PPT
advertisement
Automatic Trust Negotiation Presented by: Scott Hackman Scott Hackman – CS5204 – Operating Systems 1 Automatic Trust Negotiation Reference Trust-X: A Peer-to-Peer Framework for Trust Establishment Elisa Bertino, Elena Ferrari, Anna Cinzia Squicciarini Scott Hackman – CS5204 – Operating Systems 2 Automatic Trust Negotiation What Is Trust Negotiation? Would you give your credit card number to a website if you didn’t know who was running it? No! The Internet is a hostile environment where identities aren’t always known. Sensitive information transfer can be dangerous under these conditions. This paper establishes a framework to allow two parties, who may have never interacted before, to exchange information in a bilateral and incremental way to gain each other’s trust prior to divulging sensitive information. We perform the same fundamental algorithm every day when we interact with people. Scott Hackman – CS5204 – Operating Systems 3 Automatic Trust Negotiation About The Paper Trust-X: A Peer-to-Peer Framework for Trust Establishment is designed to compile work already done in this field, along with some added novel concepts by the authors, to create an implementable architecture for Trust Establishment. Scott Hackman – CS5204 – Operating Systems 4 Automatic Trust Negotiation ATN is NOT Encryption Trust Negotiation is designed to work with public key encryption: Even though you may possess an x-bit key that can’t be cracked, there is no guarantee that the person, or computer, that you are interacting with is who they say they are. Public key encryption should be used to pass data between two entities to ensure confidential data transfer; ATN verifies identity and qualification, not data security. Scott Hackman – CS5204 – Operating Systems 5 Automatic Trust Negotiation XML Syntax Example Scott Hackman – CS5204 – Operating Systems 6 Automatic Trust Negotiation Trust-X Basics Generally, interactions between two entities: Controllers (CN) Requesters (RQ) Information that is passed: Credentials – More sensitive information Declarations – Less sensitive – Ex: user preferences. Negotiation Phase: Two parties perform a back-and-forth negotiation until both parties agree on a chain of events that will get them to their goal state (DELIV). It is important to remember, that no actual data is passed during this phase (they agree when to pass credit card data in their chain, but that actual data isn’t passed yet) Scott Hackman – CS5204 – Operating Systems 7 Automatic Trust Negotiation Trust-X Basics Policies: The “rules” that each entity establishes for its own protection. For example, “I won’t give an employee a rental car until I know they have a valid ID and company badge.” Scott Hackman – CS5204 – Operating Systems 8 Automatic Trust Negotiation Architecture for Trust-X Negotiation Scott Hackman – CS5204 – Operating Systems 9 Automatic Trust Negotiation Policy Example - Employees can rent with a company badge and ID card. - Non-employees can rent with drivers license and credit card. Scott Hackman – CS5204 – Operating Systems 10 Automatic Trust Negotiation Policies – Big Picture How to build Trust. Scott Hackman – CS5204 – Operating Systems 11 Automatic Trust Negotiation Negotiation Process Taken from Prof. Kafura’s PowerPoint which was modified from http://www.ccs.neu.edu/home/ahchan/wsl/symposium/bertino.ppt Scott Hackman – CS5204 – Operating Systems 12 Automatic Trust Negotiation Well-formed chain How do we know a set of policies will let us achieve our goal? (Decided during negotiation) Scott Hackman – CS5204 – Operating Systems 13 Automatic Trust Negotiation Negotiation Tree A tree that traverses valid policies between the Controller and Requester until an agreement is met that goes from initial communication to DELIV state (or Fail state if none exist). Scott Hackman – CS5204 – Operating Systems 14 Automatic Trust Negotiation Negotiation Tree Basics Scott Hackman – CS5204 – Operating Systems 15 Automatic Trust Negotiation Negotiation Tree Example Scott Hackman – CS5204 – Operating Systems 16 Automatic Trust Negotiation Questions? Scott Hackman – CS5204 – Operating Systems 17
