|
|
|
| Anonymous authorization in trust management |
| PENG Zhi-yu, LI Shan-ping, YANG Zhao-hui, LIN Xin |
| College of Computer Science and Technology,Zhejiang University,Hangzhou 310027, China |
|
|
|
Abstract An anonymous authorization mechanism was proposed to protect the user’s privacy in the process of authorization in trust management.User requested for services using their real identification in most of the classic trustmanagement language system, which potentially leaded to the privacy leaking. Through dynamically searching for the delegation roles which take over the request,the anonymous authorization mechanism retained the right behavior of credential chain discovery and achieved a quantitative way of anonymity against the resource provider.Results showed that the anonymous mechanism shared the same worstcase time complexity with the traditional forward credentialchainsearching method.A method of caching all the members in the nodes was proposed to improve the performance in time spending.Simulation results showed that the performance in time spending greatly improved in the relative stable systems,in which the credentials change slowly.
|
|
Published: 19 March 2012
|
|
|
信任管理中的匿名授权方法
为了解决信任管理授权过程中的用户隐私泄露问题,提出匿名授权方法.针对经典的基于角色的信任管理语言中实名申请服务的缺陷,用动态查找出的代理角色集来代理用户申请服务,既保证了授权管理中证书链查找的正常进行,又实现了用户真实身份以可量化的方式对资源提供者匿名,证明了该方法的最坏时间复杂度与传统的正向证书链搜索保持一致.为了提高实际应用中的时间性能,提出在各个结点上缓存其成员的优化机制.实验表明,通过缓存优化,该匿名授权方法的时间性能在证书变化频率较低的稳定系统中得到了大幅提高.
|
|
| [1] BLAZE M,FEIGENBAUM J,LACY J. Decentralized trust management [C] ∥ Proceedings of the IEEE 17th Symposium on Security and Privacy.Oakland,CA: IEEE,1996: 164173.
[2] CLARKE D,ELIEN J,ELLISON C,et al.Certificate chain discovery in SPKI/SDSI [J].Journal of Computer Security,2001,9(4): 285322.
[3] LI Ninghui,WINSBOROUGH W,MITCHELL J.Distributed credential chain discovery in trust management [J].Journal of Computer Security,2003,11(1): 3586.
[4] CHAPIN P,SKALKA C,WANG X.Authorization in trust management: features and foundations [J].ACM Computing Surveys,2008,40(3): 148.
[5] SWEENEY L.Kanonymity: a model for protecting privacy [J].International Journal on Uncertainty, Fuzziness and Knowledgebased Systems,2002,10(5): 557570.
[6] BERESFORD A,STAJANO F.Location privacy in pervasive computing [J].IEEE Pervasive Computing,2003, 2(1): 4655.
[7] XU T,CAI Y.Exploring historical location data for anonymity preservation in locationbased services [C] ∥ Proceedings of IEEE International Conference on Computer Communication (INFOCOM). Arizona,USA: IEEE,2008: 547555.
[8] GEDIK B,LIU L.Protecting location privacy with personalized kanonymity:architecture and algorithms [J].IEEE Transactions on Mobile Computing,2008,7(1): 118.
[9] 高迎,程涛远,王珊.基于Hilbert曲线的许可证存储策略及查找算法[J].软件学报,2006,17(2): 305314.
GAO Ying,CHENG Taoyuan,WANG Shan.Certificates storage strategy and search algorithm based on Hilbert curve [J].Journal of Software,2006,17(2): 305314.
[10] WINSBOROUGH W,SEAMONS K,JONES V.Automated trust negotiation [C] ∥ Proceedings of the DARPA Information Survivability Conference and Exposition. South Carolina,USA: IEEE,2000: 88102. |
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
| |
Shared |
|
|
|
|
| |
Discussed |
|
|
|
|
