Obligations of trust for privacy and confidentiality in distributed transactions

Purpose – This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which the authors term a notification of obligation (NoB), as well as their commitments to fulfilling each other's requirements, which the authors term signed acceptance of obligations (SAO). The authors seek to describe some applicability of these concepts and to show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control. Design/methodology/approach – Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. The authors adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties. Findings – The authors demonstrate how the obligation of trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today. Practical implications – This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed acceptance of obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery. Originality/value – The paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate signed acceptance of obligations messages, this strengthens the legal case of the injured party should a dispute arise

Middleware support for non-repudiable business-to-business interactions

The wide variety of services and resources available over the Internet presents new opportunities for organisations to collaborate to reach common goals. For example, business partners wish to access each other’s services and share information along the supply chain in order to compete more successfully in the delivery of goods or services to the ultimate customer. This can lead to the investment of significant resources by business partners in the resulting collaboration. In the context of such high value business-to-business (B2B) interactions it is desirable to regulate (monitor and control) the behaviour of business partners to ensure that they comply with agreements that govern their interactions. Achieving this regulation is challenging because, while wishing to collaborate, organisations remain autonomous and may not unguardedly trust each other. Two aspects must be addressed: (i) the need for high-level mechanisms to encode agreements (contracts) between the interacting parties such that they can be used for run-time monitoring and enforcement, and (ii) systematic support to monitor a given interaction for conformance with contract and to ensure accountability. This dissertation concerns the latter aspect — the definition, design and implementation of underlying middleware support for the regulation of B2B interactions. To this end, two non-repudiation services are identified — non-repudiable service invocation and non-repudiable information sharing. A flexible nonrepudiation protocol execution framework supports the delivery of the identified services. It is shown how the services can be used to regulate B2B interactions. The non-repudiation services provide for the accountability of the actions of participants; including the acknowledgement of actions, their run-time validation with respect to application-level constraints and logging for audit. The framework is realised in the context of interactions with and between components of a J2EE application server platform. However, the design is sufficiently flexible to apply to other common middleware platforms.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Secure Billing for Ubiquitous Service Delivery

Abstract. This work presents a secure interaction framework for establishing ad-hoc billing paths between untrusted players in a global telecommunications network. User authentication is supported through the introduction of a Billing provider, responsible for identifying users and acting as a proxy financial entity to visited service providers. Authentication, Integrity, Validity and non-repudiation issues are addressed, along with the processes involved

CFaaS: bilaterally agreed evidence collection

A common cloud forensic model proposed by researchers is ‘Cloud-Forensic-as-a-Service’ where consumers have to access it as a service to collect forensic data from cloud environments. The ‘Cloud-Forensic-as-a-Service’ model raises the question of how it collects digital evidence pertaining to an incident which occurred in the cloud. Currently, types of ‘Cloud-Forensic-as-a-Service’ systems in the literature show that the system is controlled and implemented by the cloud provider, where they unilaterally define the type of evidence that can be collected by the system. A serious limitation of this approach is that it does not offer the consumer sufficient means of performing reasonableness checks to verify that the provider is not accidentally or maliciously contaminating the evidence. To address the problem, the paper proposes a conceptual bilateral Cloud-Forensic-as-a-Service model where both consumers and providers can independently collect, verify the equity of the forensic analysis process and try to resolve potential disputes emerging from the independently collected results. The authors have developed a cloud forensic process model to lead common and significant aspects of a bilateral Cloud-Forensics-as-a-Service model. The paper explicitly discusses the concept of a bilateral Cloud-Forensic-as-a-Service model

Contract representation for validation and run time monitoring

PhD ThesisOrganisations are increasingly using the Internet to offer their own services and to utilise the services of others. This naturally leads to resource sharing across organisational boundaries. Nevertheless, organisations will require their interactions with other organisations to be strictly controlled. In the paper-based world, business interactions, information exchange and sharing have been conducted under the control of contracts that the organisations sign. The world of electronic business needs to emulate electronic equivalents of the contract based business management practices. This thesis examines how a 'conventional' contract can be converted into its electronic equivalent and how it can be used for controlling business interactions taking place through computer messages. To implement a contract electronically, a conventional text contract needs to be described in a mathematically precise notation so that the description can be subjected to rigorous analysis and freed from the ambiguities that the original humanoriented text is likely to contain. Furthermore, a suitable run time infrastructure is required for monitoring the executable version of the contract. To address these issues, this thesis describes how standard conventional contracts can be converted into Finite State Machines (FSMs). It is illustrated how to map the rights and obligations extracted from the clauses of the contract into the states, transition and output functions, and input and output symbols of a FSM. The thesis then goes on to develop a list of correctness properties that a typical executable business contract should satisfy. A contract model should be validated against safety properties, which specify situations that the contract must not get into (such as deadlocks, unreachable states .... etc), and liveness properties, which detail qualities that would be desirable for the contract to contain (responsiveness, accessibility .... etc). The FSM description can then be subjected to model checking. This is demonstrated with the aid of examples using the Promela language and the Spin validator. Subsequently, the FSM representation can be used to ensure that the clauses stipulated in the contract are observed when the contract is executed. The requirements of a suitable run time infrastructure for monitoring contract compliance are discussed and a prototype middleware implementation is presented.UK Engineering and Physical Sciences Research Council (EPSRC)

Non-repudiation Service Implementation Using Host Identity Protocol

New types of service usages emerge every day in the Internet. Service usage could be Wireless Local Area Network (WLAN) usage or watching a streamed movie. Many of these services are commercial, so payment is often involved in the service usage, which increases the risk of fraud or other misbehaviour in the interaction. To enhance the secu-rity of both service providers and service users, improvements are needed to the existing procedures. The non-repudiable service usage procedure was developed as part of the TIVIT Future Internet SHOK -project. In this model, the service user and the service provider are bound to the actual service usage with certificates. The charging of the service usage is done using hash chains which are bound to the certificates. Now the service user pays only for the service he or she gets. Time or traffic based charging scheme can be used in the service usage. Evidence is gathered from the service usage to help solve possible conflicts afterwards. An actual implementation based on this model was made using Host Identity Protocol for Linux and RADIUS protocol. RADIUS protocol was used to gather the created evidence of the service usage. The implementation was developed for Linux using C-language. The goal of the implementation was to evaluate the concept in actual use. Performance of the implementation was measured with various real use scenarios to evaluate the feasibility of the implementation. Results indicated that the performance of the model is sufficient to serve several simultaneous users. However, the architecture of Host Identity Protocol for Linux caused some performance issues in the implementation

Non-repudiation Service Implementation Using Host Identity Protocol

New types of service usages emerge every day in the Internet. Service usage could be Wireless Local Area Network (WLAN) usage or watching a streamed movie. Many of these services are commercial, so payment is often involved in the service usage, which increases the risk of fraud or other misbehaviour in the interaction. To enhance the secu-rity of both service providers and service users, improvements are needed to the existing procedures. The non-repudiable service usage procedure was developed as part of the TIVIT Future Internet SHOK -project. In this model, the service user and the service provider are bound to the actual service usage with certificates. The charging of the service usage is done using hash chains which are bound to the certificates. Now the service user pays only for the service he or she gets. Time or traffic based charging scheme can be used in the service usage. Evidence is gathered from the service usage to help solve possible conflicts afterwards. An actual implementation based on this model was made using Host Identity Protocol for Linux and RADIUS protocol. RADIUS protocol was used to gather the created evidence of the service usage. The implementation was developed for Linux using C-language. The goal of the implementation was to evaluate the concept in actual use. Performance of the implementation was measured with various real use scenarios to evaluate the feasibility of the implementation. Results indicated that the performance of the model is sufficient to serve several simultaneous users. However, the architecture of Host Identity Protocol for Linux caused some performance issues in the implementation