Trust Negotiation Protocol Support for Secure Mobile Network Service Deployment

  • Daniel Díaz-Sánchez
  • Andrés Maríin
  • Florina Almenarez
  • Celeste Campo
  • Alberto Cortés
  • Carlos García-Rubio
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 284)

User-centric services might enforce requirements difficult to be endorsed by visited networks unless tight coupled trust relations are previously established among providers. Maintaining those fixed trust relations is costly and unmanageable if the number of providers increases. Moreover, it requires providers to use a common security model, credentials, policies…Trust Negotiation can be the solution to this problem since allows to negotiate gradually a security state enabling multiple factor authentication and authorization even for “strangers” by exchanging various credentials. However, there are still two problems to solve, the first one is the delay introduced by the trust negotiation messages if used as bootstrapping in every interaction; the second one is the lack of protocol support. In this article we address those problems by presenting an extension to TLS that enables trust negotiation and credential issuing (to speed-up following interactions) over a secure channel.


Mutual Authentication Message Authentication Code Protocol Message International Telecommunication Union Transport Layer Security 


  1. 1.
    Díaz, D., Marín, A., Almen árez, F., Garcia-Rubio, C., Campo, C.: Context awareness in network selection for dynamic environments. 11th IFIP International Conference on Personal Wireless Communications “PWC06”. Lecture Notes In Computer Science Editor: SpringerVerlag GMBH (2006)Google Scholar
  2. 2.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings IEEE Symposium on Security and Privacy, 1996, IEEE Computer (1996)Google Scholar
  3. 3.
    Blaze, M., Feigenbaum, J., Strauss, M.: Compliance checking in the policy maker trust management system. In: Financial Cryptography. Number 1465 in Lecture Notes in Computer Science, Springer-Verlag (1998)Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The keynote trust management system version 2. Technical Report RFC 2704, IETF (1999)Google Scholar
  5. 5.
    Ryutov, T., Neuman, C., Kim, D.: The specification and enforcement of advanced security policies. In: Proceedings of the IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, 2002, IEEE Computer (2002)Google Scholar
  6. 6.
    Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. ACM Trans. Inf. Syst. Secur. 6 (2003) 128-171CrossRefGoogle Scholar
  7. 7.
    Squicciarini, A.C.: Trust negotiation systems. In: EDBT Workshops. (2004) 90-99Google Scholar
  8. 8.
    Bertino, E., Ferrari, E., Squicciarini, A.: X -tnl: An xml-based language for trust negotiations. policy 00 (2003) 81Google Scholar
  9. 9.
    Díaz, D., Marín, A., Almen árez, F.: Enhancing access control for mobile devices with an agnostic trust negotiation decision engine. Personal Wireless Communications. Springer series in Computer Science. ISSN: 1571-5736. (2007)Google Scholar
  10. 10.
    (ITU), I.T.U.: The directory: Public-key and attribute certificate framework. Technical Report X.509, International Telecommunication Union (ITU) (2005)Google Scholar
  11. 11.
    Dierks, T.: The tls protocol. Technical Report RFC 2246, IETF TLS Working Group (1999)Google Scholar
  12. 12.
    Blake-Wilson, S.: Transport layer security (tls) extensions. Technical Report RFC 3546, IETF TLS Working Group (2003)Google Scholar
  13. 13.
    Myers, M., Adams, C., Solo, D., Kemp, D.: Internet x.509 certificate request message format. Technical Report RFC 2511, IETF TLS Working Group (1999)Google Scholar
  14. 14.
    Farrell, S., Housley, R.: An internet attribute certificate profile for authorization. Technical Report RFC 3281, IETF PKIX Working Group (2002)Google Scholar
  15. 15.
    Farrell, S.: Tls extensions for attributecertificate based authorization. Technical Report draftietf-tls-attr-cert-01.txt, IETF Transport Layer Security Working Group (1998)Google Scholar
  16. 16.
    Brown, M., Housley, R.: Transport layer security (tls) authorization extensions. Technical Report draft-housley-tls-authz-extns-07.txt, IETF (2006)Google Scholar
  17. 17.
    Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K., Smith, B.: Advanced client/server authentication in tls (2002)Google Scholar

Copyright information

© International Federation for Information Processing 2008

Authors and Affiliations

  • Daniel Díaz-Sánchez
    • 1
  • Andrés Maríin
    • 1
  • Florina Almenarez
    • 1
  • Celeste Campo
    • 1
  • Alberto Cortés
    • 1
  • Carlos García-Rubio
    • 1
  1. 1.AvdaUniversidad Carlos III de MadridLeganés (Madrid)

Personalised recommendations