Trust management for secure information flows

In both the commercial and defence sectors a compelling need is emerging for the rapid, yet secure, dissemination of information across traditional organisational boundaries. In this paper we present a novel trust management paradigm for securing pan-organisational information flows that aims to address the threat of information leakage. Our trust management system is built around an economic model and a trust-based encryption primitive wherein: (i) entities purchase a key from a Trust Authority (TA) which is bound to a voluntarily reported trust score r, (ii) information flows are encrypted such that a flow tagged with a recipient trust score R can be decrypted by the recipient only if it possesses the key corresponding to a voluntarily reported score r < = R, (iii) the economic model (the price of keys) is set such that a dishonest entity wishing to maximise information leakage is incentivised to report an honest trust score r to the TA. This paper makes two important contributions. First, we quantify fundamental tradeoffs on information flow rate, information leakage rate and error in estimating recipient trust score R. Second, we present a suite of encryption schemes that realise our trust-based encryption primitive and identify computation and communication tradeoffs between them.

[1]  Leandros Tassiulas,et al.  Overcoming misbehavior in mobile ad hoc networks: an overview , 2005, CROS.

[2]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[3]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[4]  Ninghui Li,et al.  Automated trust negotiation using cryptographic credentials , 2005, CCS '05.

[5]  Markus Jakobsson,et al.  Node cooperation in hybrid ad hoc networks , 2006 .

[6]  Sheng Zhong,et al.  On designing incentive-compatible routing and forwarding protocols in wireless ad-hoc networks , 2006, Wirel. Networks.

[7]  Jens Grossklags,et al.  Resilient Data-Centric Storage in Wireless Ad-Hoc Sensor Networks , 2003, Mobile Data Management.

[8]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[9]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[10]  Ion Stoica,et al.  Incentives for Cooperation in Peer-to-Peer Networks , 2003 .

[11]  Sheng Zhong,et al.  Sprite: a simple, cheat-proof, credit-based system for mobile ad-hoc networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[12]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[13]  Bruce Christianson,et al.  Revised Papers from the 9th International Workshop on Security Protocols , 2000 .

[14]  Jean-Yves Le Boudec,et al.  Self-policing mobile ad hoc networks by reputation systems , 2005, IEEE Communications Magazine.

[15]  Levente Buttyán,et al.  Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks , 2003, Mob. Networks Appl..

[16]  Jolyon Clulow,et al.  New Strategies for Revocation in Ad-Hoc Networks , 2007, ESAS.

[17]  Andrew C. Myers,et al.  Complete, safe information flow with decentralized labels , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[18]  William A. Arbaugh,et al.  Toward secure key distribution in truly ad-hoc networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[19]  Qi He,et al.  SORI: a secure and objective reputation-based incentive scheme for ad-hoc networks , 2004, 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733).

[20]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[21]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[22]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[23]  Mudhakar Srivatsa,et al.  A Metadata Calculus for Securing Information Flows , 2008 .

[24]  Nikhil Swamy,et al.  Verified Enforcement of Security Policies for Cross-Domain Information Flows , 2007, MILCOM 2007 - IEEE Military Communications Conference.

[25]  Marco Conti,et al.  Cooperation issues in mobile ad hoc networks , 2004, 24th International Conference on Distributed Computing Systems Workshops, 2004. Proceedings..

[26]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[27]  Pooya Farshim,et al.  Generic Constructions of Identity-Based and Certificateless KEMs , 2008, Journal of Cryptology.

[28]  Steve Zdancewic,et al.  A Cryptographic Decentralized Label Model , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[29]  Hector Garcia-Molina,et al.  PPay: micropayments for peer-to-peer systems , 2003, CCS '03.

[30]  Guang Gong,et al.  Bootstrapping Security in Mobile Ad Hoc Networks Using Identity-Based Schemes with Key Revocation , 2006 .

[31]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[32]  Paolo Santi,et al.  COMMIT: a sender-centric truthful and energy-efficient routing protocol for ad hoc networks with selfish nodes , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[33]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[34]  Refik Molva,et al.  Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks , 2002, Communications and Multimedia Security.

[35]  Frank Stajano,et al.  The Resurrecting Duckling - What Next? , 2000, Security Protocols Workshop.

[36]  Elaine Shi,et al.  Multi-Dimensional Range Query over Encrypted Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[37]  Dharma P. Agrawal,et al.  Threshold and identity-based key management and authentication for wireless ad hoc networks , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[38]  Adrian Perrig,et al.  Distributed detection of node replication attacks in sensor networks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[39]  Stephan Eidenbenz,et al.  Ad hoc-VCG: a truthful and cost-efficient routing protocol for mobile ad hoc networks with selfish agents , 2003, MobiCom '03.

[40]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[41]  J.-P. Hubaux,et al.  Enforcing service availability in mobile ad-hoc WANs , 2000, 2000 First Annual Workshop on Mobile and Ad Hoc Networking and Computing. MobiHOC (Cat. No.00EX444).

[42]  Ling Liu,et al.  PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities , 2004, IEEE Transactions on Knowledge and Data Engineering.

[43]  Ninghui Li,et al.  Towards practical automated trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[44]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[45]  Hector Garcia-Molina,et al.  EigenRep: Reputation Management in P2P Networks , 2003 .

[46]  Andrew C. Myers,et al.  Secure Information Flow and CPS , 2001, ESOP.

[47]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[48]  Frederik Vercauteren,et al.  A comparison of MNT curves and supersingular curves , 2006, Applicable Algebra in Engineering, Communication and Computing.

[49]  Manuel Barbosa,et al.  Efficient Identity-Based Key Encapsulation to Multiple Parties , 2005, IMACC.

[50]  Kenneth G. Paterson,et al.  Key Refreshing in Identity-Based Cryptography and its Applications in MANETs , 2007, MILCOM 2007 - IEEE Military Communications Conference.

[51]  D. Roberts,et al.  Holistan: A Futuristic Scenario for International Coalition Operations , 2007, 2007 International Conference on Integration of Knowledge Intensive Multi-Agent Systems.

[52]  Ingrid Verbauwhede,et al.  Energy-Memory-Security Tradeoffs in Distributed Sensor Networks , 2004, ADHOC-NOW.