Research On Trust Negotiation Related Key Technologies In Open Network

With the rapid development of modern information technology, computer andnetwork has penetrated into all fields of social life with the result of more and morecomputer-based network applications, especially the recent web-based business,government and scientific research activities as the typical kind of application.Out ofpeople’s requirement that in an open distributed network environment, they can easilyshare resources and get business assistance across multiple security domains ignoringthe WAN, heterogeneity and dynamics nature but considering autonomy and privacy ofeach other. The automated trust negotiation technology based on the disclose ofcredential and access control policy, and the automatically-established trust relationshipbetween the resource requester and resource provider came into being and become animportant research direction of the current access control technology. On the basis of theresults of previous studies on trust negotiation technology, the thesis conducts in-depthanalysis on the several key issues related to automated trust negotiation including policylanguage, negotiation strategy and privacy protection, and proposes improvementmethods to seek practical application of trust negotiation technology in existing networkenvironment so as to provide safe, reliable, convenient and efficient service for resourcesharing and utilization in an open network environment. The research results are asfollows:Firstly, it puts forward BDPL (Based Data logcpolicy language) with constraints.According to its basic form, the definition on its policy rule and the implementation ofthe standard policy, the author demonstrates that the BDPL policy language is not onlyable to meet the trust negotiation system but has strong scalability and expressive forceby examples.Secondly, it puts forward a customized and appreciable CPTNS (Customizable andPreferred Trust Negotiation Strategy). Based on in-depth analysis of the traditionaltree-based modeling, it introduces the Petri net technology which can accuratelydescribe the transmission and transformation of the distributed concurrent system toachieve the modeling approach based on Petri nets, and introduces EM calculation asthe merit-based assessment identification by the reachability graph of the Petri nets tobe the optimal evaluation index of the credentials exposure sequence. In the worstcase, computational complexity of CPTNS is O (nm), and communication complexityis O (n). The analysis and examples show that CPTNS is one trust negotiation strategy can guarantee the security of the free resources in the consultation process and maintainthe high efficiency of the two negotiating sides.Thirdly, it proposes several optimization programs of the current attribute-basedaccess control with hidden policies and hidden credentials (HPHC) to improve itssecurity and efficiency in the implementation. The first program is that the resourceprovider get obtain the required attribute information from an online CA to avoid thehigh cost caused by the blind try of the resource requester under the unknown controlpolicy. The second program is that it adopts the scrambled circuit with partialhomomorphic combination based on the Shamir secret sharing to improve the ccircuitcomputational efficiency of the access control policy and to enhance the security of theresources of the certificate and strategies. A large number of simulation experimentsshow these two improvement programs are not only feasible but also significantlyincreases the efficiency and security confidentiality.Fourthly, it proposes the technology of FAMTN (Federated Attribute Managementand Trust Negotiation) providing a realistic application environment for the automatedtrust negotiation technology. PAMTN technology solves the problem that the allianceon the federated identity management system can not dynamically build trust relationsas well as the problem of lack of the flexible and secure user privacy and informationprotection. It supports the information sharing of user attributes and multi-domain usersingle sign-on to realize the distribution management of user identity and attribute andits trust negotiation and to make the federated identity management get applied in anopen network environment.