Yan He,Miaoliang Zhu

DOI: https://doi.org/10.4108/infoscale.2007.888

2007-01-01

Abstract:Traditional security model, where the identity of all possible requesting subjects must be pre-registered in advance, is not suitable for the distributed applications with strong real-time requirements, especially recently popular P2P networks and Grid computing. A promising approach is represented by automated trust negotiation, which establishes trust between strangers through the exchange of digital credentials and the use of access control policies. An automated trust negotiation strategy needs to be adopted to establish trust between two parties based on their disclosure policies. Previously proposed negotiation strategies may fail when in fact success is possible, disclose irrelevant credentials, or have high communication or computational complexity. In this paper, we model the policies participating trust negotiation as Negotiation Petri Net and propose a trust negotiation Strategy based on Negotiation Petri Net (SNPN) by combining the characteristics of Negotiation Petri Net architecture with the behaviors of auto trust negotiation. We prove that SNPN is efficient with O(n) communication complexity and O(nm) computational complexity including Negotiation Petri Net building process and the negotiation process in the worst case, where n is the number of credentials and m is the size of the credential disclosure policies. Meanwhile SNPN is complete and makes sure that no irrelevant credentials will be disclosed during negotiations.

Yan He,Miaoliang Zhu,Chunying Zheng

DOI: https://doi.org/10.1109/CSSE.2008.867

2008-01-01

Abstract:Traditional security model, where the identity of all possible requesting subjects must be pre-registered in advance, is not suitable for the distributed applications with strong real-time requirements. A promising approach is represented by automated trust negotiation, which establishes trust between strangers through the exchange of digital credentials and the use of access control policies. As the credentials contain sensitive information, entities disclose credentials circumspectly. Given multiple credential exchange sequences achieving the same result, it is desirable to pick the sequence that discloses a set of minimum sensitive credentials. In this paper, we model the policies participating trust negotiation as a Negotiation Petri Net and propose a trust negotiation MSC strategy, which works by the characteristics of Negotiation Petri Net architecture, the behaviors of auto trust negotiation and the greedy algorithm. We prove that the MSC strategy is complete, efficient and mini-sensitivity cost. It also makes sure that no irrelevant credentials will be disclosed during negotiations.

Yong HUANG,Xue-zeng,Guo-yong CAI,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1002-137X.2009.04.038

2009-01-01

Computer Science

Abstract:To deal with the issue of modeling and designing trusted collaborative systems,a RBN-T model was proposed,and the trust guarantee mechanisms and their policies were also discussed.To illustrate the usability of the RBN-T model,a modeling procedure based on RBN-T was given and a case study was presented.RBN-T raises the normative role based management approach toward a higher level which facilitates the concerns of trust into the early phases while developing trusted collaborative systems.

Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

HL Hu,D Chen,CQ Huang

DOI: https://doi.org/10.1007/11428862_31

2005-01-01

Abstract:The open and anonymous of grid make the task of controlling access to sharing information more difficult, which cannot be addressed by traditional access control methods. In this paper, we identify access control requirements in such environments and propose a trust based access control framework for grid resource sharing. The framework is an integrated solution involving aspects of trust and recommendation models, based the discretionary access control (DAC), and are applied to grid resource-sharing systems. In this paper, we integrate technology of web services into idea of trust for describing resources.

Shangyuan Guan,Xiaoshe Dong,Yiduo Mei,Weiguo Wu,Zhengdong Zhu

DOI: https://doi.org/10.1109/ICEBE.2008.50

2008-01-01

Abstract:Exchange of attribute certificates is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated trust negotiation (ATN) is a promising approach to regulating the exchange of sensitive information during this process. It has been a fundamental but challenging problem to preserve the privacy of the two negotiation parties during the period of ATN. We present the enhanced hidden credentials and improved concurrent zero-knowledge proof protocol. Based on the above technologies, we propose an ATN for e-business applications, named CASTLE. CASTLE can not only enable the oblivious and selective usage of an attribute or a certificate, but also be resistible for many attacks, especially conspiracy attack. We illustrate the usage of CASTLE through a typical example.

Xinxin Liu,Shaohua Tang,Kai Wei

DOI: https://doi.org/10.1109/ICMLC.2010.5580592

2010-01-01

Abstract:Automated trust negotiation (ATN) is an approach to establishing mutual trust between strangers wishing to share resources or conduct business by gradually requesting and disclosing digitally signed credentials. We present the formalization of automated trust negotiation system in the applied pi calculus and analyze its security property automatically with the assistant of an automatic protocol analyzer, ProVerif.

Shangyuan Guan,Xiaoshe Dong,Weiguo Wu,Yiduo Mei,Guofu Feng

DOI: https://doi.org/10.1109/aina.2008.25

2008-01-01

Abstract:Trust has been recognized as an important factor for information security in open and dynamic environments, such as Internet applications, p2p systems etc. On the basis of analyzing existing trust management systems, this paper proposes a Distributed Trust Management based on Authorizing Negotiation (DTMAN). DTMAN presents a number of innovative features. First, it can authorize strangers by using authorizing negotiation, so it is very suitable for open and dynamic environments. Second, a high efficient algorithm for compliance checking is developed to support DTMAN, whose time complexity and space complexity are both O(n) (where n is the cardinality of the set of authorization credentials). The experimental result shows that the algorithm of DTMAN is more efficient than others.

Bing Zhang,Xinxin Ma,Zhiguang Qin

2011-01-01

Abstract:⎯By analyzing existed Internet of Things’ system security vulnerabilities, a security architecture on trusting one is constructed. In the infrastructure, an off-line identity authentication based on the combined public key (CPK) mechanism is proposed, which solves the problems about a mass amount of authentications and the cross-domain authentication by integrating nodes’ validity of identity authentication and uniqueness of identification. Moreover, the proposal of constructing nodes’ authentic identification, valid authentication and credible communication connection at the application layer through the perception layer impels the formation of trust chain and relationship among perceptional nodes. Consequently, a trusting environment of the Internet of Things is built, by which a guidance of designing the trusted one would be provided. Index Terms⎯Combined public key, elliptic curves cryptography, Internet of Things, radio frequency identification, security system, trusting system.

Orhio Mark Creado,Bala Srinivasan,Phu Dung Le,Jefferson Tan

DOI: https://doi.org/10.5121/csit.2014.4212

2014-03-03

Abstract:Trust is an absolute necessity for digital communications; but is often viewed as an implicit singular entity. The use of the internet as the primary vehicle for information exchange has made accountability and verifiability of system code almost obsolete. This paper proposes a novel approach towards enforcing system security by requiring the explicit definition of trust for all operating code. By identifying the various classes and levels of trust required within a computing system; trust is defined as a combination of individual characteristics. Trust is then represented as a calculable metric obtained through the collective enforcement of each of these characteristics to varying degrees. System Security is achieved by facilitating trust to be a constantly evolving aspect for each operating code segment capable of getting stronger or weaker over time.

Cryptography and Security

Qiang Zhang,Xiaowei Wang,Zhenghu Gong

DOI: https://doi.org/10.1109/CSSE.2008.1363

2008-01-01

Abstract:We find that traditional authentication ways donpsilat act well in MANETs for the features of dynamic topology and non-existence of central facilities in mobile ad hoc networks. This paper presents a distributed trust proving language, which is based on role trust. The solution of constructing credential authentication infrastructure and the problem how to perform automated trust negotiation are also discussed. Our design defines roles and policies to make distributed trust negotiation and it can avoid unrelated credential fetching. Simulations show that Our design outperforms traditional trust negotiation ways and is more efficient as a security authentication mechanism in the MANET environments.

Xinxin Liu,Shaohua Tang,Qiong Huang,Zhiwen Yu

DOI: https://doi.org/10.1016/j.csi.2013.03.003

IF: 3.721

2013-01-01

Computer Standards & Interfaces

Abstract:We propose an ontology-based approach to automated trust negotiation (ATN) to establish a common vocabulary for ATN across heterogeneous domains and show how ontologies can be used to specify and implement ATN systems. The components of the ATN framework are expressed in terms of a shared ontology and ontology inference techniques are used to perform ATN policy compliance checking. On this basis, a semantically relevant negotiation strategy (SRNS) is proposed that ensures the success of a negotiation whenever it is semantically possible. We analyze the properties of SRNS and evaluate the performance of the ontology-based ATN.

Jianxin Li,Jinpeng Huai,Jie Xu,Yanmin Zhu,Wei Xue

DOI: https://doi.org/10.1109/e-science.2006.145

2006-01-01

Abstract:In order to establish trust relationship between service requesters and providers in an open decentralized environment, we propose a novel trust negotiation framework, TOWER, which integrates distributed trust chain construction of trust management and aims to enhance the grid security infrastructure. Our approach leverages attribute-based credentials to support flexible delegation, and dynamically constructs trust chains. A novel TRust chAin based Negotiation Strategy (TRANS) is proposed to establish trust relationship on the fly by gradually disclosing credentials according to various access control policies. Our approach has been successfully implemented as useful components and fundamental security services in the CROWN Grid, and techniques such as trust tickets and policy caching that can greatly increase service efficiency are used. Finally, we evaluate our approach by comprehensive experiments and the results show that it is feasible.

Huilin Wang,Xin Kang,Tieyan Li,Zhongding Lei,Cheng-Kang Chu,Haiguang Wang

DOI: https://doi.org/10.48550/arXiv.2212.01618

2022-12-03

Abstract:With the development of Information and Communication Technologies, trust has been applied more and more in various scenarios. At the same time, different organizations have published a series of trust frameworks to support the implementation of trust. There are also academic paper discussing about these trust standards, however, most of them only focus on a specific application. Unlike existing works, this paper provides an overview of all current available trust standards related to communication networks and future digital world from several main organizations. To be specific, this paper summarizes and organizes all these trust standards into three layers: trust foundation, trust elements, and trust applications. We then analysis these trust standards and discuss their contribution in a systematic way. We discuss the motivations behind each current in forced standards, analyzes their frameworks and solutions, and presents their role and impact on communication works and future digital world. Finally, we give our suggestions on the trust work that needs to be standardized in future.

Information Theory,Cryptography and Security

Yuan Wang,Feng Xu,Ye Tao,Chun Cao,Jian Lü

DOI: https://doi.org/10.1007/11839569_23

2006-01-01

Abstract:Trust management is an efficient approach to ensure the security and reliability in the autonomic and coordination systems. Various trust management systems are proposed from different viewpoints. However, evaluating different trust management approaches is usually more intuitive than formal. This paper presents a role-based formal framework to specify trust management systems. By quantifying two types of trust commonly occurring in the existing trust management systems, the framework proposes a set of elements to express the assertions and recommendation relationships in trust management. Furthermore, some facilities are provided to specify the semantics of trust engines. The framework makes it more convenient to understand, compare, analyze and design trust management systems.

Shangyuan Guan,Yiduo Mei,Xiaoshe Dong,Zhao Wang,Zhengdong Zhu

DOI: https://doi.org/10.1007/978-3-540-92719-8_42

2007-01-01

Abstract:Automated Trust Negotiation (ATN) is a promising approach to allowing strangers to access sensitive services in open environments. Although many ATN systems are proposed, some issues still remain to be addressed: 1) they are centralized and cannot scale well; and 2) their policy languages are coarse-grained. To address the above problems and secure grids, we present a novel automated trust negotiation framework, FORT, to establish trust relationship between service providers and service requesters. FORT is decentralized, so it scales well. Furthermore, we utilize attribute constraints to refine its language. This paper implements FORT and designs experiments to evaluate its performance. Experimental results show that FORT can effectively protect sensitive services at the cost of little performance of systems and scale well.

Ruidong Li,Jie Li,Hitoshi Asaeda

DOI: https://doi.org/10.1587/transinf.2013thp0010

2014-01-01

IEICE Transactions on Information and Systems

Abstract:SUMMARY To secure a wireless sensor and actuator network (WSAN) in cyber-physical systems, trust management framework copes with misbehavior problem of nodes and stimulate nodes to cooperate with each other. The existing trust management frameworks can be classified into reputation-based framework and trust establishment framework. There, however, are still many problems with these existing trust management frameworks, which remain unsolved, such as frangibility under possible attacks. To design a robust trust management framework, we identify the attacks to the existing frameworks, present the countermeasures to them, and propose a hybrid trust management framework (HTMF) to construct trust environment for WSANs in the paper. HTMF includes second-hand information and confidence value into trustworthiness evaluation and integrates the countermeasures into the trust formation. We preform extensive performance evaluations, which show that the proposed HTMF is more ro

Christos-Minas Mathas,Costas Vassilakis,Nicholas Kolokotronis

DOI: https://doi.org/10.1109/SERVICES48979.2020.00047

2021-09-04

Abstract:In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.

Cryptography and Security

Xinxin Liu,Shaohua Tang,Shiqian Chen

DOI: https://doi.org/10.1007/s12083-015-0343-1

IF: 3.488

2015-01-01

Peer-to-Peer Networking and Applications

Abstract:utomated trust negotiation (ATN) is an approach to regulating the gradual exchange of sensitive resources, which are protected by access control policies, between two strangers to establish mutual trust in open distributed systems. Policy compliance checkers of ATN determine which credentials satisfy an access control policy and whether a particular set of credentials satisfies the relevant policy. We propose a description logic-based approach to policy compliance checking, in which the description logic (DL) 𝒮ℋ𝒪ℐ𝒩(𝒟) is exploited to formalize credentials and policies of ATN, and the state-of-the-art DL reasoners are leveraged for policy compliance checking. By exploring the semantics of credentials and policies defined by DL, our approach can promote the success of a negotiation whenever it is semantically possible. As long as a policy can be satisfied, our approach can find the credentials satisfying the policy. These credentials can be either syntactically defined in the policy or semantically imply those defined. In addition, benefiting from DL reasoning, attribute delegations that are modeled as semantic relations among attributes can be retrieved by our approach as the evidence of a negotiator’s satisfaction of an access control policy. This evidence is quite necessary in the ATN environment where negotiators are usually strangers belonging to different domains without a common knowledge of delegations.