Privacy and Trust in Distributed Networks

  • Thomas Rössler
  • Arno Hollosi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2828)


Today distributed service frameworks play an ever more important role. Transitive trust is of great importance in such frameworks and is well researched. Although there are many solutions for building and transmitting trust in distributed networks, impacts on privacy are often neglected. Based on a trust metric it will be shown why insufficient trust is eventually inevitable if a request or message pass through a chain of services. Depending on the reaction of the service, privacy critical information may leak to other entities in the chain. It is shown that even simple error messages pose a privacy threat and that proper re-authentication methods should be used instead. Several methods of re-authentication and their impacts on privacy are discussed.


  1. 1.
    Abdul-Rahman, A., Hailes, S.: A distributed trust model. In: Proceedings of the New Security Paradigms 1997 (1997)Google Scholar
  2. 2.
    Abdul-Rahman, A., Hailes, S.: Supporting trust in virtual communities. In: Proceedings of the Hawaii Int. Conference on System Sciences, Maui, Hawaii, vol. 33 (2000)Google Scholar
  3. 3.
    Beatty, J.D., et al.: Liberty Protocols and Schemas Specification 1.0. Liberty Alliance (2002)Google Scholar
  4. 4.
    ECSC-EEC-EAEC: Information Technology Security Evaluation Criteria (ITSEC) (1991)Google Scholar
  5. 5.
    Hodges, J., et al.: Liberty Architecture Overview 1.0. Liberty Alliance (2002)Google Scholar
  6. 6.
    International Standardization Organisation (ISO): Evaluation criteria for IT security (ISO/IEC 15408:1999) (1999)Google Scholar
  7. 7.
    Jøsang, A.: The right type of trust for distributed systems. In: Meadows, C. (ed.) Proceedings of the 1996 New Security Paradigms Workshop (1996)Google Scholar
  8. 8.
    Jøsang, A.: Artificial reasioning with subjective logic. In: Nayak, A. (ed.) Proceedings of the 2nd Australian Workshop on Commonsense Reasoning (1997)Google Scholar
  9. 9.
    Jøsang, A.: An algebra for assessing trust in certification chains. In: Kochmar, J. (ed.) Proceedings of the Network and Distributed Systems Security (NDSS 1999) Symposium (1999)Google Scholar
  10. 10.
    Jøsang, A.: Trust-based decision making for electronic transactions. In: Yngstrm, L., Svensson, T. (eds.) Proceedings of the 4th Nordic Workshop on Secure IT Systems (NORDSEC 1999), Stockholm, Sweden (1999)Google Scholar
  11. 11.
    Kohl, J., Neuman, C.: The Kerberos Network Authentication Service (V5). RFC 1510 (1993)Google Scholar
  12. 12.
    Microsoft Corporation: Microsoft .NET Passport – Technical Overview (2001)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Thomas Rössler
    • 1
  • Arno Hollosi
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations