Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Slides:



Advertisements
Similar presentations
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Advertisements

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Grid Security. Typical Grid Scenario Users Resources.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Using Digital Credentials On The World-Wide Web M. Winslett.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:
Data Confidentiality in Collaborative Computing Mikhail Atallah Department of Computer Science Purdue University.
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.
Diffie-Hellman Key Exchange
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Computer Science Public Key Management Lecture 5.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
1 Point-Based Trust: Define How Much Privacy is Worth Danfeng YaoKeith B. Frikken Brown UniversityMiami University Mikhail J. Atallah Roberto Tamassia.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Secure Cloud Database with Sense of Security. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment.
Privacy-Preserving Trust Negotiations* Mikhail Atallah CERIAS and Department of Computer Sciences Purdue University * Joint work with Keith Frikken and.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.
Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, and Chen Zhang Purdue University June 7, 2005.
Data Access and Security in Multiple Heterogeneous Databases Afroz Deepti.
Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.
Delegation and Proxy Services in Digital Credential Environments Carlisle Adams School of Information Technology and Engineering University of Ottawa.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.
Encryption CS110: Computer Science and the Internet.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.
Secure Messenger Protocol using AES (Rijndael) Sang won, Lee
Key Management Network Systems Security Mort Anvari.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Fall 2006CS 395: Computer Security1 Key Management.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
1 Authentication Celia Li Computer Science and Engineering York University.
Kent Seamons Brigham Young University Marianne Winslett, Ting Yu
Grid Security.
Cryptography and Network Security
Chapter 4 Cryptography / Encryption
Marco Casassa Mont Keith Harrison Martin Sadler
Protecting Privacy During On-line Trust Negotiation
Presentation transcript:

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University

Project info Collaborators (Ph.D. students): –Keith Frikken –Jiangtao Li Publications –NDSS ‘06 –WPES ‘04

Access control Access control decisions are often based on requester characteristics rather than identity –Access policy stated in terms of attributes to be satisfied Digital credentials, e.g., –Citizenship, age, physical condition (disabilities), employment (government, healthcare, FEMA, etc), credit status, group membership (AAA, AARP, …), security clearance, …

Scenario Requester (“Alice”) sends request to resource owner (“Bob”) Bob sends policy for access Alice sends appropriate credentials Bob verifies credentials and grant access if they satisfy policy

Problem: Sensitive info Treat credentials as sensitive –Better individual privacy –Better security Treat access policies as sensitive –Hide business strategy (fewer unwelcome imitators) –Less “gaming”

Previous work Mostly on sensitive credentials Minimizing credential disclosure Introduced “use-policies” for credentials Multiple rounds in a negotiation –A round makes more credentials usable –Stop when no change occurs in a round

Ideal Solution Requirements Neither side learns anything about the other’s credentials Neither side learns anything about the other’s policies Neither side learns which of their own credentials caused were relevant to successful negotiaton No off-line probing (e.g., by requesting an M once and then trying various subsets of credentials)

Model M = message ; P c, P s = Policies ; C, S = credentials –Credential sets C and S are issued off-line, and can have their own “use policies” (included in P s and P c ) Client gets M iff her usable C j ’s satisfy access policy for M Cannot use a trusted third party Server Client Request for M M, P s C=C 1, …,C n ; P c Protocol M if C satisfies M’s policy S=S 1,…,S m

Credentials Generated by certificate authority (CA), using Identity Based Encryption E.g., issuing Alice a student credential: –Use Identity Based Encryption with ID = Alice||student –Credential = private key corresponding to ID Simple example of credential usage: –Send Alice M encrypted with public key for ID –Alice can decrypt only with a student credential –Server does not learn whether Alice is a student or not

Policy A Boolean function p M (x 1, …, x n ) –x i corresponds to attribute attr i Policy is satisfied iff –p M (x 1, …, x n ) = 1 where x i is 1 iff there is a usable credential in C for attribute attr i E.g., –Alice is a senior citizen and has low income –Policy=(disabilitysenior-citizen)low-income –Policy = (x 1  x 2 )  x 3 = (0  1)  1 = 1

Dependencies Credentials’ “use policies” can depend on each other –Arbitrarily deep nesting of dependencies –Cycles are possible –Cycles can overlap Trust negotition process is iterative

Iterative negotiation Eager strategy –Policy-usability determination is done by a “forward flooding” process that determines which credentials are usable –Works for DAG only We use a “Reverse-Eager” Strategy –Can handle cycles –Use doubly-blinded policy evaluation

Iteration Phase 1: Credential and Attribute Hiding Phase 2: Blinded Policy Evaluation

Iteration overview For each attr i A generates 2 randoms r i [0], r i [1] Engages with B in sub-protocol the outcome of which is that B learns n values k 1, k 2, …, k n –k i = r i [1] if B has and can use a credential for attr i, otherwise k i =r i [0]

Iteration overview (cont’d) Above hiding stage makes use of equality test for array elements –“Is there are index at which the array items are equal?” –Answer is split: A knows the randoms that encode “yes” and “no”, B learns one of those randoms Blinded policy evatuation –Uses the k 1, k 2, …, k n and the n pairs r i [0], r i [1] computed in the hiding stage –Results in A’s usable credential set being implicitly updated according to whether policies evaluate to true

Other access control result Key-derivation –In access hierarchies [CCS 05, SACMAT 06] –New: Time-based (discrete time units) Geo-spacial based (planar regions) Combinations of above In all of the above: 1 key, O(1) time derivation, almost-linear public storage

For more details … … on the trust negotiations result: dss06.pdf or tions/NDSS06tn.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.