Please wait a minute...
Shopping Cart Email List Chinese
Advanced Search Fig/Tab
Frontiers of Computer Science

ISSN 2095-2228

ISSN 2095-2236(Online)

CN 10-1014/TP

Postal Subscription Code 80-970

2018 Impact Factor: 1.129

Featured Articles  |  Most Downloaded  |  Most Reading
Online Submission Subscribe to Our RSS Content Feed
Front Comput Sci Chin    2011, Vol. 5 Issue (2) : 135-147    https://doi.org/10.1007/s11704-011-9307-7
RESEARCH ARTICLE
Resolving conflicts between negotiation success and sensitive information protection in automated trust negotiation
Bailing LIU1(), Feng XIAO2, Ke DENG3
1. Department of Information and Management, Huazhong Normal University, Wuhan 430079, China; 2. Huawei Technologies Co., Ltd, Wuhan 430000, China; 3. The No.92373 of PLA, Dalian 116001, China
 Download: PDF(329 KB)   HTML
 Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks
Abstract

Automated trust negotiation (ATN) is an approach to establishing mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing digitally signed credentials. In ATN, there are conflicts between negotiation success and sensitive information protection, that is, these two needs cannot be given priority at the same time, which is a challenging problem to resolve. In this paper, a language independent ATN framework, which is dynamic, flexible and adaptive, is presented to address this problem, ensuring negotiation success without sensitive information leakage. This framework is independent of the policy language which is used. However, the language used should have the capability to specify all kinds of sensitive information appearing in credentials and policies, and support the separation of attribute disclosure from credential disclosure. Thus definitions of new language features, which can be incorporated into existing policy languages, are given, enabling the used language to support the capabilities mentioned above.
Keywords automated trust negotiation (ATN)      negotiation success      sensitive information protection      framework      policy language     
Corresponding Author(s): LIU Bailing,Email:bailing.cs@gmail.com   
Issue Date: 05 June 2011
 Cite this article:   
Bailing LIU,Feng XIAO,Ke DENG. Resolving conflicts between negotiation success and sensitive information protection in automated trust negotiation[J]. Front Comput Sci Chin, 2011, 5(2): 135-147.
 URL:  
https://academic.hep.com.cn/fcs/EN/10.1007/s11704-011-9307-7
https://academic.hep.com.cn/fcs/EN/Y2011/V5/I2/135
Fig.1  A simple trust negotiation scenario between Bob and Alice
No.FeatureDescription
1<set of X>::=? |<X><set of X>
2<policy-base>::><set of cred-decl><set of attr-decl><set of policy-stmt>
3<cred-decl>::=<list-of-cred-name>“::” (“attr_sen” | “poss_sen” | “both”)
4<list-of-cred-name>::=<cred-name>|<cred-name>“,”<list-of-cred-name>
5<attr-decl>::=<attr-name>“(”<value>“)” [ “::” (“attr_sen” | “poss_sen” | “both”) ] “?”<list-of-cred-ref>
6<list-of-cred-ref>::=<cred-name>“(”<attr-name>“)” [ “::” “poss_ sen” ] |<cred-name>“(”<attr-name>“)” [ “::” “poss_sen” ] “,”<list-of-cred-ref>
7<policy-stmt>::><policy-head>“”<policy-body>
8<policy-head>::+<attr-name>“::” “val_sen<cred-name>“::” (“val_sen” | “req_sen”)
9<policy-body>::+(<cred-name>|<attr-name>) “::” “req_sen” [“(”<cred-req>“)”] <constraint>“::” “val_sen “true” “false”
10<cred-req>::=<cred-name>|<cred-name>“”<cred-req>|<cred-req>“”<cred-req>
Tab.1  Definitions of new language features to be added to existing policy languages
Fig.2  Policy base for the example introduced in Section 3.2
Fig.3  Proposed framework
Fig.4  Algorithm executed in match module
Fig.5  A request exchange sequence and the corresponding cyclic dependency graph. (a) Request exchange sequence after several rounds; (b) cyclic dependency graphic for (a); (c) simplified cyclic dependency for (b)
Fig.6  A complex cyclic dependency is simplified to the simplest one. (a) A complex cyclic dependency graph; (b) simplified cyclic dependency for (a)
ActionMeaningPositive replyNegative reply
Hidden_useMessage is encrypted using hidden credentialscontinue-
download
OSBE_useRunning an OSBE protocolcontinue-
download
OCBE_reqRequire the opponent to run an OCBE protocolacceptrefuse
download
CIPPE_reqRequire the opponent to run an CIPPE protocolacceptrefuse
downloadrefuse, OCBE_req
Zero-proof_reqRequire the opponent to run zero- knowledge protocolacceptrefuse
download
Tab.2  Actions taken by trust negotiation agent and possible replies
1 Bradshaw R, Holt J, Seamons K. Concealing complex policies with hidden credentials. In: Proceedings of 11th ACM Conference on Computer and Communications Security . 2004, 146–157
doi: 10.1145/1030083.1030104
2 Holt J E, Bradshaw R W, Seamons K E, Orman H. Hidden credentials. In: Proceedings of 2nd ACM Workshop on Privacy in the Electronic Society . 2003, 1–8
3 Winsborough W H, Li N. Towards practical automated trust negotiation. In: Proceedings of 3rd International Workshop on Policies for Distributed Systems and Networks . 2002, 92–103
doi: 10.1109/POLICY.2002.1011297
4 Irwin K, Yu T. Preventing attribute information leakage in automated trust negotiation. In: Proceedings of 12th ACM Conference on Computer and Communications Security . 2005, 36–45
doi: 10.1145/1102120.1102128
5 Lu H, Liu B. Improved policy database system for protecting possession sensitive attributes in automated trust negotiation. In: Proceedings of Japan-China Joint Workshop on Frontier of Computer Science and Technology . 2007, 61–66
doi: 10.1109/FCST.2007.21
6 Cramer R, Damg?rd I. Zero-knowledge proof for finite field arithmetic, or: can zero-knowledge be for free? In: Proceedings of 18th Annual International Cryptology Conference on Advances in Cryptology . 1998, 424–441
7 Cramer R, Franklin M, Schoenmakers B, Yung M. Multi-authority secret-ballot elections with linear work. In: Proceedings of 15th Annual International Conference on Theory and Application of Cryptographic Techniques . 1996, 72–83
8 Li J, Li N. Policy-hiding access control in open environment. In: Proceedings of 24th Annual ACM Symposium on Principles of Distributed Computing . 2005, 29–38
9 Li J, Li N. OACerts: oblivious attribute certificates. In: Proceedings of 3rd Conference on Applied Cryptography and Network Security . 2005, 301–317
doi: 10.1007/11496137_21
10 Camenisch J, Herreweghen E V. Design and implementation of the idemix anonymous credential system. In: Proceedings of 9th ACM Conference on Computer and Communications Security . 2002, 21–30
doi: 10.1145/586110.586114
11 Camenisch J, Lysyanskaya A. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Proceedings of International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology . 2001, 93–118
12 Li N, Du W, Boneh D. Oblivious signature-based envelope. In: Proceedings of 22nd ACM Symposium on Principles of Distributed Computing . 2003, 182–189
13 Li J,Li N, Winsborough W H. Automated trust negotiation using cryptographic credentials. In: Proceedings of 12th ACM Conference on Computer and Communications Security . 2005, 46–57
doi: 10.1145/1102120.1102129
14 Bertino E, Ferrari E, Squicciarini A C. Trust-X: a peer-to-peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering , 2004, 16(7): 827–842
doi: 10.1109/TKDE.2004.1318565
15 Winsborough W H, Seamons K E, Jones V E. Automated trust negotiation. In: Proceedings of DARPA Information Survivability Conference and Exposition . 2000, 88–102
16 Yu T, Ma X, Winslett M. PRUNES: an efficient and complete strategy for automated trust negotiation on the internet. In: Proceedings of 7th ACM Conference on Computer and Communication Security . 2000, 210–219
doi: 10.1145/352600.352633
17 Yu T, Winslett M, Seamons K E. Interoperable strategies in automated trust negotiation. In: Proceedings of 8th ACM Conference on Computer and Communication Security . 2001, 146–155
doi: 10.1145/501983.502004
[1] Zhenghui HU, Wenjun WU, Jie LUO, Xin WANG, Boshu LI. Quality assessment in competition-based software crowdsourcing[J]. Front. Comput. Sci., 2020, 14(6): 146207-.
[2] Yuanrui ZHANG, Frédéric MALLET, Yixiang CHEN. A verification framework for spatio-temporal consistency language with CCSL as a specification language[J]. Front. Comput. Sci., 2020, 14(1): 105-129.
[3] Haijun WANG, Hongjuan GE. Visual tracking using discriminative representation with 2 regularization[J]. Front. Comput. Sci., 2019, 13(1): 199-211.
[4] Xuansong LI, Xianping TAO, Jian LU. Towards a programming framework for activity-oriented context-aware applications[J]. Front. Comput. Sci., 2017, 11(6): 987-1006.
[5] Hao WANG,Zhen LIU,Zhe LIU,Duncan S. WONG. Identity-based aggregate signcryption in the standard model from multilinear maps[J]. Front. Comput. Sci., 2016, 10(4): 741-754.
[6] Xuzhou LI,Yilong YIN,Yanbin NING,Gongping YANG,Lei PAN. A hybrid biometric identification framework for high security applications[J]. Front. Comput. Sci., 2015, 9(3): 392-401.
[7] Qiang QIAN, Songcan CHEN. Co-metric: a metric learning algorithm for data with multiple views[J]. Front Comput Sci, 2013, 7(3): 359-369.
[8] Biao LENG, Zhang XIONG, Xiangwei FU, . A 3D shape retrieval framework for 3D smart cities[J]. Front. Comput. Sci., 2010, 4(3): 394-404.
[9] Sikang HU, Yuanda CAO, . Knowledge fusion framework based on Web page texts[J]. Front. Comput. Sci., 2009, 3(4): 457-464.
[10] SATO Masahiko, IGARASHI Atsushi, SAKURAI Takafumi, KAMEYAMA Yukiyoshi. Calculi of meta-variables[J]. Front. Comput. Sci., 2008, 2(1): 12-21.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed