Privacy-Preserving Trust Management Mechanisms from Private Matching Schemes

Cryptographic primitives are essential for constructing privacy-preserving communication mechanisms. There are situations in which two parties that do not know each other need to exchange sensitive information on the Internet. Trust management mechanisms make use of digital credentials and certificates in order to establish trust among these strangers. We address the problem of choosing which credentials are exchanged. During this process, each party should learn no information about the preferences of the other party other than strictly required for trust establishment. We present a method to reach an agreement on the credentials to be exchanged that preserves the privacy of the parties. Our method is based on secure two-party computation protocols for set intersection. Namely, it is constructed from private matching schemes.Comment: The material in this paper will be presented in part at the 8th DPM International Workshop on Data Privacy Management (DPM 2013

Constitution Writing and Conflict Resolution

constitutions, Commonwealth, democracy, governance

A Scalable Model for Secure Multiparty Authentication

Distributed system architectures such as cloud computing or the emergent architectures of the Internet Of Things, present significant challenges for security and privacy. Specifically, in a complex application there is a need to securely delegate access control mechanisms to one or more parties, who in turn can govern methods that enable multiple other parties to be authenticated in relation to the services that they wish to consume. We identify shortcomings in an existing proposal by Xu et al for multiparty authentication and evaluate a novel model from Al-Aqrabi et al that has been designed specifically for complex multiple security realm environments. The adoption of a Session Authority Cloud ensures that resources for authentication requests are scalable, whilst permitting the necessary architectural abstraction for myriad hardware IoT devices such as actuators and sensor networks, etc. In addition, the ability to ensure that session credentials are confirmed with the relevant resource principles means that the essential rigour for multiparty authentication is established

Algorithmic Mechanism Construction bridging Secure Multiparty Computation and Intelligent Reasoning

This work presents the construction of intelligent algorithmic mechanism based on multidimensional view of intelligent reasoning, threat analytics, cryptographic solutions and secure multiparty computation. It is basically an attempt of the cross fertilization of distributed AI, algorithmic game theory and cryptography. The mechanism evaluates innate and adaptive system immunity in terms of collective, machine, collaborative, business and security intelligence. It also shows the complexity analysis of the mechanism and experimental results on three test cases: (a) intrusion detection, (b) adaptively secure broadcast and (c) health security

Dynamic Multiparty Authentication of Data Analytics Services within Cloud Environments

Business analytics processes are often composed from orchestrated, collaborating services, which are consumed by users from multiple cloud systems (in different security realms), which need to be engaged dynamically at runtime. If heterogeneous cloud systems located in different security realms do not have direct authentication relationships, then it is a considerable technical challenge to enable secure collaboration. In order to address this security challenge, a new authentication framework is required to establish trust amongst business analytics service instances and users by distributing a common session secret to all participants of a session. We address this challenge by designing and implementing a secure multiparty authentication framework for dynamic interaction, for the scenario where members of different security realms express a need to access orchestrated services. This novel framework exploits the relationship of trust between session members in different security realms, to enable a user to obtain security credentials that access cloud resources in a remote realm. The mechanism assists cloud session users to authenticate their session membership, thereby improving the performance of authentication processes within multiparty sessions. We see applicability of this framework beyond multiple cloud infrastructure, to that of any scenario where multiple security realms has the potential to exist, such as the emerging Internet of Things (IoT).Comment: Submitted to the 20th IEEE International Conference on High Performance Computing and Communications 2018 (HPCC2018), 28-30 June 2018, Exeter, U

A Collaborative Access Control Model for Shared Items in Online Social Networks

The recent emergence of online social networks (OSNs) has changed the communication behaviors of thousand of millions of users. OSNs have become significant platforms for connecting users, sharing information, and a valuable source of private and sensitive data about individuals. While OSNs insert constantly new social features to increase the interaction between users, they, unfortunately, offer primitive access control mechanisms that place the burden of privacy policy configuration solely on the holder who has shared data in her/his profile regardless of other associated users, who may have different privacy preferences. Therefore, current OSN privacy mechanisms violate the privacy of all stakeholders by giving one user full authority over another’s privacy settings, which is extremely ineffective. Based on such considerations, it is essential to develop an effective and flexible access control model for OSNs, accommodating the special administration requirements coming from multiple users having a variety of privacy policies over shared items. In order to solve the identified problems, we begin by analyzing OSN scenarios where at least two users should be involved in the access control process. Afterward, we propose collaborative access control framework that enables multiple controllers of the shared item to collaboratively specify their privacy settings and to resolve the conflicts among co-controllers with different requirements and desires. We establish our conflict resolution strategy’s rules to achieve the desired equilibrium between the privacy of online users and the utility of sharing data in OSNs. We present a policy specification scheme for collaborative access control and authorization administration. Based on these considerations, we devise algorithms to achieve a collaborative access control policy over who can access or disseminate the shared item and who cannot. In our dissertation, we also present the implementation details of a proof-of-concept prototype of our approach to demonstrate the effectiveness of such an approach. With our approach, sharing and interconnection among users in OSNs will be promoted in a more trustworthy environment

Policy resolution of shared data in online social networks

Online social networks have practically a go-to source for information divulging, social exchanges and finding new friends. The popularity of such sites is so profound that they are widely used by people belonging to different age groups and various regions. Widespread use of such sites has given rise to privacy and security issues. This paper proposes a set of rules to be incorporated to safeguard the privacy policies of related users while sharing information and other forms of media online. The proposed access control network takes into account the content sensitivity and confidence level of the accessor to resolve the conflicting privacy policies of the co-owners