More Web Proxy on the site http://driver.im/

article

PP-trust-X: A system for privacy preserving trust negotiations

Authors:

A. Squicciarini,

B. ThuraisinghamAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 10, Issue 3

Pages 12 - es

https://doi.org/10.1145/1266977.1266981

Published: 01 July 2007 Publication History

Abstract

Trust negotiation is a promising approach for establishing trust in open systems, in which sensitive interactions may often occur between entities with no prior knowledge of each other. Although, to date several trust negotiation systems have been proposed, none of them fully address the problem of privacy preservation. Today, privacy is one of the major concerns of users when exchanging information through the Web and thus we believe that trust negotiation systems must effectively address privacy issues in order to be widely applicable. For these reasons, in this paper, we investigate privacy in the context of trust negotiations. We propose a set of privacy-preserving features for inclusion in any trust negotiation system, such as the support for the P3P standard, as well as a number of innovative features, such as a novel format for encoding digital credentials specifically designed for preserving privacy. Further, we present a variety of interoperable strategies to carry on the negotiation with the aim of improving both privacy and efficiency.

References

[1]

Agrawal, R., Kiernan, J., Srikant, R., and Xu, Y. 2003. Implementing P3P using database technology. 19th International Conference on Data Engineering. Bangalore, India.

[2]

Bertino, E., Ferrari, E., and Squicciarini, A. 2003. X-TNL---an XML based language for trust negotiations. Fourth IEEE International Workshop on Policies for Distributed Systems and Networks. Como, Italy.

Digital Library

[3]

Bertino, E., Ferrari, E., and Squicciarini, A. 2004a. Privacy preserving trust negotiations. 4th International Workshop on Privacy Enhancing Technologies. Toronto, Canada.

[4]

Bertino, E., Ferrari, E., and Squicciarini, A. 2004b. Trust-X---a Peer to Peer Framework for Trust Establishment. IEEE Trans. Knowl. Data Eng. 16, 7, 827--842.

Digital Library

[5]

Bonatti, P. and Samarati, P. 2000. Regulating access services and information release on the Web. 7th ACM Conference on Computer and Communications Security. Athens, Greece.

Digital Library

[6]

Bradshaw, R., Holt, J. E., and Seamons, K. E. 2004. Concealing complex policies with hidden credentials. In CCS '04: Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM Press, New York. 146--157.

Digital Library

[7]

Brands, S. 2000. Rethinking Public Key Infrastructure and Digital Credentials. MIT Press, Cambridge, MA.

Digital Library

[8]

Camenisch, J. and Herreweghen, E. V. 2002. Design and implementation of the idemix anonymous credential system. In CCS '02: Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM Press, New York. 21--30.

Digital Library

[9]

Chaum, D. 1985. Security without identification: transaction systems to make big brother obsolete. Commununications of ACM 28, 10, 1030--1044.

Digital Library

[10]

Clark, J. 1999. XSL transformations (XSLT). version 1.0 W3C recommendation. Available at: http://www.w3.org/TR/xslt.

[11]

Cranor, L., Langherinrigh, M., and Marchiori, M. 2002. A P3P preference exchange language 1.0 (APPEL1.0). W3C Working Draft.

[12]

Cranor, L., Langherinrigh, M., Marchiori, M., Presler-Marsall, M., and Reagle, J. 2003. P3P- the platform for privacy preferences, version 1.1. Available at: http://www.w3.org/P3P/1.1/.

[13]

Herzberg, A. and J. Mihaeli, E. A. 2000. Access control meets public key infrastructure, or: Assigning Roles to Strangers. IEEE Symposium on Security and Privacy. Oakland, CA.

Digital Library

[14]

Housley, R., Polk, W., Ford, W., and So, D. 2002. Internet X.509 public key infrastructure certificate and certificate revocation List (crl) profile. RFC 3280.

[15]

IBM. IBM Tivoli privacy wizard. Available at: www.tivoli.resource_center/maximize/privacy/wizard_code.html.

[16]

Jarvis, R. 2003. Selective disclosure of credential content during trust negotiation. Master of Science Thesis, Brigham Young University, Provo, UT.

[17]

JRC. 2002. JRC P3P resource centre. Available at: http://p3p.jrc.it.

[18]

Lee, A. J., Winslett, M., Basney, J., and Welch, V. 2006. Traust: A trust negotiation-based authorization service for open systems. In SACMAT '06: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies. ACM Press, New York. 39--48.

Digital Library

[19]

Li, N., Du, W., and Boneh, D. 2003. Oblivious signature-based envelope.

[20]

Microsoft. 2004. Infocard project. Available at http://msdn.microsoft.com/winfx/reference/infocard/default.aspx.

[21]

Naor, M. 1990. Bit commitment using pseudorandomness. Advances in Cryptology- 89. Lecture Notes in Computer Science, vol. 435, New York.

Digital Library

[22]

Persiano, P. and Visconti, I. 2000. User privacy issues regarding certificates and the TLS protocol. Proceedings of the ACM Conference on Computer and Communication Security, Athens, Greece.

Digital Library

[23]

Seamons, K. E., Winslett, M., and Yu, T. 2001. Limiting the disclosure of Access Control Policies during automated trust negotiation. Network and Distributed System Security Simposium. San Diego, CA.

[24]

Seamons, K. E., Winslett, M., and Yu, T. 2002. Protecting privacy during on line trust negotiation. 2nd Workshop on Privacy Enhancing Technologies. San Francisco, CA.

[25]

Westin, A. F. 1967. Privacy and freedom. Atheneum, New York.

[26]

Winsborough, W. and Li, N. 2002a. Towards practical automated trust negotiation. IEEE 3rd Intl. Workshop on Policies for Distributed Systems and Networks. Monterey, CA.

Digital Library

[27]

Winsborough, W. H. and Li, N. 2002b. Protecting sensitive attributes in automated trust negotiation. ACM Workshop on Privacy in the Electronic Society.

Digital Library

[28]

Winsborough, W. H., Seamons, K. E., and Jones, V. 2000. Automated trust negotiation. DARPA Information Survivability Conference and Exposition, Vol. I, 88--102.

[29]

Winslett, M., Yu, T., Seamons, K. E., Hess, A., Jarvis, J., Smith, B., and Yu, L. 2002. Negotiating trust on the Web. IEEE Internet Computing, 6, 6, 30--37.

Digital Library

[30]

World Wide Web Consortium. References for P3P implementation. Available at: http://www.w3org/P3P/implementations.

[31]

World Wide Web Consortium. Uniform resource identifiers, naming and addressing: URIs, URLs, … Available at http://www.w3.org/addressing.

[32]

Yu, T. and Winslett, M. 2003. A unified scheme for resource protection in automated trust negotiation. IEEE Symposium on Security and Privacy, 110. Oakland, CA.

Digital Library

[33]

Yu, T., Winslett, M., and Seamons, K. E. 2003. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6, 1 (Feb.).

Digital Library

Cited By

Ramić ŠPrazina IPozderac DMulahasanović RMrdović S(2024)BLS-MT-ZKP: A novel approach to selective disclosure of claims from digital credentialsIEEE Access10.1109/ACCESS.2024.3518597(1-1)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3518597
Li SPeng KZhu BLi ZZhang BChen HLi R(2023)Research on Users’ Privacy-Sharing Intentions in the Health Data Tracking System Providing Personalized Services and Public ServicesSustainability10.3390/su15221570915:22(15709)Online publication date: 7-Nov-2023
https://doi.org/10.3390/su152215709
Allouzi MKhan J(2019)SafeFlow-x: An Efficient and Complete Strategy for Multiparty Trust Negotiation Over Distributed Networks2019 IEEE 20th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM)10.1109/WoWMoM.2019.8792991(1-9)Online publication date: Jun-2019
https://doi.org/10.1109/WoWMoM.2019.8792991
Show More Cited By

Index Terms

PP-trust-X: A system for privacy preserving trust negotiations
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Information flow control
    2. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Safety in automated trust negotiation

Exchange of attribute credentials is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated Trust Negotiation (ATN) is an approach to regulate the exchange of sensitive information ...
Automated trust negotiation using cryptographic credentials
CCS '05: Proceedings of the 12th ACM conference on Computer and communications security

In automated trust negotiation (ATN), two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials are ...
Automated trust negotiation using cryptographic credentials

In automated trust negotiation (ATN), two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials are ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 10, Issue 3

July 2007

195 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1266977

Issue’s Table of Contents

Copyright © 2007 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2007

Published in TISSEC Volume 10, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

48
Total Citations
View Citations
1,421
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)2

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ramić ŠPrazina IPozderac DMulahasanović RMrdović S(2024)BLS-MT-ZKP: A novel approach to selective disclosure of claims from digital credentialsIEEE Access10.1109/ACCESS.2024.3518597(1-1)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3518597
Li SPeng KZhu BLi ZZhang BChen HLi R(2023)Research on Users’ Privacy-Sharing Intentions in the Health Data Tracking System Providing Personalized Services and Public ServicesSustainability10.3390/su15221570915:22(15709)Online publication date: 7-Nov-2023
https://doi.org/10.3390/su152215709
Allouzi MKhan J(2019)SafeFlow-x: An Efficient and Complete Strategy for Multiparty Trust Negotiation Over Distributed Networks2019 IEEE 20th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM)10.1109/WoWMoM.2019.8792991(1-9)Online publication date: Jun-2019
https://doi.org/10.1109/WoWMoM.2019.8792991
Yaich R(2019)Trust Management Systems: a Retrospective Study on Digital TrustCyber‐Vigilance and Digital Trust10.1002/9781119618393.ch2(51-103)Online publication date: 24-Apr-2019
https://doi.org/10.1002/9781119618393.ch2
Rios RFernandez-Gago CLopez J(2018)Modelling privacy-aware trust negotiationsComputers & Security10.1016/j.cose.2017.09.01577(773-789)Online publication date: Aug-2018
https://doi.org/10.1016/j.cose.2017.09.015
Yaich RBoissier OPicard GJaillon P(2017)Impact of social influence on trust management within communities of agentsWeb Intelligence10.3233/WEB-17036115:3(251-268)Online publication date: 11-Aug-2017
https://doi.org/10.3233/WEB-170361
Rios RFernandez-Gago CLopez J(2016)Privacy-Aware Trust NegotiationSecurity and Trust Management10.1007/978-3-319-46598-2_7(98-105)Online publication date: 17-Sep-2016
https://doi.org/10.1007/978-3-319-46598-2_7
Gao FHe JMa S(2014)Modelling the relationship between trust and privacy in network environmentsInternational Journal of Computational Science and Engineering10.1504/IJCSE.2014.0607169:4(347-354)Online publication date: 1-Apr-2014
https://dl.acm.org/doi/10.1504/IJCSE.2014.060716
Zhang YMundy D(2014)Remembrance of Local Information Status for Enforcing Robustness of Policy-Exchanged Strategies for Trust NegotiationProceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2014.18(106-113)Online publication date: 24-Sep-2014
https://dl.acm.org/doi/10.1109/TrustCom.2014.18
Thuraisingham B(2013)Privacy and Cloud ServicesDeveloping and Securing the Cloud10.1201/b15433-51(557-566)Online publication date: 28-Oct-2013
https://doi.org/10.1201/b15433-51
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents