Skip to main content
Springer Nature Link
Log in

Protecting Privacy during On-Line Trust Negotiation

  • Conference paper
  • First Online:
Privacy Enhancing Technologies (PET 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2482))

Included in the following conference series:

Abstract

The dramatic growth of services and information on the Internet is accompanied by growing concerns over privacy. Trust negotiation is a new approach to establishing trust between strangers on the Internet through the bilateral exchange of digital credentials, the on-line analogue to the paper credentials people carry in their wallets today. When a credential contains sensitive information, its disclosure is governed by an access control policy that specifies credentials that must be received before the sensitive credential is disclosed. This paper identifies the privacy vulnerabilities present in on-line trust negotiation and the approaches that can be taken to eliminate or minimize those vulnerabilities. The paper proposes modifications to negotiation strategies to help prevent the inadvertent disclosure of credential information during online trust negotiation for those credentials or credential attributes that have been designated as sensitive, private information.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bertino, E., Castano, S., Ferrari, E.: On Specifying Security Policies for Web Documents with an XML-based Language, Proceedings of Sixth ACM Symposium on Access Control Models and Technologies, Chantilly, Virginia (2001).

    Google Scholar 

  2. Biskup, J.: For Unknown Secrecies Refusal is Better than Lying, Data & Knowledge Engineering 33, Elsevier Science, Amsterdam (2000).

    Google Scholar 

  3. Bonatti, P., Samarati, P.: Regulating Service Access and Information Release on the Web, Proceedings of the 7th Conference on Computer and Communications Security, Athens, Greece (2000).

    Google Scholar 

  4. Brands, S. A.: Rethinking Public Key Infrastructures and Digital Certificates, MIT Press, Cambridge, Massachusetts (2000).

    Google Scholar 

  5. Forrester Press Release, Companies Must Adopt A Whole-View Approach To Privacy, http://www.forrester.com/ER/Press/Release/0,1769,514,00.html (2001).

  6. Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K. E., Smith, B.: Advanced Client/Server Authentication in TLS, Network and Distributed System Security Symposium, San Diego, CA, (2002).

    Google Scholar 

  7. International Telecommunication Union, Recommendation X.509-Information Technology-Open Systems Interconnection-The Directory: Authentication Framework (1997).

    Google Scholar 

  8. Persiano, P., Visconti, I.: User Privacy Issues Regarding Certificates and the TLS Protocol, in Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece (2000).

    Google Scholar 

  9. Platform for Privacy Preferences (P3P) Specification, W3C Working Draft 26 August (1999), http://www.w3.org/TR/WD-P3P/Overview.html.

  10. Seamons, K. E., Winslett, M., Yu, T.: Limiting the Disclosure of Access Control Policies During Automated Trust Negotiation, Symposium on Network and Distributed System Security, San Diego (2001).

    Google Scholar 

  11. Tygar, J. D.: Atomicity versus Anonymity: Distributed Transactions for Electronic Commerce, Proceedings of 24th International Conference on Very Large Data Bases, New York City, New York (1998).

    Google Scholar 

  12. Winsborough, W. H., Li, N.:Towards Practical Automated Trust Negotiation, IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, CA, June (2002).

    Google Scholar 

  13. Yu, T., Winslett, M., Seamons, K. E.: Interoperable Strategies in Automated Trust Negotiation, Proceedings of the 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania (2001).

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Brigham Young University, Provo, UT, USA, 84602

    Kent E. Seamons, Lina Yu & Ryan Jarvis

  2. Department of Computer Science, University of Illinois at Urbana-Champaign, Urbana, IL, USA, 61801

    Marianne Winslett & Ting Yu

Authors
  1. Kent E. Seamons
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marianne Winslett
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ting Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lina Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ryan Jarvis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Free Haven Project, 144 Lake St., Arlington, MA, 02474, USA

    Roger Dingledine

  2. Naval Research Laboratory, Washington, DC, 20375, USA

    Paul Syverson

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Seamons, K.E., Winslett, M., Yu, T., Yu, L., Jarvis, R. (2003). Protecting Privacy during On-Line Trust Negotiation. In: Dingledine, R., Syverson, P. (eds) Privacy Enhancing Technologies. PET 2002. Lecture Notes in Computer Science, vol 2482. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36467-6_10

Download citation

  • DOI: https://doi.org/10.1007/3-540-36467-6_10

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00565-0

  • Online ISBN: 978-3-540-36467-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation