2011-Improving Efficiency in Privacy-preserving Automated Trust Negotiation with

Improving Efficiency in Privacy-preserving Automated Trust Negotiation with

Conjunctive Policies

Tangtisanon Pikulkaew and Hiroaki Kikuchi

Graduate School of Engineering,Tokai University,

4-1-1Kitakaname,Hiratsuka,Kanagawa,259-1292,Japan kikn@tokai.ac.jp

Abstract—Automated Trust Negotiation(ATN)is an ap-proach to allow two participants to automatically verify whether their policies are consistent with each other or not. During the negotiation process,in order to protect privacy,both participants intend to disclose their credentials and policies as little as possible.A previous work(ATN)[14]successfully negoti-ates with perfect privacy preservation where post-negotiation, neither credentials nor policies were revealed to each other. Unfortunately,in order to negotiate with policy withℓconjunc-tive“and”conditions,consisting of m credentials it requires a large computation cost which is linear to combination(m,ℓ). In our work,we focus on this problem and establish a new scheme to lower the cost in the conjunctive condition policy so that our protocol require only mℓwhich can highly decrease computation and communication costs.The proposed scheme performs in semi-honest model.The new idea is adding a dynamic secret key to verify which credentials match with the requested policies.We also demonstrate that this new approach can improve the efficiency of the previous one by showing a qualitative evaluation using implementation and analysis of computation and communication cost.

Keywords-Automated Trust Negotiation,Privacy Preserving,

I.I NTRODUCTION

Automated trust Negotiation(ATN)[1],[2],[3]is an approach to allow two participants to automatically verify whether their policies are consistent with each other or not.In this protocol,both participants negotiate minimizing the discloser of their credentials and policies.The ATN is applied,for example,when a user wants to buy a book at a discount rate from an online bookstore.

Thefirst work of ATN was proposed by Winsborough et al.[1],consisting of three schemes called as eager,parsimo-nious and hybrid.In the eager scheme,participants exchange unprotected credentials with each other,while in parsimo-nious scheme participants exchange credentials gradually as requested.The hybrid scheme is the combination of eager and parsimonious schemes.Unfortunately,no privacy is preserved at the end of this protocol.

Existing works[2],[3]mainly focus on protecting sen-sitive credentials and policies of negotiators.However,a primary goal of ATN is to automatically establish trust relationship to each other.For some cases of negotiation privacy may not be the only concern.In such cases using schemes with low computation cost is good enough.

Freedman,Nissim and Pinkas[4]proposed protocols to compute the intersection of two subsets owned by two parties without leaking any additional information by using a homomorphic encryption and a balance hashing.They also proposed some variants of private intersection protocols.In private matching,a server and a client can learn which element they both have,while in private matching for set cardinality,they learn only the number of matching element without knowing exactly matching element.

Lee,Minami and Borisov[6]formalized the notion of confidentiality-preserving distributed proof using a trusted third party(TTP)model of computation.The TTP such as a certificate authority(CA)works as a middleman interacts between two parties who both trust him.In this protocol, a server must disclose its policies and service to the TTP then the TTP will release the service to a client if and only if the policies is satisfied.After the protocol was run,the server does not learn whether the client can successfully grant the access to the service and the client learns nothing about the server’s policies.The disadvantage of this protocol is that it releases a server policies to the third-party unlike our protocol.

Brian and Adam[7]proposed a protocol that related to the notion of confidentiality preserving distributed proof intro-duced in[6],using the Hidden Information Release policies, the homomorphic property and the encryption scheme that have a property of IND-CPA security.The advantage of this protocol is that the release conditions do not need to be known to the third party unlike[6].Thus,this protocol can solve the cyclic dependency problem[8].Unfortunately, this work only focus on a single round of negotiation of conjunctive policies.Our work is also based on the homomorphic property and output the same result with this work but in our case no third-party is required,support multiple conjunction policies and can be run automatically. We presented a scheme using a cryptographical protocol for private set intersection and some building blocks in[14]. However,the protocol suffers large computational overhead in dealing with conjunctive policies,i.e.,Bob requests to test if Alice has credentials c1∧...∧cℓwhile Alice has m credentials,it requires a large computation cost which is linear to combination

(m

ℓ

)

.

In this paper,we study the above problem and establish a new scheme to lower the cost of negotiation in conjunctive

2011 International Conference on Network-Based Information Systems