Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos...

17
Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo

Transcript of Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos...

Page 1: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Trust-X: A Peer-to-Peer Framework for Trust

Establishment

Elisa Bertino, et.al.

Presented by:Carlos Caicedo

Page 2: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Introduction

Trust establishment via trust negotiation Exchange of digital credentials

Credential exchange has to be protected Policies for credential disclosure

Claim: Current approaches to trust negotiation don’t provide a comprehensive solution that takes into account all phases of the negotiation process

Page 3: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Trust Negotiation model

ClientPolicy Base

ServerPolicy BaseResource request

Policies

Policies

Subject Profile

Subject Profile

Resource granted

Credentials

Credentials

Slide from: http://www.ccs.neu.edu/home/ahchan/wsl/symposium/bertino.ppt

Page 4: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Trust-X

XML-based system Designed for a peer-to-peer

environment Both parties are equally responsible for

negotiation management. Either party can act as a requester or a

controller of a resource X-TNL: XML based language for

specifying certificates and policies

Page 5: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Trust-X (2) Certificates: They are of two types

Credentials: States personal characteristics of its owner and is certified by a CA

Declarations: collect personal information about its owner that does not need to be certified

Trust tickets (X-TNL) Used to speed up negotiations for a resource when

access was granted in a previous negotiation Support for policy pre-conditions Negotiation conducted in phases

Page 6: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Trust-X (3)

a) Credential b) Declaration

Page 7: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

The basic Trust-X system

Tree Tree ManagerManager

Tree Tree ManagerManager

Mailbox Store

X ProfileX Profile

Mailbox Store

X ProfileX ProfilePolicy Policy DatabaseDatabase

Policy Policy DatabaseDatabase

Compliance Compliance CheckerChecker Compliance Compliance

CheckerChecker

AliceAlice BobBob

Slide from: http://www.ccs.neu.edu/home/ahchan/wsl/symposium/bertino.ppt

Page 8: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Bob

Prerequisite acknowledge

Match disclosurepolicies

Alice

Request

RESOURCE DISCLOSURE

Message exchange in a Trust-X negotiation

POLICY EXCHANGEBilateral disclosureof policies

INTRODUCTORYPHASE

PreliminaryInformationexchange

CREDENTIAL DISCLOSURE

Actual credentialdisclosure

Service request

Credential and/or Declaration

Disclosure policies

Service granted

Disclosure policies

Credential and/or Declaration

Slide from: http://www.ccs.neu.edu/home/ahchan/wsl/symposium/bertino.ppt

Page 9: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Disclosure Policies

“They state the conditions under which a resource can be released during a negotiation”

Prerequisites – associated to a policy, it’s a set of alternative disclosure policies that must be satisfied before the disclosure of the policy they refer to.

Page 10: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Modeling negotiation:logic formalism

P() credential type C set of conditions

P(C)TERM

RP1(c), P2(c)Policy expressed as

Resource which the policy refers to

Requestedcertificates

Disclosure policies are expressed in terms of logical expressions which can specify either simple or composite conditions against certificates.

Slide from: http://www.ccs.neu.edu/home/ahchan/wsl/symposium/bertino.ppt

Page 11: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Example Consider a Rental Car service. The service is free for the employees of Corrier

company. Moreover, the Company already knows Corrier employees and has a digital copy of their driving licenses. Thus, it only asks the employees for the company badge and a valid copy of the ID card, to double check the ownership of the badge. By contrast, rental service is available on payment for unknown requesters, who have to submit first a digital copy of their driving licence and then a valid credit card. These requirements can be formalized as follows:

Page 12: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Example (2)

Page 13: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Trust-X negotiation

Page 14: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Negotiation Tree

Used in the policy evaluation phase Maintains the progress of a negotiation Used to identify at least a possible

trust sequence that can lead to success in a negotiation (a view)

Page 15: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Negotiation Tree (2)

Page 16: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.

Comparison of Trust Negotiation Systems

Page 17: Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, et.al. Presented by: Carlos Caicedo.