Protection Of Sensitive Information In The Automated Trust Negotiation

Automated trust negotiation (ATN) aims to allow two parties to securelyexchange digital credentials in X.509format that contain sensitive information such asname, address, birthday and memberships, as well as access control decisions (whatcredentials are acceptable). Both parties wish to minimize information to disclose toother party in order to learn the minimal agreement of both private policies.Winsborough et al. proposes the first scheme for ATN, classified into two extremestrategies, called, parsimonious and eager strategies. The eager strategy requiresparties to disclose credentials as soon as its access control policy is satisfied, while inparsimonious strategy, the parties disclose credentials only after a successful outcomeis ensured through negotiations. In both schemes, two parties need to reveal theirpartial policies gradually and hence no privacy is preserved.In this paper, we present a new automated trust negotiation scheme that ensuresperfect privacy preserving which satisfies the following properties;(1) no credential is revealed even after negotiation has made,(2) no policy is revealed even after negotiation has made, and(3) both parties learns whether their access control policies have agreement, ornot with respect to a target resource (certificate or credential).Although the above requirements sound infeasible, because of redundancy of alogical formula of access control policy, an agreement of policies can be ensuredwithout disclosure of policies. Let us suppose that client C has a policy "open studentid (credential) c if server has official certificate either s1or s2", and server S has boths1and s2. Client C does not necessary learn which of two certificates is used to showhis/her credential c. Using our proposed scheme, both parties are able to securelymake sure that their access control policies are satisfied before they proceed atransaction, without learning what polices are used. This is the first ATN protocol thatensures the perfect privacy preserving. This ensures the safety of the strategy toprevent the disclosure of sensitive information.