Harvesting credentials in trust negotiation as an honest-but-curious adversary

Authors:
Lars E. Olson;Michael J. Rosulek;Marianne Winslett
Affiliations:
University of Illinois at Urbana-Champaign, Urbana, IL;University of Illinois at Urbana-Champaign, Urbana, IL;University of Illinois at Urbana-Champaign, Urbana, IL
Venue:
Proceedings of the 2007 ACM workshop on Privacy in electronic society
Year:
2007

Citing 10
Cited 3

Regulating service access and information release on the Web

Proceedings of the 7th ACM conference on Computer and communications security
Design and implementation of the idemix anonymous credential system

Proceedings of the 9th ACM conference on Computer and communications security
Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation

ACM Transactions on Information and System Security (TISSEC)
Oblivious signature-based envelope

Proceedings of the twenty-second annual symposium on Principles of distributed computing
Towards Practical Automated Trust Negotiation

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Trust-X: A Peer-to-Peer Framework for Trust Establishment

IEEE Transactions on Knowledge and Data Engineering
Hidden Credentials

Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Cassandra: Distributed Access Control Policies with Tunable Expressiveness

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Adaptive trust negotiation and access control

Proceedings of the tenth ACM symposium on Access control models and technologies
OACerts: oblivious attribute certificates

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security

Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations

SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Encryption policies for regulating access to outsourced data

ACM Transactions on Database Systems (TODS)
Modeling and negotiating service quality

Service research challenges and solutions for the future internet

Quantified Score

Hi-index	0.00

Visualization

Abstract

Need-to-know is a fundamental security concept: a party should not learn information that is irrelevant to its mission. In this paper we show that during a trust negotiation in which parties show their credentials to one another, an adversary can systematically harvest information about all of a victim's credentials that the attacker is entitled to see, regardless of their relevance to the negotiation. We present examples of need-to-know attacks with the trust negotiation approaches proposed Yu, Winslett, and Seamons; by Bonatti and Samarati; and by Winsborough and Li. Finally, we propose possible countermeasures against need-to-know attacks, and discuss their advantages and disadvantages.