Zhi-Yu Peng,Shan-Ping Li

DOI: https://doi.org/10.1109/icmlc.2008.4620616

2008-01-01

Abstract:As pervasive computing leading to an increased collection of information in the computational world as well as the real world, privacy leaking becomes a serious issue. Although privacy protection has drawn great attention in recent years, the privacy-preserving trust management has not been brought forward. Credential chain discovery problem is the key issue in trust management, and traditionally credentials are full open in the whole system. This could expose users' access control policies as well as other private information, and leads to a great risk of being cheated by malicious users. This paper advocates a privacy-preserving credential chain discovery mechanism, in which credentials are no longer available to everyone. By merely learning credentials of one's logic neighbors, this mechanism still achieves good results. The simulations show that this mechanism is practical.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

HL Hu,D Chen,CQ Huang

DOI: https://doi.org/10.1007/11428862_31

2005-01-01

Abstract:The open and anonymous of grid make the task of controlling access to sharing information more difficult, which cannot be addressed by traditional access control methods. In this paper, we identify access control requirements in such environments and propose a trust based access control framework for grid resource sharing. The framework is an integrated solution involving aspects of trust and recommendation models, based the discretionary access control (DAC), and are applied to grid resource-sharing systems. In this paper, we integrate technology of web services into idea of trust for describing resources.

Peng Li,Junzuo Lai,Dehua Zhou,Ye Yang,Wei Wu,Junbin Fang

DOI: https://doi.org/10.1016/j.comnet.2023.109828

IF: 5.493

2023-05-25

Computer Networks

Abstract:Incentive-based applications enable users to obtain rewards after they complete a task, but how to balance the privacy and accountability is one of the most serious concerns currently. Publicly accountable anonymous authentication provides an excellent way verifying a user's identity in a privacy-preserving way while ensuring public accountability in case of dispute. Although different kinds of these schemes have been proposed, they all assume that there is a single centralized certificate authority issuing a certificate to users, and are not suitable for an actual scenario which always involves multiple authorities. Therefore, a new primitive called multi-authority linkable and traceable anonymous authentication is proposed to address this issue, enabling privacy protection while holding public accountability under a multi-authority setting. We formally define a security model for this new notion and simultaneously design a generic construction while giving the security proof. Additionally, we implement the proposed scheme to show its efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

SHI Wenbo,CAO Chun

DOI: https://doi.org/10.3778/j.issn.1002-8331.1208-0528

2013-01-01

Abstract:Trust Management implements the authorization procedure and access control decision in an open network environment according to the credential issuing and the chain discovery algorithms. However, because of the complexity and dynamic of the trust network, the traditional trust-management system results in a low efficiency in credential discovery. To address the shortage, this paper proposes an autonomous trust-management system which introduces the concept of authority routing table.The system makes sure the direction of the search guides directly to the requester while finding the credential chain. While the trust network is complex and the right request happens frequently, the autonomous trust-management system can reduce the search cost and improve the efficiency in credential discovery.

Jinguang Han,Liqun Chen,Steve Schneider,Helen Treharne,Stephan Wesemeyer

DOI: https://doi.org/10.48550/arXiv.1804.07201

2018-04-19

Abstract:Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity which has become more important due to the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is authentication can only occur between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user's service access information, even if the verifiers for these services collude which each other. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole services access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme's security model is given together with a security proof, an implementation and a performance evaluation.

Cryptography and Security

Wei Feng,Zheng Yan,Haomeng Xie

DOI: https://doi.org/10.1109/access.2017.2679980

IF: 3.9

2017-01-01

IEEE Access

Abstract:Pervasive social networking (PSN) supports instant social activities anywhere and at any time with the support of heterogeneous networks, where privacy preservation is a crucial issue. One of the effective methods to achieve privacy preservation is anonymous authentication on trust. However, few literatures pay attention to it. In this paper, we propose an anonymous authentication scheme based on group signature for authenticating trust levels rather than identities of nodes in order to avoid privacy leakage and guarantee secure communications in PSN. The scheme achieves secure anonymous authentication with anonymity and conditional traceability with the support of a trusted authority (TA). We also provide a mechanism to guarantee communications among nodes when TA is not available for some nodes. In addition, the utilization of batch signature verification further improves the efficiency of authenticity verification on a large number of messages. Performance analysis and evaluation further prove that the proposed scheme is effective with regard to privacy preservation, computation complexity, communication cost, flexibility, reliability, and scalability.

Zhaofeng Ma,Xibin Zhao,Guo Zhi,Gu Ming,Jiaguang Sun

DOI: https://doi.org/10.1007/11577188_58

2005-01-01

Abstract:A new anonymous secure communication protocol with conditional traceability is proposed to provide personal anonymity and privacy protection, in which a secure mapping function is introduced to provide anonymity and personal information protection, when necessary, only authority principal part can act as arbitrator for communication validation. The proposed protocol has 3 advantages: 1) mutual communication; 2) anonymity of communication. 3) conditional traceability.

Yunhao Liu,Jinsong Han

DOI: https://doi.org/10.14711/thesis-b987542

2007-01-01

Abstract:Peer-to-Peer (P2P) model has become the mainstream of the applications in current and future Internet. Being effective in utilizing and managing globally distributed information over Internet, however, most current P2P systems do not provide protection to their users against the increasing threat from selfish peers or malicious adversaries. Anonymous and trustworthy computing hereby has continuously gained importance because it meets the users’ demands of privacy, fairness, trust, and reliability. In order to construct anonymous and trustworthy P2P systems, we must address several crucial challenges including (1) reliably and efficiently anonymizing the P2P network; (2) authenticating users’ identities; (3) enabling trust management in anonymous environments. Most existing approaches achieve anonymity via fixed paths, which are unreliable and inefficient in dynamic P2P systems. We propose two non-path based protocols to anonymize P2P systems. The results of trace driven simulations show that our proposed protocols are reliable, scalable and effective, and significantly reduce cryptographic overhead. The second issue is that the current authentication approaches face a dilemma in anonymous environments: authenticating other users needs their real identities; while the anonymity requires those users to hide their real identities. We propose a Zero-knowledge based protocol to allow users authenticate with each other without exposing their real identities. We show the effectiveness of our proposed protocol by simulation studies and prototype implementation. We solve the third issue by constructing a reputation based trust management architecture. We particularly focus on the feedback quality problem. In shorting of trusted authority centers in P2P systems, the feedback quality are easily wrecked by the dishonest feedback from malicious peers, which further degrades the computation accuracy of users’ reputation. Our proposed architecture effectively alleviates the damage on computing reputation caused by the feedback cheating. We believe that widely employing above proposed approaches will make P2P systems more secure and reliable. We also extend our study to other distributed systems and propose a privacy-preserving authentication protocol for RFID systems. Keywords: Peer-to-Peer, Anonymity, Privacy-Preserving, Authentication, Key Updating, Secret Sharing, Random Walk, Selected Flooding, Trustworthy Computing, Feedback Quality, Trust Management, Trace Driven Simulation, Zero-Knowledge Proof, Man-in-middle-attack

Li Lu,Jinsong Han

2006-01-01

Abstract:Technical Report TR 2006-10 Abstract— Most of the current trust models in peer-to-peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer’s identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called Pseudo Trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on Zero-Knowledge Proof is designed so peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the levels of security and anonymity in PT, and evaluate its performance using trace-driven simulations. A prototype Pseudo Trust-enabled P2P network is running in our labs at CAS Beijing, Hong Kong UST, and other sites. The strengths of Pseudo Trust include the lack of need for a centralized trusted party or CA, high scalability and security, low traffic and cryptography processing overheads, and man-in-the-middle attack resistance. We aim for the Pseudo Trust design to be included in the P2P trust and anonymity context.

HAO Li-ming,YANG Shu-tang,LU Song-nian,CHEN Gong-liang

DOI: https://doi.org/10.3321/j.issn:1006-2467.2008.02.001

2008-01-01

Abstract:To the anonymity problem in P2P(Peer-to-Peer) reputation system,an anonymity mechanism was proposed using DAA(Direct Anonymous Attestation) protocol based on trusted computing technology.The analysis result shows that this mechanism ensures all the peers' anonymity in fully distributed P2P reputation systems.The security of this mechanism is ensured and it has good ability to withstand(malicious) peers' behaviors.

LI Zhi-tang,ZHU You-jing,WANG Fu-dong

DOI: https://doi.org/10.3969/j.issn.1007-130X.2006.11.004

2006-01-01

Abstract:The current trust models of the P2P network are mostly implemented at the sacrifice of losing anonymity, which causes a new series of problems. This paper proposes a completely anonymous trust model of the P2P network,TAM,which guarantees security and anonymity by optionally using several public/private key pairs.

Shangyuan Guan,Xiaoshe Dong,Weiguo Wu,Yiduo Mei,Guofu Feng

DOI: https://doi.org/10.1109/aina.2008.25

2008-01-01

Abstract:Trust has been recognized as an important factor for information security in open and dynamic environments, such as Internet applications, p2p systems etc. On the basis of analyzing existing trust management systems, this paper proposes a Distributed Trust Management based on Authorizing Negotiation (DTMAN). DTMAN presents a number of innovative features. First, it can authorize strangers by using authorizing negotiation, so it is very suitable for open and dynamic environments. Second, a high efficient algorithm for compliance checking is developed to support DTMAN, whose time complexity and space complexity are both O(n) (where n is the cardinality of the set of authorization credentials). The experimental result shows that the algorithm of DTMAN is more efficient than others.

Jianjun Wang,Jianping Li,Chongming Ma,Jing Peng

DOI: https://doi.org/10.1109/ICCWAMTIP.2013.6716621

2013-01-01

Abstract:In the distributed environments, Anonymous Access and Delegation are not satisfied in the traditional Access Control. However, they can be guaranteed in the Key-based Trust Models, because a key represents the identification of one user, both authorization and key are associated with each other. In the Key-based Trust Models, the most representative ones are PolicyMaker, SPKI/SDSI and QCM. In this paper, we extract the mechanisms of authorization from these models, discuss the advantages and disadvantages, so as to develop new studies and applications.

Li Lu,Jinsong Han,Yunhao Liu,Lei Hu,Jinpeng Huai,Lionel M. Ni,Jian Ma

DOI: https://doi.org/10.1109/tpds.2008.15

IF: 5.3

2008-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Most of the current trust models in peer-to-peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer's identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called Pseudo Trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on Zero-Knowledge Proof is designed so that peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the security and the anonymity in PT, and evaluate its performance using trace-driven simulations and a prototype PT-enabled P2P network. The strengths of our design include 1) no need for a centralized trusted party or CA, 2) high scalability and security, 3) low traffic and cryptography processing overheads, and 4) man-in-middle attack resistance.

Li Lu,Jinsong Han,Lei Hu,Jinpeng Huai,Yunhao Liu,Lionel M. Ni

DOI: https://doi.org/10.1109/ipdps.2007.370284

2007-01-01

Abstract:Most of the current trust models in peer-to-peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer's identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called pseudo trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on zero-knowledge proof is designed so peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the levels of security and anonymity in PT, and evaluate its performance using trace-driven simulations and a prototype implementation. The strengths of pseudo trust include the lack of need for a centralized trusted party or CA, high scalability and security, low traffic and cryptography processing overheads, and man-in-middle attack resistance. We aim for the pseudo trust design to be included in the P2P trust and anonymity context.

Wei Feng,Zheng Yan,Laurence T. Yang,Qinghua Zheng

DOI: https://doi.org/10.1109/jiot.2020.3018878

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Mobile crowdsourcing (MCS) has become an effective data collection method due to its mobility, low cost, and flexibility. However, since centralized MCS confronts severe security and privacy risks in reality, many researchers are devoted to building a decentralized MCS system based on blockchain. Despite the effectiveness of these schemes, they fail to offer anonymous authentication on the trust of MCS nodes, although privacy is a main concern in MCS and trust plays an important role in a series of MCS activities, such as worker selection and truth discovery. Nevertheless, anonymous authentication on trust is not a trivial issue since trust evaluation usually conflicts with anonymity, which is a necessary privacy requirement in an open MCS environment. To tackle this problem, we leverage Intel software guard extension (SGX) and propose a scheme to anonymously authenticate trust with trustworthy trust evaluation in a blockchain-based MCS system. The scheme employs an SGX-enabled cloud server to periodically alter user public/private key pairs and mix newly altered keys among a number of faked keys in order to ensure unlinkability. Besides, we consider the unique features of MCS and work out a novel trust evaluation method by aggregating both subjective feedback and objective behaviors. Finally, we conduct several analyses and experiments to illustrate its security and efficiency.

Ke Chen,Kai Hwang,Gang Chen

DOI: https://doi.org/10.1109/tpds.2008.60

IF: 5.3

2009-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:: Credential chains are needed in trusted peer-to-peer (P2P) applications, where trust delegation must be established between each pair of peers at specific role level. Role-based trust is refined from the coarse-grained trust model used in most P2P reputation systems. This paper offers a novel heuristic-weighting approach to selecting the most likely path to construct a role-based trust chain. We apply history-sensitive heuristics to measure the path complexity and assess the chaining efficiency. We discover successive edges of a trust chain, adaptively, to match with the demands from various P2P applications. New heuristic chaining algorithms are developed for backward, forward, and bi-directional discovery of trust chains. Our heuristic chain discovery scheme shortens the search time, reduces the memory requirement, and enhances the chaining accuracy in scalable P2P networks. Consider a trust graph over N credentials and M distinct role nodes. Our heuristic trust-chain discovery algorithms require O(N2logN) search time and O(M) memory space, if the secondary heuristics are generated off-line in advance. These are improved from O(N3) search time and O(NM) space required in non-heuristic discovery algorithms by Li, Winsborough, and Mitchell (2003). Our analytical results are verified by extensive simulation experiments over typical classes of role-based trust graphs.

Li-ming Hao,Shu-tang Yang,Song-nian Lu,Gong-liang Chen

DOI: https://doi.org/10.1007/s12204-008-0086-8

2008-01-01

Abstract:Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers’ identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer’s identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%, the service selection failure rate is less than 0.15.