Research On Sensitive Attribute Protection In Automated Trust Negotiation

In the open and distributed network environment, privacy protection is essential whensharing resources between strangers. Automated Trust Negotiation (ATN) is a new approach toprotect strangers’ privacy when sharing resources. However, as same as the resources shared,strangers’ private certificates are protected by making access control policy in ATN. It willcause repetitious negotiation and failure to share resources.Therefore, after analyzing what causes ATN’s low success-ratio and low efficiency, thisdissertation gives much attention on how to improve them. The main work includes thefollowing aspects.(1) As ATN is modeled as a certificate disclosing sequences in existing research, sensitivecertificate is deemed to be the minimal cell of privacy in ATN. However, there is usually notonly one attribute in a certificate, and negotiator may get access to resource after merelyrevealing parts of attributes from a certificate. If the whole certificate was disclosed, irrelatedattributes may cause additional negotiations, and ATN’s success-ratio and efficiency will be cutdown. We changed the minimal cell of privacy into sensitive attribute, and ATN’s success-ratioand efficiency became higher.(2) It is impossible to validate signature after disclosing parts of attributes from existingX.509v4attribute certificate. We redesigned the signature by dual signature, which made thecertificate can be verified after disclosing parts of attributes. The improved certificate iscompatible with X.509v4standard, and it has the feature of good flexibility, high security andlittle cost. Moreover, it gives essential technology support for improving success-ratio andefficiency in ATN.(3) As negotiators making access control policy respectively for their own resources andsensitive attributes, it is impossible for them to detect cyclic policy interdependency in ATN.Therefore, the cyclic policy interdependency is unavoidable, and it may cause infinitenegotiations. The relationship of negotiators’ policies was modeled as directed simple graph,and the cyclic policy interdependency was detected by computing reachability matrix. Afterdetecting cyclic policy interdependency, infinite negotiations can be ended and ATN’sefficiency will be improved.(4) A client can only get access to server’s resource after disclosing essential attributes tosatisfy access control policy in ATN. However, if the attributes disclosed were sensitive,additional negotiations will be unavoidable, and ATN’s success-ratio will be cut down. Basedon Pedersen Commitment, security protocol was designed to protect client’s sensitive attributes.In which, client can only get access to resource when access control policy is satisfied, and server learns nothing about client’s attributes. With this security protocol, ATN will have highersuccess-ratio and less negotiation times.