Point-Based Trust: Define How Much Privacy Is Worth

This paper studies the notion of point-based policies for trust management, and gives protocols for realizing them in a disclosure-minimizing fashion. Specifically, Bob values each credential with a certain number of points, and requires a minimum total threshold of points before granting Alice access to a resource. In turn, Alice values each of her credentials with a privacy score that indicates her reluctance to reveal that credential. Bob's valuation of credentials and his threshold are private. Alice's privacy-valuation of her credentials is also private. Alice wants to find a subset of her credentials that achieves Bob's required threshold for access, yet is of as small a value to her as possible. We give protocols for computing such a subset of Alice's credentials without revealing any of the two parties' above-mentioned private information.

[1]  Rebecca N. Wright,et al.  Privacy-preserving distributed k-means clustering over arbitrarily partitioned data , 2005, KDD '05.

[2]  Mikhail J. Atallah,et al.  Indexing Information for Data Forensics , 2005, ACNS.

[3]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[4]  Ninghui Li,et al.  Automated trust negotiation using cryptographic credentials , 2005, CCS '05.

[5]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[6]  Hilarie K. Orman,et al.  Hidden Credentials , 2003, WPES '03.

[7]  A. Shamm Identity-based cryptosystems and signature schemes , 1985 .

[8]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[9]  Donald F. Towsley,et al.  Optimizing cost-sensitive trust-negotiation protocols , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[10]  Carl E. Landwehr Improving Information Flow in the Information Security Market - DoD Experience and Future Directions , 2004, Economics of Information Security.

[11]  Wenliang Du,et al.  Secure Multi-party Computational Geometry , 2001, WADS.

[12]  Helger Lipmaa,et al.  Verifiable Homomorphic Oblivious Transfer and Private Equality Test , 2003, ASIACRYPT.

[13]  Vijay Varadharajan,et al.  A Trust based Access Control Framework for P2P File-Sharing Systems , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[14]  Wenliang Du,et al.  A study of several specific secure two-party computation problems , 2001 .

[15]  Marco Gruteser,et al.  USENIX Association , 1992 .

[16]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[17]  Nicole Yankelovich,et al.  Meeting central: making distributed meetings more effective , 2004, CSCW.

[18]  Mikhail J. Atallah,et al.  Privacy preserving route planning , 2004, WPES '04.

[19]  Jan Camenisch,et al.  Design and implementation of theidemixanonymous credential system , 2002, CCS 2002.

[20]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[21]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[22]  I. Damgård,et al.  A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System , 2000 .

[23]  Kent E. Seamons,et al.  Concealing complex policies with hidden credentials , 2004, CCS '04.

[24]  Brian L. Mark,et al.  A quantitative trust establishment framework for reliable data packet delivery in MANETs , 2005, SASN '05.

[25]  Marianne Winslett,et al.  Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[26]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[27]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[28]  Helen J. Wang,et al.  Applications of secure electronic voting to automated privacy-preserving troubleshooting , 2005, CCS '05.

[29]  Roberto Tamassia,et al.  Role-based cascaded delegation , 2004, SACMAT '04.

[30]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[31]  Makoto Yokoo,et al.  Secure multi-agent dynamic programming based on homomorphic encryption and its application to combinatorial auctions , 2002, AAMAS '02.

[32]  Ninghui Li,et al.  Safety in automated trust negotiation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[33]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[34]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[35]  Ninghui Li,et al.  Towards practical automated trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[36]  Mikhail J. Atallah,et al.  Trust Negotiation with Hidden Credentials, Hidden Policies, and Policy Cycles , 2006, NDSS.

[37]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[38]  Tuomas Aura,et al.  On the structure of delegation networks , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[39]  L. J. Camp Pricing Security , 2000 .

[40]  George Danezis,et al.  How Much Is Location Privacy Worth? , 2005, WEIS.

[41]  Ernesto Damiani,et al.  A reputation-based approach for choosing reliable resources in peer-to-peer networks , 2002, CCS '02.

[42]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[43]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[44]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[45]  Thomas Beth,et al.  Valuation of Trust in Open Networks , 1994, ESORICS.

[46]  Marianne Winslett,et al.  Interoperable strategies in automated trust negotiation , 2001, CCS '01.

[47]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[48]  Tuomas Aura,et al.  Distributed Access-Rights Managements with Delegations Certificates , 2001, Secure Internet Programming.

[49]  Marianne Winslett,et al.  PRUNES: an efficient and complete strategy for automated trust negotiation over the Internet , 2000, CCS.

[50]  Mikhail J. Atallah,et al.  Secure outsourcing of sequence comparisons , 2004, International Journal of Information Security.

[51]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[52]  Pierangela Samarati,et al.  A Uniform Framework for Regulating Service Access and Information Release on the Web , 2002, J. Comput. Secur..

[53]  Mikhail J. Atallah,et al.  Hidden access control policies with hidden credentials , 2004, WPES '04.

[54]  Shafi Goldwasser,et al.  Multi party computations: past and present , 1997, PODC '97.

[55]  Clifford Stein,et al.  Introduction to Algorithms, 2nd edition. , 2001 .

[56]  D. Song,et al.  Private and threshold set-intersection , 2004 .

[57]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[58]  David Chaum,et al.  A Secure and Privacy-protecting Protocol for Transmitting Personal Information Between Organizations , 1986, CRYPTO.

[59]  Marianne Winslett,et al.  A unified scheme for resource protection in automated trust negotiation , 2003, 2003 Symposium on Security and Privacy, 2003..