Privacy Enhanced Automated Trust Negotiation

Li, Jiangtao. Ph.D., Purdue University, May, 2006. Privacy Enhanced Automated Trust Negotiation. Major Professors: Mikhail J. Atallah and Ninghui Li. In automated trust negotiation, two parties exchange digitally signed credentials that contain attribute information to establish trust and make access control decisions. Because the information in question is often sensitive, credentials are protected according to access control policies. In traditional trust negotiation, credentials are transmitted either in their entirety or not at all. This approach can at times fail unnecessarily, either because a cyclic dependency makes neither negotiator willing to reveal her credential before her opponent, because the opponent must be authorized for all attributes packaged together in a credential to receive any of them, or because it is necessary to disclose the precise attribute values, rather than merely proving they satisfy some predicate (such as being over 21 years of age). In this thesis, we introduce a number of techniques that address the previous problems. In particular, • We propose Oblivious Attribute Certificates (OACerts), an attribute certificate scheme in which a certificate holder can select which attributes to use and how to use them. In particular, a user can use attribute values stored in an OACert to obtain a resource from a service provider without revealing any information about these values. Using OACerts, we develop a policy-hiding access control scheme that protects both sensitive attribute values and sensitive policies. • We present a privacy-preserving trust negotiation protocol that enforces each credential’s policy (thereby protecting sensitive credentials). Our result is not achieved through the routine use of standard techniques to implement, in this framework, one of the known strategies for trust negotiations (such as the “eager strategy”).