Trust negotiations with customizable anonymity

Anna Cinzia Squicciarini, Abhilasha Barghav-Spantzel, Elisa Bertino, Elena Ferrari, Indrakshi Ray

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Trust negotiation makes it possible for two parties to carry on secure transactions by first establishing trust through a bilateral, iterative process of requesting and disclosing digital credentials and policies. Credentials, exchanged during trust negotiations, often contain sensitive attributes that attest to the properties of the credential owner. Uncontrolled disclosure of such sensitive attributes may cause grave damage to the credential owner. Research has shown that disclosing non-sensitive attributes only can cause identity to be revealed as well. Consequently, we impose a stronger requirement: our negotiations should have the k-anonymity property - the set of credentials submitted by a subject during a negotiation should be equal to k other such sets received by the counterpart during earlier negotiations. In this paper we propose a protocol that ensures k-anonymity. Our protocol has a number of important features. First, a credential submitter before submitting its set of credentials has the assurance that its set will be identical to k other sets already stored with the counterpart. Second, we provide a cryptographic protocol ensuring that the credentials submitted by the submitter during different negotiations cannot be linked to each other. Third, we ensure that the critical data exchanged during the protocol is valid. Fourth, the major part of the protocol involves the negotiating parties only; the protocol invokes the validator only only when some critical information needs to be validated.

Original languageEnglish (US)
Title of host publicationProceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)
PublisherIEEE Computer Society
Pages69-72
Number of pages4
ISBN (Print)0769527493, 9780769527499
DOIs
StatePublished - Jan 1 2006
Event2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Hong Kong, China
Duration: Dec 18 2006Dec 22 2006

Publication series

NameProceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)

Other

Other2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology
CountryChina
CityHong Kong
Period12/18/0612/22/06

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software

Cite this

Squicciarini, A. C., Barghav-Spantzel, A., Bertino, E., Ferrari, E., & Ray, I. (2006). Trust negotiations with customizable anonymity. In Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings) (pp. 69-72). [4053206] (Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)). IEEE Computer Society. https://doi.org/10.1109/WI-IATW.2006.138
Squicciarini, Anna Cinzia ; Barghav-Spantzel, Abhilasha ; Bertino, Elisa ; Ferrari, Elena ; Ray, Indrakshi. / Trust negotiations with customizable anonymity. Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings). IEEE Computer Society, 2006. pp. 69-72 (Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)).
@inproceedings{ba3248e19dc74d00928f65a3ef2e7f1a,
title = "Trust negotiations with customizable anonymity",
abstract = "Trust negotiation makes it possible for two parties to carry on secure transactions by first establishing trust through a bilateral, iterative process of requesting and disclosing digital credentials and policies. Credentials, exchanged during trust negotiations, often contain sensitive attributes that attest to the properties of the credential owner. Uncontrolled disclosure of such sensitive attributes may cause grave damage to the credential owner. Research has shown that disclosing non-sensitive attributes only can cause identity to be revealed as well. Consequently, we impose a stronger requirement: our negotiations should have the k-anonymity property - the set of credentials submitted by a subject during a negotiation should be equal to k other such sets received by the counterpart during earlier negotiations. In this paper we propose a protocol that ensures k-anonymity. Our protocol has a number of important features. First, a credential submitter before submitting its set of credentials has the assurance that its set will be identical to k other sets already stored with the counterpart. Second, we provide a cryptographic protocol ensuring that the credentials submitted by the submitter during different negotiations cannot be linked to each other. Third, we ensure that the critical data exchanged during the protocol is valid. Fourth, the major part of the protocol involves the negotiating parties only; the protocol invokes the validator only only when some critical information needs to be validated.",
author = "Squicciarini, {Anna Cinzia} and Abhilasha Barghav-Spantzel and Elisa Bertino and Elena Ferrari and Indrakshi Ray",
year = "2006",
month = "1",
day = "1",
doi = "10.1109/WI-IATW.2006.138",
language = "English (US)",
isbn = "0769527493",
series = "Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)",
publisher = "IEEE Computer Society",
pages = "69--72",
booktitle = "Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)",
address = "United States",

}

Squicciarini, AC, Barghav-Spantzel, A, Bertino, E, Ferrari, E & Ray, I 2006, Trust negotiations with customizable anonymity. in Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)., 4053206, Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings), IEEE Computer Society, pp. 69-72, 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology, Hong Kong, China, 12/18/06. https://doi.org/10.1109/WI-IATW.2006.138

Trust negotiations with customizable anonymity. / Squicciarini, Anna Cinzia; Barghav-Spantzel, Abhilasha; Bertino, Elisa; Ferrari, Elena; Ray, Indrakshi.

Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings). IEEE Computer Society, 2006. p. 69-72 4053206 (Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Trust negotiations with customizable anonymity

AU - Squicciarini, Anna Cinzia

AU - Barghav-Spantzel, Abhilasha

AU - Bertino, Elisa

AU - Ferrari, Elena

AU - Ray, Indrakshi

PY - 2006/1/1

Y1 - 2006/1/1

N2 - Trust negotiation makes it possible for two parties to carry on secure transactions by first establishing trust through a bilateral, iterative process of requesting and disclosing digital credentials and policies. Credentials, exchanged during trust negotiations, often contain sensitive attributes that attest to the properties of the credential owner. Uncontrolled disclosure of such sensitive attributes may cause grave damage to the credential owner. Research has shown that disclosing non-sensitive attributes only can cause identity to be revealed as well. Consequently, we impose a stronger requirement: our negotiations should have the k-anonymity property - the set of credentials submitted by a subject during a negotiation should be equal to k other such sets received by the counterpart during earlier negotiations. In this paper we propose a protocol that ensures k-anonymity. Our protocol has a number of important features. First, a credential submitter before submitting its set of credentials has the assurance that its set will be identical to k other sets already stored with the counterpart. Second, we provide a cryptographic protocol ensuring that the credentials submitted by the submitter during different negotiations cannot be linked to each other. Third, we ensure that the critical data exchanged during the protocol is valid. Fourth, the major part of the protocol involves the negotiating parties only; the protocol invokes the validator only only when some critical information needs to be validated.

AB - Trust negotiation makes it possible for two parties to carry on secure transactions by first establishing trust through a bilateral, iterative process of requesting and disclosing digital credentials and policies. Credentials, exchanged during trust negotiations, often contain sensitive attributes that attest to the properties of the credential owner. Uncontrolled disclosure of such sensitive attributes may cause grave damage to the credential owner. Research has shown that disclosing non-sensitive attributes only can cause identity to be revealed as well. Consequently, we impose a stronger requirement: our negotiations should have the k-anonymity property - the set of credentials submitted by a subject during a negotiation should be equal to k other such sets received by the counterpart during earlier negotiations. In this paper we propose a protocol that ensures k-anonymity. Our protocol has a number of important features. First, a credential submitter before submitting its set of credentials has the assurance that its set will be identical to k other sets already stored with the counterpart. Second, we provide a cryptographic protocol ensuring that the credentials submitted by the submitter during different negotiations cannot be linked to each other. Third, we ensure that the critical data exchanged during the protocol is valid. Fourth, the major part of the protocol involves the negotiating parties only; the protocol invokes the validator only only when some critical information needs to be validated.

UR - http://www.scopus.com/inward/record.url?scp=34250782624&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34250782624&partnerID=8YFLogxK

U2 - 10.1109/WI-IATW.2006.138

DO - 10.1109/WI-IATW.2006.138

M3 - Conference contribution

AN - SCOPUS:34250782624

SN - 0769527493

SN - 9780769527499

T3 - Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)

SP - 69

EP - 72

BT - Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)

PB - IEEE Computer Society

ER -

Squicciarini AC, Barghav-Spantzel A, Bertino E, Ferrari E, Ray I. Trust negotiations with customizable anonymity. In Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings). IEEE Computer Society. 2006. p. 69-72. 4053206. (Proceedings - 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops Proceedings)). https://doi.org/10.1109/WI-IATW.2006.138