Research Of Key Technologies For Sensitive Information In Automated Trust Negotiation

Mutual trust is built by the disclosure of the credentials and access control policies in automated trust negotiation in which may contain sensitive information, which need to be protected in the trust negotiation process. UniPro is a unified framework for protection of sensitive information. However, the existing UniPro framework does not support communication in non-secure channel. Besides, the disclosure of credential will cause a corresponding leakage of sensitive information when one negotiator requests a credential of another negotiator. Therefore, how to improve the existing UniPro framework to support communication in non-secure channel to expand the use of UniPro framework and reduce the counts of disclosed credentials to avoid the leakage of sensitive information, have become the focus of this paper.According to the analysis and research of existing UniPro framework, UniPro secure data transmission module is designed, and it reference to the principle of envelop in social reality. In order to solve the defect which negotiators communicates with each other in non-secure that may result in the disclosure of sensitive information, a mixture of symmetric and asymmetric encryption techniques is adopted to ensure the information will not be break by attackers. In addition, the improved program use the MD5 hash to ensure the communication content will not be modified. The improved program can effectively prevent the attacks of network attackers and will not affect the security of the UniPro framework through performance analysis and theoretical evidence.By the authentication system based zero-knowledge proof, this paper design and implement zero-knowledge in UniPro program . One of the negotiators does not disclose certain credential, but the other negotiator can trust that one owns the credential by carrying out single-round zero-knowledge proof between the two negotiators. Through the imoproved program that the numbers of disclosured credentials can be effectively reduced in trust negotiation process and protect the sensitive information to some extent by performance analysis and theoretical evidence.