Skip to main content
Springer Nature Link
Log in

Private Policy Negotiation

  • Conference paper
Financial Cryptography and Data Security (FC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4107))

Included in the following conference series:

  • 1182 Accesses

Abstract

With the increasing importance of correctly handling privacy-sensitive data, significant work has been put in expressing and enforcing privacy policies. Less work has been done however on negotiating a privacy policy, especially if the negctiation process itself is considered privacy-sensitive. In this paper, we present a formal definition of the mutually privacy-preserving policy negotiation problem, i.e. the problem of negotiating what data will be revealed under what conditions, while no party learns anything about the other parties’ preferences other than the outcome of the negotiation.

We validate the definition by providing a reference solution using two-party computation techniques based on homomorphic encryption systems. Based on an evaluation of the efficiency of our protocol in terms of computation, bandwidth and communication rounds, we conclude that our solution is practically feasible for simple policies or high-bandwidth communication channels.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Feigenbaum, J.: Secure circuit evaluation. J. Cryptology 2(1), 1–12 (1990)

    Article  MATH  MathSciNet  Google Scholar 

  2. Al-Riyami, S.S., Malone-Lee, J., Smart, N.P.: Escrow-free encryption supporting cryptographic workflow. Cryptology ePrint Archive, Report, 2004/258 (2004), available from http://eprint.iacr.org/

  3. Backes, M., Karjoth, G., Bagga, W., Schunter, M.: Efficient comparison of enterprise privacy policies. In: ACM SAC 2004, pp. 375–382. ACM Press, New York (2004)

    Google Scholar 

  4. Bagga, W., Molva, R.: Policy-based cryptography and applications. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 72–87. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Barth, A., Mitchell, J.C.: Enterprise privacy promises and enforcement. In: WITS 2005: Proceedings of the 2005 workshop on Issues in the Theory of Security, pp. 58–66. ACM Press, New York (2005)

    Chapter  Google Scholar 

  6. Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  7. Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proc. of the 9th CCS, pp. 21–30. ACM Press, New York (2002)

    Google Scholar 

  8. Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: Proc. of the 18th ACM STOC, pp. 364–369. ACM Press, New York (1986)

    Google Scholar 

  9. Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–300. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Damgård, I., Nielsen, J.B.: Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)

    Google Scholar 

  12. Díaz, C., et al.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Franklin, M.K., Haber, S.: Joint encryption and message-efficient secure computation. J. Cryptology 9(4), 217–232 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  14. Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  15. Gennaro, R., et al.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)

    Google Scholar 

  16. Gennaro, R., et al.: Secure applications of Pedersen’s distributed key generation protocol. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 373–390. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  17. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proc. of the 19th ACM STOC, pp. 218–229. ACM Press, New York (1987)

    Google Scholar 

  18. Jakobsson, M., Juels, A.: Mix and match: Secure function evaluation via ciphertexts. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 346–358. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  19. Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: DEXA 2003 Proceedings of the 14th International Workshop on Database and Expert Systems Applications (DEXA 2003), pp. 377–382. IEEE Computer Society Press, Los Alamitos (2003)

    Chapter  Google Scholar 

  20. Schoenmakers, B., Tuyls, P.: Practical two-party computation based on the conditional gate. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 119–136. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  21. Seamons, K.E., Winslett, M., Yu, T.: Limiting the disclosure of access control policies during automated trust negotiation. In: NDSS 2001, The Internet Society (2001)

    Google Scholar 

  22. Steinbrecher, S., Köpsell, S.: Modelling unlinkability. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  23. W3C. The platform for privacy preferences 1.0 (P3P1.0) specification (2002), http://www.w3.org/TR/P3P/

  24. Yao, A.C.-C.: Protocols for secure computations. In: IEEE, editor, Proc. of the 23rd FOCS, pp. 160–164. IEEE Computer Society Press, Los Alamitos (1982)

    Google Scholar 

  25. Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6, 1–42 (2003)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept.of Electrical Engineering, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001, Heverlee, Belgium

    Klaus Kursawe & Gregory Neven

  2. Philips Research, Professor Holstlaan 4, 5656, AA, Eindhoven, The Netherlands

    Klaus Kursawe & Pim Tuyls

  3. Département d’Informatique, Ecole Normale Supérieure, 45 Rue d’Ulm, 75230 Cedex 05, Paris, France

    Gregory Neven

Authors
  1. Klaus Kursawe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gregory Neven
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pim Tuyls
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Telcordia Technologies, Piscataway, NJ, USA

    Giovanni Di Crescenzo

  2. Johns Hopkins University (JHUISI), 3100 Wyman Park Drive, 21211, Baltimor, MD, USA

    Avi Rubin

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kursawe, K., Neven, G., Tuyls, P. (2006). Private Policy Negotiation. In: Di Crescenzo, G., Rubin, A. (eds) Financial Cryptography and Data Security. FC 2006. Lecture Notes in Computer Science, vol 4107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11889663_6

Download citation

  • DOI: https://doi.org/10.1007/11889663_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-46255-2

  • Online ISBN: 978-3-540-46256-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics