Research On Automatic Trust Negotiation Protocol Based On Secure Multi-party Computation

The access control in open network environment needs to meet theheterogeneity of operating environment, the distributivity of resources, the dynamicnature of the targets of activities and the autonomy of safety control. Automatic trustnegotiation establishes trust relationship between each other strange individuals ororganizations through gradual disclosure of digital certificates and access controlpolicies, which has become a hot spot on the access control in the open networkenvironment. Automated trust negotiation is essentially a proof-of-compliance whichtests whether the digital certificates matches the access control policy. However,trust certificates and access control policies usually carry large amounts of sensitiveinformation, and such sensitive information is disclosed coming with the interactionnegotiation. The current privacy protection technologies cannot fully meet the needfor privacy protection, and it is the target of many researches to protect the privacyof the negotiators. Secure multi-party computation where participants keep their datainput secret is a kind of cooperation calculation thought, and it is significant forprivacy protection to introduce secure multi-party computation into automatic trustnegotiation.In this paper, we firstly introduce the basic theory and research situation aboutautomaitc trust negotiation, as well as analyze the strengths and weaknesses of thecurrent researches on the privacy protection. Based on the basic automatic trustnegotiation model, combining the secure computation idea, we put forward anautomatic trust negotiation protocol based on secure multi-party computation tocarry out privacy protection.The schema extends existing digital certificate standard, which stores commitvalues in certificates, and describes access control policies by attribute name,predicate and attribute threshold that is sensitive information. We discuss theprivacy protection logic mainly, and describe the three phases of the protocol flow,including receiving certificate, greeting phase and trust negotiation phase. Theprotocol completes the secure multi-party computation in the trust negotiation phasethrough constructing “envelope”. In this protocol, the requester of resource canoutput the resource he needs when and only when his trust certificates meet accesscontrol policies. However, the provider has no ability to verify whether the requester successfully obtains resource. In the whole negotiation, the participants disclose nosensitive information.In the end, we define the security of our protocol, and prove its security underbasic cryptography assumptions, and analyze the computational complexity of thealgorithm, comparing the cost with other programs. The experiment shows that theprotocol does not significantly increase the amount of the computation and it hasfeasibility on efficiency.