Privacy enhanced automated trust negotiation
Abstract
In automated trust negotiation, two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials are protected according to access control policies. In traditional trust negotiation, credentials are transmitted either in their entirety or not at all. This approach can at times fail unnecessarily, either because a cyclic dependency makes neither negotiator willing to reveal her credential before her opponent, because the opponent must be authorized for all attributes packaged together in a credential to receive any of them, or because it is necessary to disclose the precise attribute values, rather than merely proving they satisfy some predicate (such as being over 21 years of age). In this thesis, we introduce a number of techniques that address the previous problems. In particular, (1) We propose Oblivious Attribute Certificates (OACerts), an attribute certificate scheme in which a certificate holder can select which attributes to use and how to use them. In particular, a user can use attribute values stored in an OACert to obtain a resource from a service provider without revealing any information about these values. Using OACerts, we develop a policy-hiding access control scheme that protects both sensitive attribute values and sensitive policies. (2) We present a privacy-preserving trust negotiation protocol that enforces each credential's policy (thereby protecting sensitive credentials). Our result is not achieved through the routine use of standard techniques to implement, in this framework, one of the known strategies for trust negotiations (such as the "eager strategy"). Rather, we use novel techniques to implement a non-standard trust negotiation strategy specifically suited to framework. (3) We introduce a framework for automated trust negotiation in which diverse credential schemes and protocols can be combined, integrated, and used as needed. A policy language is introduced that enables negotiators to specify authorization requirements that must be met by an opponent to receive various amounts of information about certified attributes and the credentials that contain it.
Degree
Ph.D.
Advisors
Li, Purdue University.
Subject Area
Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.