Trust Negotiation Protocol Support for Secure Mobile Network Service Deployment

User-centric services might enforce requirements difficult to be endorsed by visited networks unless tight coupled trust relations are previously established among providers. Maintaining those fixed trust relations is costly and unmanageable if the number of providers increases. Moreover, it requires providers to use a common security model, credentials, policies. . . . Trust Negotiation can be the solution to this problem since allows to negotiate gradually a security state enabling multiple factor authentication and authorization even for “strangers” by exchanging various credentials. However, there are still two problems to solve, the first one is the delay introduced by the trust negotiation messages if used as bootstrapping in every interaction; the second one is the lack of protocol support. In this article we address those problems by presenting an extension to TLS that enables trust negotiation and credential issuing (to speed-up following interactions) over a secure channel.

[1]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[2]  Mark Brown,et al.  Transport Layer Security (TLS) Authorization Extensions , 2010, RFC.

[3]  Russ Housley,et al.  An Internet Attribute Certificate Profile for Authorization , 2002, RFC.

[4]  Anna Cinzia Squicciarini Trust Negotiation Systems , 2004, EDBT Workshops.

[5]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[6]  Elisa Bertino,et al.  /spl Xscr/-TNL: an XML-based language for trust negotiations , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[7]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[8]  Krishna M. Sivalingam,et al.  Power-aware scheduling algoritms for wire-less networks , 2001 .

[9]  Andrés Marín López,et al.  Enhancing access control for mobile devices with an agnostic trust negotiation decision engine , 2007, PWC.

[10]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[11]  Andrés Marín López,et al.  Context awareness in network selection for dynamic environments , 2006, PWC.

[12]  Carlos García-Rubio,et al.  Context awareness in network selection for dynamic environments , 2006 .

[13]  Stephen Farrell,et al.  TLS extensions for AttributeCertificate based authorization , 1998 .

[14]  B. Clifford Neuman,et al.  The specification and enforcement of advanced security policies , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[15]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[16]  T. Dierks,et al.  The TLS protocol , 1999 .

[17]  Kent E. Seamons,et al.  Advanced Client/Server Authentication in TLS , 2002, NDSS.

[18]  Tim Wright,et al.  Transport Layer Security (TLS) Extensions , 2003, RFC.

[19]  Carlisle M. Adams,et al.  Internet X.509 Certificate Request Message Format , 1999, RFC.