skip to main content
article

PP-trust-X: A system for privacy preserving trust negotiations

Published:01 July 2007Publication History
Skip Abstract Section

Abstract

Trust negotiation is a promising approach for establishing trust in open systems, in which sensitive interactions may often occur between entities with no prior knowledge of each other. Although, to date several trust negotiation systems have been proposed, none of them fully address the problem of privacy preservation. Today, privacy is one of the major concerns of users when exchanging information through the Web and thus we believe that trust negotiation systems must effectively address privacy issues in order to be widely applicable. For these reasons, in this paper, we investigate privacy in the context of trust negotiations. We propose a set of privacy-preserving features for inclusion in any trust negotiation system, such as the support for the P3P standard, as well as a number of innovative features, such as a novel format for encoding digital credentials specifically designed for preserving privacy. Further, we present a variety of interoperable strategies to carry on the negotiation with the aim of improving both privacy and efficiency.

References

  1. Agrawal, R., Kiernan, J., Srikant, R., and Xu, Y. 2003. Implementing P3P using database technology. 19th International Conference on Data Engineering. Bangalore, India.Google ScholarGoogle Scholar
  2. Bertino, E., Ferrari, E., and Squicciarini, A. 2003. X-TNL---an XML based language for trust negotiations. Fourth IEEE International Workshop on Policies for Distributed Systems and Networks. Como, Italy. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Bertino, E., Ferrari, E., and Squicciarini, A. 2004a. Privacy preserving trust negotiations. 4th International Workshop on Privacy Enhancing Technologies. Toronto, Canada.Google ScholarGoogle Scholar
  4. Bertino, E., Ferrari, E., and Squicciarini, A. 2004b. Trust-X---a Peer to Peer Framework for Trust Establishment. IEEE Trans. Knowl. Data Eng. 16, 7, 827--842. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Bonatti, P. and Samarati, P. 2000. Regulating access services and information release on the Web. 7th ACM Conference on Computer and Communications Security. Athens, Greece. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bradshaw, R., Holt, J. E., and Seamons, K. E. 2004. Concealing complex policies with hidden credentials. In CCS '04: Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM Press, New York. 146--157. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Brands, S. 2000. Rethinking Public Key Infrastructure and Digital Credentials. MIT Press, Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Camenisch, J. and Herreweghen, E. V. 2002. Design and implementation of the idemix anonymous credential system. In CCS '02: Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM Press, New York. 21--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Chaum, D. 1985. Security without identification: transaction systems to make big brother obsolete. Commununications of ACM 28, 10, 1030--1044. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Clark, J. 1999. XSL transformations (XSLT). version 1.0 W3C recommendation. Available at: http://www.w3.org/TR/xslt.Google ScholarGoogle Scholar
  11. Cranor, L., Langherinrigh, M., and Marchiori, M. 2002. A P3P preference exchange language 1.0 (APPEL1.0). W3C Working Draft.Google ScholarGoogle Scholar
  12. Cranor, L., Langherinrigh, M., Marchiori, M., Presler-Marsall, M., and Reagle, J. 2003. P3P- the platform for privacy preferences, version 1.1. Available at: http://www.w3.org/P3P/1.1/.Google ScholarGoogle Scholar
  13. Herzberg, A. and J. Mihaeli, E. A. 2000. Access control meets public key infrastructure, or: Assigning Roles to Strangers. IEEE Symposium on Security and Privacy. Oakland, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Housley, R., Polk, W., Ford, W., and So, D. 2002. Internet X.509 public key infrastructure certificate and certificate revocation List (crl) profile. RFC 3280. Google ScholarGoogle Scholar
  15. IBM. IBM Tivoli privacy wizard. Available at: www.tivoli.resource_center/maximize/privacy/wizard_code.html.Google ScholarGoogle Scholar
  16. Jarvis, R. 2003. Selective disclosure of credential content during trust negotiation. Master of Science Thesis, Brigham Young University, Provo, UT.Google ScholarGoogle Scholar
  17. JRC. 2002. JRC P3P resource centre. Available at: http://p3p.jrc.it.Google ScholarGoogle Scholar
  18. Lee, A. J., Winslett, M., Basney, J., and Welch, V. 2006. Traust: A trust negotiation-based authorization service for open systems. In SACMAT '06: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies. ACM Press, New York. 39--48. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Li, N., Du, W., and Boneh, D. 2003. Oblivious signature-based envelope.Google ScholarGoogle Scholar
  20. Microsoft. 2004. Infocard project. Available at http://msdn.microsoft.com/winfx/reference/infocard/default.aspx.Google ScholarGoogle Scholar
  21. Naor, M. 1990. Bit commitment using pseudorandomness. Advances in Cryptology- 89. Lecture Notes in Computer Science, vol. 435, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Persiano, P. and Visconti, I. 2000. User privacy issues regarding certificates and the TLS protocol. Proceedings of the ACM Conference on Computer and Communication Security, Athens, Greece. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Seamons, K. E., Winslett, M., and Yu, T. 2001. Limiting the disclosure of Access Control Policies during automated trust negotiation. Network and Distributed System Security Simposium. San Diego, CA.Google ScholarGoogle Scholar
  24. Seamons, K. E., Winslett, M., and Yu, T. 2002. Protecting privacy during on line trust negotiation. 2nd Workshop on Privacy Enhancing Technologies. San Francisco, CA.Google ScholarGoogle Scholar
  25. Westin, A. F. 1967. Privacy and freedom. Atheneum, New York.Google ScholarGoogle Scholar
  26. Winsborough, W. and Li, N. 2002a. Towards practical automated trust negotiation. IEEE 3rd Intl. Workshop on Policies for Distributed Systems and Networks. Monterey, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Winsborough, W. H. and Li, N. 2002b. Protecting sensitive attributes in automated trust negotiation. ACM Workshop on Privacy in the Electronic Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Winsborough, W. H., Seamons, K. E., and Jones, V. 2000. Automated trust negotiation. DARPA Information Survivability Conference and Exposition, Vol. I, 88--102.Google ScholarGoogle Scholar
  29. Winslett, M., Yu, T., Seamons, K. E., Hess, A., Jarvis, J., Smith, B., and Yu, L. 2002. Negotiating trust on the Web. IEEE Internet Computing, 6, 6, 30--37. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. World Wide Web Consortium. References for P3P implementation. Available at: http://www.w3org/P3P/implementations.Google ScholarGoogle Scholar
  31. World Wide Web Consortium. Uniform resource identifiers, naming and addressing: URIs, URLs, … Available at http://www.w3.org/addressing.Google ScholarGoogle Scholar
  32. Yu, T. and Winslett, M. 2003. A unified scheme for resource protection in automated trust negotiation. IEEE Symposium on Security and Privacy, 110. Oakland, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Yu, T., Winslett, M., and Seamons, K. E. 2003. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6, 1 (Feb.). Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. PP-trust-X: A system for privacy preserving trust negotiations

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!