Automated Trust Negotiations Using Cryptographic Credentials-System Security - Term Paper Example

ATN Using Cryptographic Credentials-System Security Abstract: This article seeks to offer solutions to certain intrinsic issues originated during the use of traditional Automated Trust Negotiations (ATN). Under the present regime; credentials are either transmitted completely or never transmitted at all. There are no other means that are acceptable to both parties. This ‘full or nothing’ approach does little advantage for the proliferation and growth of ATN. There is a dire need for seeking alternative arrangements under which the parties could negotiate and reach to a consensus with the least movement of sensitive data and information. This article uses a prototype under which different credential schemes could be deployed and merged to suit specific needs and requirements of contacting parties, thus obviating the occurrence for high degree of failures. Future research could focus on a more transparent and open communication network for establishing ETTG using ATN. While the actual negotiation could be private and need to disclose only parsimoniously; the information is obligatory on a mutually reciprocal way. It is believed that, in the long run; there could be more benefits and gains through use of ATN giving the present congenial and encompassing framework of ATN along with the need for its reestablishment and wider usage. Thus the purpose and objectives of ATN could be more robustly and efficiently enforced to benefit as many clienteles as possible. A review of ’ATN using Cryptographic Credentials-System Security Introduction: Automated Trust Negotiation: Interacting safely or gaining access to resources in the open networks is always an issue for the network users and cryptanalysts for secure communication. For this, individuals and entities must establish mutual trust prior to any communication; especially when the information to be carried is sensitive. This is usually accomplished through the exchange of credentials which are traditionally usernames and passwords, tokens, digital certificates and so on. Establishment of mutual trust between strangers is based on the properties of the subjects on the presumption that communicating subjects are already familiar with one another. Many cryptographic credential systems have emerged recently to authenticate and authorize transactions done in decentralized and also distributed systems. These systems use property based credentials to manage trust between the entities. The process of gaining trust is based on the iterative exchange of information between two or more parties. “In IT the process of exchange of credentials between two parties, through a sequence of alternating and bilateral credential requests and disclosures, is called trust negotiation. An approach to regulate the automatic exchange of sensitive credentials between entities, without prior trust relationships, by using access control policies is called Automated Trust Negotiation (ATN).” (Galinovic n.d. p.1). Unlike a closed system, where the communicating parties have a pre-existing relationship (often proved by typing a username and password) based negotiation is an open system and strangers can build trust in one another. This is done by disclosing digital credentials. Rather than proving the credential owner's identity, digital credentials claim that their owner possesses certain attributes. These digital credentials, attributing to their sensitive nature are protected by certain access control policies. The traditional ATN approaches transmit the credentials in its entirety. This discloses all the information carried by the credential. As mentioned earlier, the attributes in them are protected using access control techniques associated with each transmitted credential. However, disclosing credentials in its entirety limits the ATN systems. The trust negotiations can fail following a cyclic dependency among credentials and their policies. Also, unnecessary failure occurs as the attributes can be disclosed only if the policy governing the credential and its entire contents are satisfied. There can be failure even if the amount of information need to be disclosed is acceptable and the communicating parties are unwilling to disclose detailed or too much information about their attributes. These are some of the limitations in the traditional ATNs to be addressed as pointed out by the authors. Several cryptographic credential systems have been developed towards this end. These credential schemes and associated protocols address some of these limitations. However, they can only be used as fragments of an ATN scheme or like piecemeal providing capabilities that are useful in various negotiation scenarios. An ATN framework that can handle and harness all the powers of these cryptographic credential schemes and protocols needs to develop flexible and negotiation scenarios as need arises synergistically. The authors discuss the development of one such scheme which does exactly this purpose and has been the central focus of the entire paper. Key Achievements Presented In the Paper: Before entering into a detailed discussion on the ATN framework, some related literary and scientific experimental works recently in the field of cryptographic credentials are looked at for bringing out the contrast between previous and the new frameworks. Some of the works discussed include the disclosure tree family which is a family of strategies in which the strategies within the family can interoperate with each other. An extension to the SSL/TLS handshake protocol by adding trust negotiation features has also been discussed. A general framework for the safety of Trust Negotiation Systems with policy databases developed to prevent unauthorized information inferences and release are discussed by the authors. Protocols namely oblivious signature based envelopes, hidden credentials and secret handshakes are discussed in detail. It is found that these protocols protect servers’ policy and clients’ identities or attributes. Credential schemes like OACerts, private credentials and anonymous credentials are discussed as some schemes that can be used in ATN. “Credential systems are attracting more and more attention, as privacy infringement becomes a major issue in Internet based transactions. Private credentials offer authentication and authorization based on the attributes possessed by an user, rather than the identity of the user.” (Athavale et al 2009). The authors give six properties that improve the privacy protection and efficacy of ATN using the developed framework. These properties include separation of credential disclosure from attribute disclosure, selective illustration of attributes, Zero-knowledge proof that attributes satisfy a policy, oblivious use of a credential, oblivious use of an attribute and certified input private policy evaluation. “Zero-Knowledge proofs are fascinating and extremely useful constructs. Their fascinating nature is due to their seemingly contradictory definition; zero-knowledge proofs are both convincing and yet yield nothing beyond the validity of the assertion being proven.” (Gold reich n.d.). Some other properties are also mentioned by the authors. However, the focus has been given to the above mentioned six properties because they have been developed explicitly for ATN and have been applied in literature earlier. The primary aim of the journal paper has been to integrate these properties into a coherent ATN framework that can take advantage of these properties according to their availability. The authors have been successful in making so and have tried triumphantly implementing them through some examples in the paper. Attribute based Trust Negotiation Language (ATNL), which is a formal language for specifying the credentials and policies are discussed in detail with an example of trust negotiation scenario. The syntax of ATNL is also described in detail. Here, the authors evidently make it clear that the framework they have developed supports uncertified attributes, unlike most negotiation systems that exist today. This is one of the many salient features of this journal paper. Regardless of certified attributes of the framework, all attributes are treated uniformly by protecting them with disclosure properties discussed earlier in the literature. Non-sensitive attributes which can be revealed to anyone have no access control policy. On contrary, sensitive attributes have disclosure policy statement and is never disclosed. These policy statements are described next. Zero-knowledge proof and principals’ poof of one’s attribute values that satisfy the constraints are explained with an example. Each type of disclosure and its associated permission is explained next under the title of policy heads. The authors here point out that; some disclosure of an attribute is vulnerable to a probing attack. If there are two policies with a role; then the entity can reveal the credentials corresponding to that role only if the negotiation opponent satisfies both the policies. The trust negotiation protocol developed by the authors in this journal paper enforces this, implicitly making it a key feature of the framework and attractive for both the server and the client. A trust negotiation protocol that can take advantage of ATNL and cryptographic protocols namely; Extended Trust-Target Graph protocol is described thereafter. It involves two negotiators working together to construct a Trust-Target Graph (TTG), whose nodes are the targets. The five kinds of targets observed by the authors are role target, policy target, intersection target, trivial target and attribute goal. The seven edges allowed in TTG are credential edge, policy edge, policy control edge, policy expansion edge, intersection edge, attribute edge and attribute control edge. The processing state and its propagation in TTG are discussed in detail. Subsequently, the legal update operations and node processing are described and some examples using this new protocol are discussed. Finally, some break policy cycles using this protocol are explained with examples. A contrast between the existing cryptographic protocol and the ETTG protocol is made here by the authors vividly. The policies in the previous ATN protocols are satisfied by sending the credentials that have the attributes needed to satisfy the policy. The paper views the credentials as structured objects and uses many new improved cryptographic protocols. Since the paper takes the approach that all policies can be satisfied by nonrepeatable proofs, it can also be extended to the situations where policies require repeatable proofs. The framework described by the authors enables various cryptographic schemes and protocols to be enabled flexibly and synergistically according to the needs which otherwise could be used only as fragments in the ATNs used conventionally. This suppleness of the framework makes it very attractive for entities taking part in sharing resources or business transactions in open network than the conventional ones. The framework has two components: ATNL and ETTG protocol. Together they make the framework facilitating negotiations succeed unlike the traditional ATNs. Critical Evaluation of the Approach: There are many conditions to be met in the enforcement of ATN framework. For one thing both the contracting parties need to agree on the same aspects in the same sense and any misunderstanding or miscommunications could make the contract a failure. One of the major aspects in ATN is that, each party relies on the genuineness and authenticity of the other and the fact that data send across the ATN network are confidential and fully secure. This could be fine in a two-way or three-way ATN. But the risks and challenges in a multi party set of transactions could be overwhelming and prone to a large degree of risks. All the players need not share the highest standards of data protection and secrecy. Again, it is possible that the degree of trust that is paramount in ATN may not be forthcoming among the parties who are negotiating for the first time. Each party may be skeptical about the genuineness and sincerity of the other in concluding a contract, which may give rise to multiple failures. Even though one party may have met all the conditions required by the other, the latter may still hold back after gaining access to confidential and sensitive information like DoB, YoB, Car License number, Bank account number and so on. The element of trust is very important and needs to be reiterated and reinforced at each stage of negotiations under ATN. “In this article, we take the approach that all policies can be satisfied by nonrepeatable proofs. Our approach can be extended to deal with the situation that certain policies may require repeatable proofs. For example, ATNL can be extended so that when a role appears in the body of policy rule, the policy author can specify whether a repeatable proof is needed.” (Li et al n.d. p. 32). Providing certificates for age and education when approaching a loan from a bank constitutes repeatable proof. But, the provision may require disclosures of certain unavoidable information that the party would not like to disclose. For instance a driving license may contain DOB when all that is required is YOB. Thus, the contract may fail if the party does not provide the DL. Perhaps, one of the major aspects that need to be considered in this context is that of mutual exchange of data. It is a must and it depends on both parties to interface with each other regularly and consistently over the currency of the contract period. Perhaps, one of the main features that have not been considered in this article is the consequence when a negotiation fails and its alternatives. Is it possible for renegotiations to take place among parties who are thousands of miles apart? Suggestion On How Future Research Can Improve Any Shortcomings Identified. The conduct of the parties in such ETTG matters is most critical and could make or spoil any negotiation. Moreover, it being a fairly long drawn and cumbersome process; the parties need to be able to understand and communicate extensively with each other in order for contracts to fructify. Besides, contracts may also be aborted due to fault, or non-compliance of any of the contracting parties. Future research could focus on a more transparent and open communication network for establishing ETTG using ATN. While the actual negotiation could be private and need to disclose only required information on a mutually reciprocal way; it is believed that, in the long run, there could be more benefits and gains use of ATN. It gives the present congenial and all encompassing framework of ATN and the need for its reestablishment and wider usage. Thus, the purpose and objectives of ATN could be more robustly and efficiently enforced to benefit as many a clientele as possible. Reference List Athavale, A. Y. et al., 2009. Design of a private credentials scheme based on elliptic curve cryptography. [Online] IEEE Computer Society. Available at: http://www.computer.org/portal/web/csdl/doi/10.1109/CICSYN.2009.80 [Accessed 13 May 2010]. Galinovic, A., n.d. Automated trust negotiation models. [Online] p.1. Available at: http://www.fer.hr/_download/repository/A.Galinovic,KDI [Accessed 13 May 2010]. Gold reich, O., n.d. Zero Knowledge. [Online] Available at: http://www.wisdom.weizmann.ac.il/~oded/zk-tut02 [Accessed 13 May 2010]. Li, J. et al., n.d. Automated Trust Negotiation Using Cryptographic Credentials. ACM Transactions on Information and System Security, (13.1), p. 32. [Provided by customer]. Read More