research-article

Privacy-preserving trust verification

Authors:

Jaideep Vaidya,

Vijayalakshmi Atluri,

Nabil AdamAuthors Info & Claims

SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

Pages 139 - 148

https://doi.org/10.1145/1809842.1809865

Published: 11 June 2010 Publication History

Abstract

Distributed and open environments require flexible, scalable and extendible trust verification mechanisms to access resources. To address this, the use of digital credentials as a means for making access decisions has been promoted. The resource owner needs to verify if the requester's credentials satisfy the security policy of the owner. However, such verification becomes a challenging problem when either the requester does not wish to disclose her credentials before the verification is complete, or the owner wishes to keep its security policy confidential from the requester, or both. In addition, the requester may associate a score to each of her credentials based on her perceived level of privacy. Earlier proposals to address this problem limit the owners policy to be a set of credentials. However, real world policies are more complex than a simple set. In this paper, we present three alternative privacy preserving trust verification solutions that protect both the owner's policy and requester's credentials, while at the same time allowing more expressive owner's policies that can be specified as a tree structure. We analyze their computational complexity, communication cost and the amount of disclosure.

References

[1]

M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The keynote trust-management system version 2, 1999.

[2]

M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. Security and Privacy, IEEE Symposium on, 0:0164, 1996.

Digital Library

[3]

C.-K. Chu and W.-G. Tzeng. Efficient k-out-of-n oblivious transfer schemes with adaptive and non-adaptive queries. In Public Key Cryptography - PKC 2005, pages 172 -- 183, 2005.

Digital Library

[4]

Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss. Referee: trust management for web applications. Computer Networks and ISDN Systems, 29(8-13):953 -- 964, 1997. Papers from the Sixth International World Wide Web Conference.

Digital Library

[5]

I. Damgard and M. Jurik. A generalisation, a simplification and some applications of paillier's probabilistic public-key system. In K. Kim, editor, Public Key Cryptography, volume 1992 of Lecture Notes in Computer Science, pages 119--136, Cheju Island, Korea, 2001.

Digital Library

[6]

C. Dong, G. Russello, and N. Dulay. Privacy-preserving credential verification for non-monotonic trust management systems. In Fourth International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, 2007.

[7]

M. Franklin and M. Yung. Varieties of secure distributed computing. In Proceedings of Sequences II, Methods in Communications, Security and Computer Science, pages 392--417, Positano, Italy, June 1991.

[8]

K. Frikken, M. Atallah, and J. Li. Hidden access control policies with hidden credentials. In WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pages 27--27, 2004.

Digital Library

[9]

K. Frikken, M. Atallah, and J. Li. Attribute-based access control with hidden policies and hidden credentials. Computers, IEEE Transactions on, 55(10):1259--1270, Oct. 2006.

Digital Library

[10]

K. B. Frikken, J. Li, and M. J. Atallah. Trust negotiation with hidden credentials, hidden policies, and policy cycles. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2006, San Diego, California, USA, 2006.

[11]

B. Goethals, S. Laur, H. Lipmaa, and T. Mielikainen. On Private Scalar Product Computation for Privacy-Preserving Data Mining. In C. Park and S. Chee, editors, The 7th Annual International Conference in Information Security and Cryptology (ICISC 2004), volume 3506, pages 104--120, New York, NY, December 2-3, 2004. Springer-Verlag.

Digital Library

[12]

O. Goldreich. The Foundations of Cryptography, volume 2, chapter General Cryptographic Protocols, pages 599--764. Cambridge University Press, Cambridge, UK, 2004.

Digital Library

[13]

S. Goldwasser and M. Bellare. Lecture notes on cryptography, July 2008.

[14]

A. Herzberg, Y. Mass, J. Michaeli, Y. Ravid, and D. Naor. Access control meets public key infrastructure, or: Assigning roles to strangers. In SP '00: Proceedings of the 2000 IEEE Symposium on Security and Privacy, page 2, Washington, DC, USA, 2000. IEEE Computer Society.

Digital Library

[15]

A. J. Lee and M. Winslett. Towards an efficient and language-agnostic compliance checker for trust negotiation systems. In ASIACCS '08: Proceedings of the 2008 ACM symposium on Information, computer and communications security, pages 228--239, New York, NY, USA, 2008. ACM.

Digital Library

[16]

J. Li and N. Li. Oacerts: Oblivious attribute certificates. IEEE Transactions on Dependable and Secure Computing, 3:340--352, 2006.

Digital Library

[17]

J. Li, N. Li, and W. H. Winsborough. Automated trust negotiation using cryptographic credentials. ACM Trans. Inf. Syst. Secur., 13(1):1--35, 2009.

Digital Library

[18]

D. Naccache and J. Stern. A new public key cryptosystem based on higher residues. In Proceedings of the 5th ACM conference on Computer and communications security, pages 59--66, San Francisco, California, United States, 1998. ACM Press.

Digital Library

[19]

P. Paillier. Public key cryptosystems based on composite degree residuosity classes. In Advances in Cryptology - Eurocrypt '99 Proceedings, LNCS 1592, pages 223--238. Springer-Verlag, 1999.

Digital Library

[20]

R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120--126, 1978.

Digital Library

[21]

B. Smith, K. E. Seamons, and M. D. Jones. Responding to policies at runtime in trustbuilder. Policies for Distributed Systems and Networks, IEEE International Workshop on, 0:149, 2004.

Digital Library

[22]

J. Vaidya and C. Clifton. Privacy-preserving k-means clustering over vertically partitioned data. In The Ninth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pages 206--215, Washington, DC, Aug. 24-27 2003. ACM.

Digital Library

[23]

S. A. Weis. New Foundations for Efficient Authentication, Commutative Cryptography, and Private Disjointness Testing. Doctoral Thesis, Massachussetts Institute of Technology, May 2006.

Digital Library

[24]

D. Yao, K. B. Frikken, M. J. Atallah, and R. Tamassia. Point-based trust: Define how much privacy is worth. In International Conference on Information and Communications Security, pages 190--209, 2006.

Digital Library

[25]

D. Yao, K. B. Frikken, M. J. Atallah, and R. Tamassia. Private information: To reveal or not to reveal. ACM Trans. Inf. Syst. Secur., 12(1), 2008.

Digital Library

[26]

T. Yu and M. Winslett. A unified scheme for resource protection in automated trust negotiation. In SP '03: Proceedings of the 2003 IEEE Symposium on Security and Privacy, page 110, Washington, DC, USA, 2003. IEEE Computer Society.

Digital Library

Cited By

Harbach MFahl SBrenner MMuders TSmith M(2012)Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisionsProceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST.2012.6297915(17-24)Online publication date: 16-Jul-2012
https://dl.acm.org/doi/10.1109/PST.2012.6297915
Dai Jiazhu Luo Shuangyan Liu Hongxia (2011)A privacy-preserving access control in outsourced storage services2011 IEEE International Conference on Computer Science and Automation Engineering10.1109/CSAE.2011.5952674(247-251)Online publication date: Jun-2011
https://doi.org/10.1109/CSAE.2011.5952674

Index Terms

Privacy-preserving trust verification
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

Preventing attribute information leakage in automated trust negotiation
CCS '05: Proceedings of the 12th ACM conference on Computer and communications security

Automated trust negotiation is an approach which establishes trust between strangers through the bilateral, iterative disclosure of digital credentials. Sensitive credentials are protected by access control policies which may also be communicated to the ...
Privacy-preserving data sharing in cloud computing

Storing and sharing databases in the cloud of computers raise serious concern of individual privacy. We consider two kinds of privacy risk: presence leakage, by which the attackers can explicitly identify individuals in (or not in) the database, and ...
Policy migration for sensitive credentials in trust negotiation
WPES '03: Proceedings of the 2003 ACM workshop on Privacy in the electronic society

Trust negotiation is an approach to establishing trust between strangers through the bilateral, iterative disclosure of digital credentials. Under automated trust negotiation, access control policies are associated with sensitive credentials to control ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

June 2010

212 pages

ISBN:9781450300490

DOI:10.1145/1809842

General Chair:
James Joshi
University of Pittsburgh, USA
,
Program Chair:
Barbara Carminati
University of Insubria, Italy

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT'10

Sponsor:

SIGSAC

SACMAT'10: 15th ACM Symposium on Access Control Models and Technologies

June 9 - 11, 2010

Pennsylvania, Pittsburgh, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
461
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Harbach MFahl SBrenner MMuders TSmith M(2012)Towards privacy-preserving access control with hidden policies, hidden credentials and hidden decisionsProceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST.2012.6297915(17-24)Online publication date: 16-Jul-2012
https://dl.acm.org/doi/10.1109/PST.2012.6297915
Dai Jiazhu Luo Shuangyan Liu Hongxia (2011)A privacy-preserving access control in outsourced storage services2011 IEEE International Conference on Computer Science and Automation Engineering10.1109/CSAE.2011.5952674(247-251)Online publication date: Jun-2011
https://doi.org/10.1109/CSAE.2011.5952674

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents