The Community for Technology Leaders
RSS Icon
Issue No.01 - January/February (2012 vol.9)
pp: 16-29
Elisa Bertino , Purdue University, West Lafayette
Alberto Trombetta , Universita' dell'Insubria, Varese
Anna C. Squicciarini , The Pennsylvania State Univ., University Park
Trust Negotiation has shown to be a successful, policy-driven approach for automated trust establishment, through the release of digital credentials. Current real applications require new flexible approaches to trust negotiations, especially in light of the widespread use of mobile devices. In this paper, we present a multisession dependable approach to trust negotiations. The proposed framework supports voluntary and unpredicted interruptions, enabling the negotiating parties to complete the negotiation despite temporary unavailability of resources. Our protocols address issues related to validity, temporary loss of data, and extended unavailability of one of the two negotiators. A peer is able to suspend an ongoing negotiation and resume it with another (authenticated) peer. Negotiation portions and intermediate states can be safely and privately passed among peers, to guarantee the stability needed to continue suspended negotiations. We present a detailed analysis showing that our protocols have several key properties, including validity, correctness, and minimality. Also, we show how our negotiation protocol can withstand the most significant attacks. As by our complexity analysis, the introduction of the suspension and recovery procedures, and mobile negotiations does not significantly increase the complexity of ordinary negotiations. Our protocols require a constant number of messages whose size linearly depend on the portion of trust negotiation that has been carried before the suspensions.
Security and management, dependability, trust negotiations, access control.
Elisa Bertino, Alberto Trombetta, Anna C. Squicciarini, "A Flexible Approach to Multisession Trust Negotiations", IEEE Transactions on Dependable and Secure Computing, vol.9, no. 1, pp. 16-29, January/February 2012, doi:10.1109/TDSC.2011.31
[1] A.V. Aho, J.E. Hopcroft, and J.D. Ullman, The Design and Analysis of Computer Algorithms. Addison-Wesley, 1974.
[2] M.Y. Becker, C. Fournet, and A.D. Gordon, "Design and Semantics of a Decentralized Authorization Language," Proc. IEEE 20th Computer Security Foundations Symp. (CSF), pp. 3-15, 2007.
[3] E. Bertino, E. Ferrari, and A.C. Squicciarini, "Privacy-Preserving Trust Negotiation," Proc. Fourth Privacy Enhancing Technologies Workshop, May 2004.
[4] E. Bertino, E. Ferrari, and A.C. Squicciarini, "Trust-${\cal X}$ : A Peer-to-Peer Framework for Trust Establishment," IEEE Trans. Knowledge Data Eng., vol. 16, no. 7, pp. 827-842, July 2004.
[5] E. Bertino, E. Ferrari, and A.C. Squicciarini, "Trust Negotiations: Concepts, Systems and Languages," Computing in Science Eng., vol. 6, no. 4, pp. 27-34, 2004.
[6] E. Bertino, I. Ray, A.C. Squicciarini, and E. Ferrari, "Anonymity Preserving Techniques in Trust Negotiations," To appear in Proc. Fifth Privacy Enhancing Technologies Workshop, 2005.
[7] F. Boudot, "Efficient Proofs that a Committed Number Lies in an Interval," Proc. EUROCRYPT, pp. 431-444, 2000.
[8] K.D. Bowers, L. Bauer, D. Garg, F. Pfenning, and M.K. Reiter, "Consumable Credentials in Linear-Logic-Based Access-Control Systems," Proc. Network and Distributed System Security Symp. (NDSS), 2007.
[9] S.A. Brands, Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, 2000.
[10] J. Camenisch and E.V. Herreweghen, "Design and Implementation of the Demix Anonymous Credential System," Proc. ACM Conf. Computer and Comm. Security, pp. 21-30, 2002.
[11] D. Chaum, "Showing Credentials without Identification Transferring Signatures between Unconditionally Unlinkable Pseudonyms," Proc. Int'l Conf. Cryptology on Advances in Cryptology (AUSCRYPT), pp. 246-264, 1990.
[12] I. Damgård and E. Fujisaki, "A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order," ASIACRYPT '02: Proc. Eighth Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology, pp. 125-142, 2002.
[13] E. Ferrari, A. Squicciarini, and E. Bertino, "${X}$ -tnl: An Xml Language for Trust Negotiations," Proc. IEEE Fourth Workshop Policies for Distributed Systems and Networks, June 2003.
[14] A. Fiat and A. Shamir, "How to Prove Yourself: Practical Solutions to Identification and Signature Problems," Proc. Int'l Cryptology Conf. (CRYPTO '86), pp. 186-194, 1986.
[15] D. Garg, L. Bauer, K.D. Bowers, F. Pfenning, and M.K. Reiter, "A Linear Logic of Authorization and Knowledge," Proc. European Symp. Research in Computer Security (ESORICS), pp. 297-312, 2006.
[16] A. Hess, J. Jacobson, H. Mills, R. Wamsley, K.E. Seamons, and B. Smith, "Advanced Client/Server Authentication in TLS," Proc. Network and Distributed System Security Symp. (NDSS), 2002.
[17] J.E. Holt, R.W. Bradshaw, K.E. Seamons, and H. Orman, "Hidden Credentials," WPES '03: Proc. ACM Workshop Privacy in the Electronic Soc., pp. 1-8, 2003.
[18] W. Hu, N. Jian, Y. Qu, and Y. Wang, "Gmo: A Graph Matching for Ontologies," Proc. Workshop Integrating Ontologies, 2005.
[19] T. Yu, K.E. Seamons, and M. Winslett, "Protecting Privacy During on Line Trust Negotiation," Proc. Second Int'l Conf. Privacy Enhancing Technologies, Apr. 2002.
[20] H. Krawczyk, "Secret Sharing Made Short," CRYPTO '93: Proc. 13th Ann. Int'l Cryptology Conf. Advances in Cryptology, pp. 136-146, 1993.
[21] A.J. Lee and M. Winslett, "Enforcing Safety and Consistency Constraints in Policy-Based Authorization Systems," ACM Trans. Information and System Security, vol. 12, no. 8, pp. 1-33, Dec. 2008.
[22] J. Li and N. Li, "Oacerts: Oblivious Attribute Certificates," IEEE Trans. Dependable and Secure Computing, vol. 3, no. 4, pp. 340-352, Oct.-Dec. 2006.
[23] N. Li and J.C. Mitchell, "Datalog with Constraints: A Foundation for Trust Management Languages," Proc. Fifth Int'l Symp. Practical Aspects of Declarative Languages, Jan. 2003.
[24] W. Nejdl, D. Olmedilla, and M. Winslett, "PeerTrust: Automated Trust Negotiation for Peers on the Semantic Web," Proc. Workshop Secure Data Management in a Connected World (SDM '04), Aug. 2004.
[25] Organization for the Advancement of Structured Information Standards (OASIS) "Security Assertions Markup Language (SAML), Version 2.0," http://wiki.oasis-open.orgsecurity, 2005.
[26] T.P. Pedersen, "Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing," CRYPTO '91: Proc. 11th Ann. Int'l Cryptology Conf. Advances in Cryptology, pp. 129-140, 1991.
[27] Y. Qu, W. Hu, and G. Cheng, "Constructing Virtual Documents for Ontology Matching," Proc. 15th Int'l Conf. World Wide Web (WWW), pp. 23-31, 2006.
[28] K.E. Seamons, M. Winslett, and T. Yu, "Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation," Proc. Network and Distributed System Security Symp. (NDSS), 2001.
[29] A. Shamir, "How to Share a Secret," Comm. ACM, vol. 22, no. 11, pp. 612-613, 1979.
[30] A.C. Squicciarini, A. Trombetta, and E. Bertino, "Supporting Robust and Secure Interactions in Open Domains through Recovery of Trust Negotiations," Proc. 27th Int'l Conf. Distributed Computing Systems (ICDCS), p. 57, 2007.
[31] A.C. Squicciarini, A. Trombetta, E. Bertino, and S. Braghin, "Identity-Based Long Running Negotiations," Proc. Fourth ACM Workshop Digital Identity Management, pp. 97-106, 2008.
[32] W. Stallings, Cryptography and Network Security. second ed. Prentice Hall, 1998.
[33] W.H. Winsborough and N. Li, "Towards Practical Automated Trust Negotiation," Proc. Third Int'l Workshop Policies for Distributed Systems and Networks (Policy '02), pp. 92-103, June 2002.
[34] W.H. Winsborough and N. Li, "Safety in Automated Trust Negotiation," Proc. IEEE Symp. Security and Privacy, pp. 147-160, 2004.
[35] W.H. Winsborough and N. Li, "Safety in Automated Trust Negotiation," ACM Trans. Information and System Security, vol. 9, no. 3, pp. 352-390, 2006.
[36] World Wide Web Consortium "OWL Web Ontology Language,", 2004.
[37] T. Yu and M. Winslett, "A Unified Scheme for Resource Protection in Automated Trust Negotiation," Proc. IEEE Symp. Security and Privacy, pp. 110-122, 2003.
13 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool