Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University."— Presentation transcript:

1 Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University

2 Project info Collaborators (Ph.D. students): –Keith Frikken –Jiangtao Li Publications –NDSS ‘06 –WPES ‘04

3 Access control Access control decisions are often based on requester characteristics rather than identity –Access policy stated in terms of attributes to be satisfied Digital credentials, e.g., –Citizenship, age, physical condition (disabilities), employment (government, healthcare, FEMA, etc), credit status, group membership (AAA, AARP, …), security clearance, …

4 Scenario Requester (“Alice”) sends request to resource owner (“Bob”) Bob sends policy for access Alice sends appropriate credentials Bob verifies credentials and grant access if they satisfy policy

5 Problem: Sensitive info Treat credentials as sensitive –Better individual privacy –Better security Treat access policies as sensitive –Hide business strategy (fewer unwelcome imitators) –Less “gaming”

6 Previous work Mostly on sensitive credentials Minimizing credential disclosure Introduced “use-policies” for credentials Multiple rounds in a negotiation –A round makes more credentials usable –Stop when no change occurs in a round

7 Ideal Solution Requirements Neither side learns anything about the other’s credentials Neither side learns anything about the other’s policies Neither side learns which of their own credentials caused were relevant to successful negotiaton No off-line probing (e.g., by requesting an M once and then trying various subsets of credentials)

8 Model M = message ; P c, P s = Policies ; C, S = credentials –Credential sets C and S are issued off-line, and can have their own “use policies” (included in P s and P c ) Client gets M iff her usable C j ’s satisfy access policy for M Cannot use a trusted third party Server Client Request for M M, P s C=C 1, …,C n ; P c Protocol M if C satisfies M’s policy S=S 1,…,S m

9 Credentials Generated by certificate authority (CA), using Identity Based Encryption E.g., issuing Alice a student credential: –Use Identity Based Encryption with ID = Alice||student –Credential = private key corresponding to ID Simple example of credential usage: –Send Alice M encrypted with public key for ID –Alice can decrypt only with a student credential –Server does not learn whether Alice is a student or not

10 Policy A Boolean function p M (x 1, …, x n ) –x i corresponds to attribute attr i Policy is satisfied iff –p M (x 1, …, x n ) = 1 where x i is 1 iff there is a usable credential in C for attribute attr i E.g., –Alice is a senior citizen and has low income –Policy=(disabilitysenior-citizen)low-income –Policy = (x 1  x 2 )  x 3 = (0  1)  1 = 1

11 Dependencies Credentials’ “use policies” can depend on each other –Arbitrarily deep nesting of dependencies –Cycles are possible –Cycles can overlap Trust negotition process is iterative

12 Iterative negotiation Eager strategy –Policy-usability determination is done by a “forward flooding” process that determines which credentials are usable –Works for DAG only We use a “Reverse-Eager” Strategy –Can handle cycles –Use doubly-blinded policy evaluation

13 Iteration Phase 1: Credential and Attribute Hiding Phase 2: Blinded Policy Evaluation

14 Iteration overview For each attr i A generates 2 randoms r i [0], r i [1] Engages with B in sub-protocol the outcome of which is that B learns n values k 1, k 2, …, k n –k i = r i [1] if B has and can use a credential for attr i, otherwise k i =r i [0]

15 Iteration overview (cont’d) Above hiding stage makes use of equality test for array elements –“Is there are index at which the array items are equal?” –Answer is split: A knows the randoms that encode “yes” and “no”, B learns one of those randoms Blinded policy evatuation –Uses the k 1, k 2, …, k n and the n pairs r i [0], r i [1] computed in the hiding stage –Results in A’s usable credential set being implicitly updated according to whether policies evaluate to true

16 Other access control result Key-derivation –In access hierarchies [CCS 05, SACMAT 06] –New: Time-based (discrete time units) Geo-spacial based (planar regions) Combinations of above In all of the above: 1 key, O(1) time derivation, almost-linear public storage

17 For more details … … on the trust negotiations result: http://homes.cerias.purdue.edu/~jtli/paper/n dss06.pdf or http://www.cs.purdue.edu/homes/kbf/publica tions/NDSS06tn.pdf

Download ppt "Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Similar presentations

Ads by Google