication Security . 2001, 146–155
doi: 10.1145/501983.502004
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed