Abstract
Today distributed service frameworks play an ever more important role. Transitive trust is of great importance in such frameworks and is well researched. Although there are many solutions for building and transmitting trust in distributed networks, impacts on privacy are often neglected. Based on a trust metric it will be shown why insufficient trust is eventually inevitable if a request or message pass through a chain of services. Depending on the reaction of the service, privacy critical information may leak to other entities in the chain. It is shown that even simple error messages pose a privacy threat and that proper re-authentication methods should be used instead. Several methods of re-authentication and their impacts on privacy are discussed.
Chapter PDF
Similar content being viewed by others
References
Abdul-Rahman, A., Hailes, S.: A distributed trust model. In: Proceedings of the New Security Paradigms 1997 (1997)
Abdul-Rahman, A., Hailes, S.: Supporting trust in virtual communities. In: Proceedings of the Hawaii Int. Conference on System Sciences, Maui, Hawaii, vol. 33 (2000)
Beatty, J.D., et al.: Liberty Protocols and Schemas Specification 1.0. Liberty Alliance (2002)
ECSC-EEC-EAEC: Information Technology Security Evaluation Criteria (ITSEC) (1991)
Hodges, J., et al.: Liberty Architecture Overview 1.0. Liberty Alliance (2002)
International Standardization Organisation (ISO): Evaluation criteria for IT security (ISO/IEC 15408:1999) (1999)
Jøsang, A.: The right type of trust for distributed systems. In: Meadows, C. (ed.) Proceedings of the 1996 New Security Paradigms Workshop (1996)
Jøsang, A.: Artificial reasioning with subjective logic. In: Nayak, A. (ed.) Proceedings of the 2nd Australian Workshop on Commonsense Reasoning (1997)
Jøsang, A.: An algebra for assessing trust in certification chains. In: Kochmar, J. (ed.) Proceedings of the Network and Distributed Systems Security (NDSS 1999) Symposium (1999)
Jøsang, A.: Trust-based decision making for electronic transactions. In: Yngstrm, L., Svensson, T. (eds.) Proceedings of the 4th Nordic Workshop on Secure IT Systems (NORDSEC 1999), Stockholm, Sweden (1999)
Kohl, J., Neuman, C.: The Kerberos Network Authentication Service (V5). RFC 1510 (1993)
Microsoft Corporation: Microsoft .NET Passport – Technical Overview (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Rössler, T., Hollosi, A. (2003). Privacy and Trust in Distributed Networks. In: Lioy, A., Mazzocchi, D. (eds) Communications and Multimedia Security. Advanced Techniques for Network and Data Protection. CMS 2003. Lecture Notes in Computer Science, vol 2828. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45184-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-45184-6_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20185-4
Online ISBN: 978-3-540-45184-6
eBook Packages: Springer Book Archive