Skip to main content
SpringerLink
Log in
Book cover

International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security

MMM-ACNS 2007: Computer Network Security pp 171–186Cite as

Privacy-Preserving Credential Verification for Non-monotonic Trust Management Systems

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1))

Abstract

Trust management systems provide a flexible way for performing decentralized security management. However, most trust management systems only support monotonic policies. Compared with nonmonotonic policies, monotonic ones are less flexible and cannot express policies such as “Chinese wall policies” and “separation of duties”. To support non-monotonic policies, trust management systems must be able to correctly identify the credentials which a subject has that are required by the policies. Previous efforts address the problem by letting the system query the issuers directly to verify the possession status of the credentials. But this approach can violate the subject’s privacy. The main contribution of this paper is a cryptographic credential verification scheme for non-monotonic, trust management systems that can correctly identify the credentials that a subject has while also protecting the subject’s privacy. We also analyze the security of the scheme and prove that with correct construction and certain cryptographic assumptions, the scheme is secure.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: SP’ 96: Proceedings of the 1996 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 164–173. IEEE Computer Society Press, Los Alamitos (1996)

    Chapter  Google Scholar 

  2. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: Rfc2704: The keynote trust-management system version 2 (1999)

    Google Scholar 

  3. Jim, T.: Sd3: A trust management system with certified evaluation. In: P’ 01: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 106–115. IEEE Computer Society, Press, Los Alamitos (2001)

    Chapter  Google Scholar 

  4. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trustmanagement framework. In: SP’ 02: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  5. Hess, A., Seamons, K.E.: An access control model for dynamic client-side content. In: SACMAT’ 03: Proceedings of the eight ACM symposium on Access control models and technologies, pp. 207–216. ACM Press, New York (2003)

    Chapter  Google Scholar 

  6. Carbone, M., Nielsen, M., Sassone, V.: A formal model for trust in dynamic networks. In: SEFM, pp. 54–61. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  7. Blaze, M., Feigenbaum, J., Strauss, M.: Compliance checking in the policymaker trust management system. In: Proceedings of the Second International Conference on Financial Cryptography, London, UK, pp. 254–274. Springer, Heidelberg (1998)

    Google Scholar 

  8. Seamons, K., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H., Yu, L.: Requirements for policy languages for trust negotiation. In: POLICY’ 02: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY’02), Washignton, DC, USA, pp. 68–79. IEEE Computer Society Press, Los Alamitos (2002)

    Chapter  Google Scholar 

  9. Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)

    Article  Google Scholar 

  10. Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: SIGMOD’ 97: Proceedings of the 1997 ACM SIGMOD international conference on Management of data, pp. 474–485. ACM Press, New York (1997)

    Chapter  Google Scholar 

  11. Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: IEEE Symposium on Security and Privacy, pp. 184–195. IEEE Computer Society Press, Los Alamitos (1987)

    Google Scholar 

  12. Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society Press, Los Alamitos (1989)

    Chapter  Google Scholar 

  13. Chu, Y.H., Feigenbaum, J., LaMacchia, B., Resnick, P., Strauss, M.: Referee: trust management for web applications. Comput. Netw. ISDN Syst., 29(8–13), 953–964 (1997) 283252

    Article  Google Scholar 

  14. Li, N., Feigenbaum, J., Grosof, B.N.: A logic-based knowledge representation for authorization with delegation (extended abstract). In: Proceedings of the 1999 IEEE Computer Security Foundations Workshop, pp. 162–174. IEEE Computer Society Press, Los Alamitos (1999)

    Google Scholar 

  15. Herzberg, A., Mass, Y. Mihaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: assigning roles to strangers. In: the 2000 IEEE Symposium on Security and Privacy, Berkeley, CA, pp. 2–14. IEEE Computer Society Press, Los Alamitos (2000)

    Google Scholar 

  16. Czenko, M., Tran, H., Doumen, J., Etalle, S., Hartel, P., den Hartog, J.: Nonmonotonic trust management for p2p applications. Electronic Notes in Theoretical Computer Science 157(3), 113–130 (2006)

    Article  Google Scholar 

  17. Goldreich, O.: Foundations of Cryptography. vol. I. Basic Tools, Cambridge University Press, Cambridge (2001)

    Google Scholar 

  18. Goldwasser, S., Bellare, M.: Lecture notes on cryptography http://www-cse.ucsd. edu/users/mihir/papers/gb.pdf

  19. Goldreich, O.: Foundations of Cryptography. vol. II. Basic Applications Cambridge University Press, Cambridge (2004)

    MATH  Google Scholar 

  20. Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups (extended abstract). In: Jr., B.S.K. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)

    Google Scholar 

  21. Boudot, F., Schoenmakers, B., Traoré, J.: A fair and efficient solution to the socialist millionaries’ problem. Discrete Applied Mathematics 111(1–2), 23–36 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  22. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991)

    Article  MATH  MathSciNet  Google Scholar 

  23. Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)

    Google Scholar 

  24. Resnick, P., Miller, J.: Pics: Internet access controls without censorship. Commun. ACM 39(10), 87–93 (1996)

    Article  Google Scholar 

  25. Dung, P.M., Thang, P.M.: Trust negotiation with nonmonotonic access policies. In: Aagesen, F.A., Anutariya, C., Wuwongse, V. (eds.) INTELLCOMM 2004. LNCS, vol. 3283, pp. 70–84. Springer, Heidelberg (2004)

    Google Scholar 

  26. Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition, 2000, pp. 88–102. IEEE Computer Society Press, Los Alamitos (2000)

    Google Scholar 

  27. Frikken, K.B., Li, J., Atallah, M.J.: Trust negotiation with hidden credentials, hidden policies, and policy cycles. In: NDSS, The Internet Society (2006)

    Google Scholar 

  28. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing, Imperial College London, 180 Queen’s Gate, London, SW7 2AZ, UK

    Changyu Dong, Giovanni Russello & Naranker Dulay

Authors
  1. Changyu Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giovanni Russello
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Naranker Dulay
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, St. Petersburg, 199178, Russia

    Vladimir Gorodetsky  & Igor Kotenko  & 

  2. US Air Force, Binghamton University (SUNY), Binghamton, NY, 13902, USA

    Victor A. Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dong, C., Russello, G., Dulay, N. (2007). Privacy-Preserving Credential Verification for Non-monotonic Trust Management Systems. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-73986-9_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73985-2

  • Online ISBN: 978-3-540-73986-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation