Anonymity Preserving Techniques in Trust Negotiations

  • Indrakshi Ray
  • Elisa Bertino
  • Anna C. Squicciarini
  • Elena Ferrari
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3856)


Trust negotiation between two subjects require each one proving its properties to the other. Each subject specifies disclosure policies stating the types of credentials and attributes the counterpart has to provide to obtain a given resource. The counterpart, in response, provides a disclosure set containing the necessary credentials and attributes. If the counterpart wants to remain anonymous, its disclosure sets should not contain identity revealing information. In this paper, we propose anonymization techniques using which a subject can transform its disclosure set into an anonymous one. Anonymization transforms a disclosure set into an alternative anonymous one whose information content is different from the original one. This alternative disclosure set may no longer satisfy the original disclosure policy causing the trust negotiation to fail. To address this problem, we propose that trust negotiation requirements be expressed at a more abstract level using property-based policies. Property-based policies state the high-level properties that a counterpart has to provide to obtain a resource. A property-based policy can be implemented by a number of disclosure policies. Although these disclosure policies implement the same high-level property-based policy, they require different sets of credentials. Allowing the subject to satisfy any policy from the set of disclosure policies, increases not only the chances of a trust negotiation succeeding but also the probability of ensuring anonymity.


Disclosure Policy Concept Graph Deductive Database Translation Function Trust Negotiation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bertino, E., Ferrari, E., Squicciarini, A.: Trust Negotiations: Concepts, Systems and Languages. IEEE-CISE, Computing and Science Engineering (to appear)Google Scholar
  2. 2.
    Bertino, E., Ferrari, E., Squicciarini, A.: Trust-X a Peer to Peer Framework for Trust Establishment. IEEE TKDE, Transactions on Knowledge and Data Engineering (to appear)Google Scholar
  3. 3.
    Bertino, E., Ferrari, E., Squicciarini, A.C.: Privacy-preserving trust negotiations. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 283–301. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Bonatti, P., Kraus, S.: Foundations on Secure Deductive Databases. IEEE TKDE, Transactions on Knowledge and Data Engineering 7(3), 406–422 (1995)CrossRefGoogle Scholar
  5. 5.
    Bonatti, P., Samarati, P.: Regulating Access Services and Information Release on the Web. In: 7th ACM Conference on Computer and Communications Security, Athens, Greece (November 2000)Google Scholar
  6. 6.
    Domingo-Ferrer, J. (ed.): Inference Control in Statistical Databases from Theory to Practice. LNCS, vol. 2316. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  7. 7.
    Gruber, T.R.: A translation approach to portable ontology specifications. Knowledge Acquisition 5(2), 199–220 (1993)CrossRefGoogle Scholar
  8. 8.
    Iyengar, V.S.: Transforming Data to Satisfy Privacy Constraints. In: Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Canada (July 2002)Google Scholar
  9. 9.
    Yu, T., Seamons, K.E., Winslett, M.: Requirements for Policy Languages for Trust Negotiation. In: Third IEEE International Workshop on Policies for Distributed Systems and Networks, Monterey, CA (June 2002)Google Scholar
  10. 10.
    Naor, M.: Bit commitment using pseudo randomness. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 128–136. Springer, Heidelberg (1990)Google Scholar
  11. 11.
    Samarati, P., Sweeney, L.: Generalizing Data to Provide Anonymity when Disclosing Information. In: Seventeenth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, Seattle, Washington. ACM Press, New York (1998)Google Scholar
  12. 12.
    Sweeney, L.: k-anonymity: A Model for Protecting Privacy. International Journal on Uncertainty, Fuziness and Knowledge-based Systems 10(5), 557–570 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Seamons, K.E., Yu, T., Winslett, M.: Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation. ACM Transactions on Information and System Security 1(6) (February 2003)Google Scholar
  14. 14.
    Uschold, M., Gruninger, M.: Ontologies: Principles, methods, and applications. Knowledge Engineering Review 11(2), 93–155 (1996)CrossRefGoogle Scholar
  15. 15.
    Winsborough, M., Li, N.: Safety in Automated Trust Negotiation. In: IEEE Symposium on Security and Privacy, Oakland, CA (May 2004)Google Scholar
  16. 16.
    Yu, T., Winslett, M.: A Unified Scheme for Resource Protection in Automated Trust Negotiation. In: IEEE Symposium on Security and Privacy, Oakland, CA (May 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Indrakshi Ray
    • 1
  • Elisa Bertino
    • 2
  • Anna C. Squicciarini
    • 2
  • Elena Ferrari
    • 3
  1. 1.Computer Science DepartmentColorado State UniversityFort CollinsUSA
  2. 2.CERIAS and Computer Science Department Purdue UniversityWest LafayetteUSA
  3. 3.Dipartimento di Scienze della Cultura, Politiche e InformazioneUniversitá degli Studi dell’InsubriaComo

Personalised recommendations