skip to main content
10.1145/1809842.1809865acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

Privacy-preserving trust verification

Published: 11 June 2010 Publication History

Abstract

Distributed and open environments require flexible, scalable and extendible trust verification mechanisms to access resources. To address this, the use of digital credentials as a means for making access decisions has been promoted. The resource owner needs to verify if the requester's credentials satisfy the security policy of the owner. However, such verification becomes a challenging problem when either the requester does not wish to disclose her credentials before the verification is complete, or the owner wishes to keep its security policy confidential from the requester, or both. In addition, the requester may associate a score to each of her credentials based on her perceived level of privacy. Earlier proposals to address this problem limit the owners policy to be a set of credentials. However, real world policies are more complex than a simple set. In this paper, we present three alternative privacy preserving trust verification solutions that protect both the owner's policy and requester's credentials, while at the same time allowing more expressive owner's policies that can be specified as a tree structure. We analyze their computational complexity, communication cost and the amount of disclosure.

References

[1]
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The keynote trust-management system version 2, 1999.
[2]
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. Security and Privacy, IEEE Symposium on, 0:0164, 1996.
[3]
C.-K. Chu and W.-G. Tzeng. Efficient k-out-of-n oblivious transfer schemes with adaptive and non-adaptive queries. In Public Key Cryptography - PKC 2005, pages 172 -- 183, 2005.
[4]
Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss. Referee: trust management for web applications. Computer Networks and ISDN Systems, 29(8-13):953 -- 964, 1997. Papers from the Sixth International World Wide Web Conference.
[5]
I. Damgard and M. Jurik. A generalisation, a simplification and some applications of paillier's probabilistic public-key system. In K. Kim, editor, Public Key Cryptography, volume 1992 of Lecture Notes in Computer Science, pages 119--136, Cheju Island, Korea, 2001.
[6]
C. Dong, G. Russello, and N. Dulay. Privacy-preserving credential verification for non-monotonic trust management systems. In Fourth International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, 2007.
[7]
M. Franklin and M. Yung. Varieties of secure distributed computing. In Proceedings of Sequences II, Methods in Communications, Security and Computer Science, pages 392--417, Positano, Italy, June 1991.
[8]
K. Frikken, M. Atallah, and J. Li. Hidden access control policies with hidden credentials. In WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pages 27--27, 2004.
[9]
K. Frikken, M. Atallah, and J. Li. Attribute-based access control with hidden policies and hidden credentials. Computers, IEEE Transactions on, 55(10):1259--1270, Oct. 2006.
[10]
K. B. Frikken, J. Li, and M. J. Atallah. Trust negotiation with hidden credentials, hidden policies, and policy cycles. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2006, San Diego, California, USA, 2006.
[11]
B. Goethals, S. Laur, H. Lipmaa, and T. Mielikainen. On Private Scalar Product Computation for Privacy-Preserving Data Mining. In C. Park and S. Chee, editors, The 7th Annual International Conference in Information Security and Cryptology (ICISC 2004), volume 3506, pages 104--120, New York, NY, December 2-3, 2004. Springer-Verlag.
[12]
O. Goldreich. The Foundations of Cryptography, volume 2, chapter General Cryptographic Protocols, pages 599--764. Cambridge University Press, Cambridge, UK, 2004.
[13]
S. Goldwasser and M. Bellare. Lecture notes on cryptography, July 2008.
[14]
A. Herzberg, Y. Mass, J. Michaeli, Y. Ravid, and D. Naor. Access control meets public key infrastructure, or: Assigning roles to strangers. In SP '00: Proceedings of the 2000 IEEE Symposium on Security and Privacy, page 2, Washington, DC, USA, 2000. IEEE Computer Society.
[15]
A. J. Lee and M. Winslett. Towards an efficient and language-agnostic compliance checker for trust negotiation systems. In ASIACCS '08: Proceedings of the 2008 ACM symposium on Information, computer and communications security, pages 228--239, New York, NY, USA, 2008. ACM.
[16]
J. Li and N. Li. Oacerts: Oblivious attribute certificates. IEEE Transactions on Dependable and Secure Computing, 3:340--352, 2006.
[17]
J. Li, N. Li, and W. H. Winsborough. Automated trust negotiation using cryptographic credentials. ACM Trans. Inf. Syst. Secur., 13(1):1--35, 2009.
[18]
D. Naccache and J. Stern. A new public key cryptosystem based on higher residues. In Proceedings of the 5th ACM conference on Computer and communications security, pages 59--66, San Francisco, California, United States, 1998. ACM Press.
[19]
P. Paillier. Public key cryptosystems based on composite degree residuosity classes. In Advances in Cryptology - Eurocrypt '99 Proceedings, LNCS 1592, pages 223--238. Springer-Verlag, 1999.
[20]
R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120--126, 1978.
[21]
B. Smith, K. E. Seamons, and M. D. Jones. Responding to policies at runtime in trustbuilder. Policies for Distributed Systems and Networks, IEEE International Workshop on, 0:149, 2004.
[22]
J. Vaidya and C. Clifton. Privacy-preserving k-means clustering over vertically partitioned data. In The Ninth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pages 206--215, Washington, DC, Aug. 24-27 2003. ACM.
[23]
S. A. Weis. New Foundations for Efficient Authentication, Commutative Cryptography, and Private Disjointness Testing. Doctoral Thesis, Massachussetts Institute of Technology, May 2006.
[24]
D. Yao, K. B. Frikken, M. J. Atallah, and R. Tamassia. Point-based trust: Define how much privacy is worth. In International Conference on Information and Communications Security, pages 190--209, 2006.
[25]
D. Yao, K. B. Frikken, M. J. Atallah, and R. Tamassia. Private information: To reveal or not to reveal. ACM Trans. Inf. Syst. Secur., 12(1), 2008.
[26]
T. Yu and M. Winslett. A unified scheme for resource protection in automated trust negotiation. In SP '03: Proceedings of the 2003 IEEE Symposium on Security and Privacy, page 110, Washington, DC, USA, 2003. IEEE Computer Society.

Cited By

View all
  • (2012)Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisionsProceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST.2012.6297915(17-24)Online publication date: 16-Jul-2012
  • (2011)A privacy-preserving access control in outsourced storage services2011 IEEE International Conference on Computer Science and Automation Engineering10.1109/CSAE.2011.5952674(247-251)Online publication date: Jun-2011

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies
June 2010
212 pages
ISBN:9781450300490
DOI:10.1145/1809842
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. compliance checking
  2. privacy
  3. trust negotiation

Qualifiers

  • Research-article

Conference

SACMAT'10
Sponsor:

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)1
Reflects downloads up to 13 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2012)Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisionsProceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST.2012.6297915(17-24)Online publication date: 16-Jul-2012
  • (2011)A privacy-preserving access control in outsourced storage services2011 IEEE International Conference on Computer Science and Automation Engineering10.1109/CSAE.2011.5952674(247-251)Online publication date: Jun-2011

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media