Protecting Privacy During Online Trust Negotiation - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Protecting Privacy During Online Trust Negotiation

Description:

Here is my Better Business Bureau Certificate. You are qualified to be ... I have a credit card. But prove you are member of Better Business Bureau first. ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 21
Provided by: tyu3
Category:

less

Transcript and Presenter's Notes

Title: Protecting Privacy During Online Trust Negotiation


1
Protecting Privacy During On-line Trust
Negotiation
  • K. Seamons, L. Yu, R. Jarvis
  • Brigham Young University

M. Winslett, Ting Yu University of Illinois at
Urbana-Champaign
2
Outline
  • Automated trust negotiation.
  • Potential privacy problems in automated trust
    negotiation.
  • Attribute-sensitive credentials and their
    protection.
  • Summary and future work.

3
An E-Business Transaction Example
Show me your resellers license along with your
credit card number or your CPN member card.
Here is my Better Business Bureau Certificate.
You are qualified to be exempt from sales tax.
I request to be exempt from sales tax.
Heres my resellers license. I have a credit
card. But prove you are member of Better Business
Bureau first.
Here is my credit card number.
Landscape Designer
Champaign Prairie Nursery
4
E-Business Requires Trust
  • Participants are often strangers.
  • Identity-based authentication is not adequate for
    access control.
  • Properties other than identity are relevant to
    establishing trust.
  • Age, address, citizenship, membership
  • Ones properties may be sensitive.

5
Digital Credentials
  • Electronic counterparts of paper credentials in
    peoples daily life.
  • Verifiable and unforgeable.
  • To establish trust, strangers can use digital
    credentials describing their properties.

6
Trust Negotiation
  • Protect sensitive credentials and services with
    (access control) policies.
  • Establish trust incrementally through a sequence
    of credential disclosures.
  • Begin with credentials that are less sensitive.
  • Build up trust so that more sensitive credentials
    can be disclosed.

7
An Example Credential Exchange Sequence
Landscape Designer
CPN
Credit_Card ? BBB_Member Reseller_License ? true
Order_OK ? (Credit_Card ? CPN_Account) ?
Reseller_License BBB_Member ? true
8
Sensitive Policy Protection
  • Policies may be sensitive.
  • A project requiring employee credentials from
    either IBM or Microsoft indicates a cooperation
    between the two companies.
  • Policy graphs help.
  • Express policies in a hierarchical way so that
    sensitive constraints are disclosed gradually.

9
An Example Policy Graph
P2
Issued by IBM
employeeID
P1
project info
R
P3
Issued by Microsoft
10
How policy graphs work
  • When a resource is requested, only the policy in
    the source node is disclosed.
  • Further constraints are checked only when the
    other party has disclosed necessary credentials.
  • Sensitive constraints are not visible to the
    other party.

11
How policy graphs work (contd)
1. Client requests to access project information.
Project info
  • Server returns policy P0, only asking for an
    employeeID credential.

issued by IBM
issued by MS
3. Client discloses its employeeID credential.
4. Server checks whether the credential is
issued by IBM or MS, and grant or deny access
accordingly.
employeeID
12
Potential Privacy Problems in Trust Negotiation
  • A stranger who wishes to access a resource must
    learn about its policy.
  • Sensitive information can be inferred from a
    response to a request to access a resource.
  • Possession-sensitive credentials.
  • Attribute-sensitive credentials.

13
Attribute-Sensitive Credentials
  • Policies constrain the values of credentials
    attributes.
  • Show me your drivers license to prove your age
    is over 25.
  • Sensitive information can be inferred from the
    response.
  • Disclosing the policy for your drivers license
    suggests that your age is over 25

14
One Solution Dynamic Policy Graphs
  • Hide constraints on sensitive attributes.
  • Only ask for drivers license. When it is
    disclosed, check the age attribute.
  • On receiving a policy, convert it into a policy
    graph with no sensitive attributes in the source
    node.

15
One Solution Dynamic Policy Graphs (contd)
Security Agent
Transformed policy P
Policy Transformation Agent
Policy P
P
Negotiation Strategy Engine
Counter message
16
One SolutionDynamic Policy Graphs (contd)
x.type drivers license ? x.age ? 25
x.type drivers license
x.age?25
17
Negotiation Protocols
  • Negotiation protocols leak information about
    sensitive attributes.
  • Fundamentally, it is a protocol design problem.
  • Protocols allowing inaccurate response and
    ill-faith negotiation may help.
  • Balance between negotiation efficiency and
    privacy preservation.

18
Other Privacy Issues in Trust Negotiation
  • Possession-sensitive credentials.
  • Extraneous information gathering.
  • Privacy practices.

19
Summary
  • Trust is crucial in open systems like the
    Internet.
  • Automated trust establishment is a promising
    approach.
  • Digital credentials and access control policies
  • Preserving users privacy in automated trust
    negotiation is hard.

20
Future Work
  • Formally model information flow in trust
    negotiation.
  • Design protocols with semantics that provide more
    protection for users private information.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Protecting Privacy During Online Trust Negotiation" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!