Protecting Privacy during On-Line Trust Negotiation
The dramatic growth of services and information on the Internet is accompanied by growing concerns over privacy. Trust negotiation is a new approach to establishing trust between strangers on the Internet through the bilateral exchange of digital credentials, the on-line analogue to the paper credentials people carry in their wallets today. When a credential contains sensitive information, its disclosure is governed by an access control policy that specifies credentials that must be received before the sensitive credential is disclosed. This paper identifies the privacy vulnerabilities present in on-line trust negotiation and the approaches that can be taken to eliminate or minimize those vulnerabilities. The paper proposes modifications to negotiation strategies to help prevent the inadvertent disclosure of credential information during online trust negotiation for those credentials or credential attributes that have been designated as sensitive, private information.
KeywordsAccess Control Policy Security Agent Sensitive Attribute Negotiation Strategy Policy Disclosure
Unable to display preview. Download preview PDF.
- 1.Bertino, E., Castano, S., Ferrari, E.: On Specifying Security Policies for Web Documents with an XML-based Language, Proceedings of Sixth ACM Symposium on Access Control Models and Technologies, Chantilly, Virginia (2001).Google Scholar
- 2.Biskup, J.: For Unknown Secrecies Refusal is Better than Lying, Data & Knowledge Engineering 33, Elsevier Science, Amsterdam (2000).Google Scholar
- 3.Bonatti, P., Samarati, P.: Regulating Service Access and Information Release on the Web, Proceedings of the 7th Conference on Computer and Communications Security, Athens, Greece (2000).Google Scholar
- 4.Brands, S. A.: Rethinking Public Key Infrastructures and Digital Certificates, MIT Press, Cambridge, Massachusetts (2000).Google Scholar
- 5.Forrester Press Release, Companies Must Adopt A Whole-View Approach To Privacy, http://www.forrester.com/ER/Press/Release/0,1769,514,00.html (2001).
- 6.Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K. E., Smith, B.: Advanced Client/Server Authentication in TLS, Network and Distributed System Security Symposium, San Diego, CA, (2002).Google Scholar
- 7.International Telecommunication Union, Recommendation X.509-Information Technology-Open Systems Interconnection-The Directory: Authentication Framework (1997).Google Scholar
- 8.Persiano, P., Visconti, I.: User Privacy Issues Regarding Certificates and the TLS Protocol, in Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece (2000).Google Scholar
- 9.Platform for Privacy Preferences (P3P) Specification, W3C Working Draft 26 August (1999), http://www.w3.org/TR/WD-P3P/Overview.html.
- 10.Seamons, K. E., Winslett, M., Yu, T.: Limiting the Disclosure of Access Control Policies During Automated Trust Negotiation, Symposium on Network and Distributed System Security, San Diego (2001).Google Scholar
- 11.Tygar, J. D.: Atomicity versus Anonymity: Distributed Transactions for Electronic Commerce, Proceedings of 24th International Conference on Very Large Data Bases, New York City, New York (1998).Google Scholar
- 12.Winsborough, W. H., Li, N.:Towards Practical Automated Trust Negotiation, IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, CA, June (2002).Google Scholar
- 13.Yu, T., Winslett, M., Seamons, K. E.: Interoperable Strategies in Automated Trust Negotiation, Proceedings of the 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania (2001).Google Scholar