The privacy policy negotiation process involves gradual step-by-step dis- closure of attribute values between both the supplier and the supplicant and is therefore a possible source of privacy leakage. Both supplier and
Pervasive Systems: Enhancing Trust Negotiation with Privacy Support 37 supplicant need to negotiate firmly and conservatively in order to mini- mize this leakage. If a conservative strategy is used consistently, less and less negotiations will end in a positive resolution. In the current model there is no way for the user to determine the type of negotiation strategy to use with the given service – whether the user initially should have conser- vative or liberal stance towards the service.
In order to expand this, the current privacy negotiation models
should be composed with existing trust modelling techniques using
the trust and risk computation modelling techniques. Fusion of these
trust management systems, privacy negotiation and identity man-
agement models should introduce a concept of initial measure of
trust between user and service. Upon this trust the negotiation strat-
egy could be chosen (either conservative – privacy paranoid, neutral,
or liberal – give all information away like). This trust would be con-
stantly updated through a loop – like feedback of trust reporting. The
initial measure of user’s trust is based on the aggregation of previous
experience of users with the service using different trust and risk
computation techniques [11].
References
1. Saha D, Mukherjee A (2003), Pervasive Computing: A Paradigm for 21st cen- tury. IEEE Computer Society.
2. Satyanarayanan M (2001) Pervasive computing: Vision and Challenges. IEEE Personal Communications, IEEE Computer Society
3. Bhargava B, Lilien L, Rosenthal A, Winslett M (2004) The Pudding of Trust. IEEE Intelligent Systems, IEEE Computer Society
4. Seamons KE, Winslett M, Yu T, Yu L, Jarvis R (2002) Protecting Privacy During On-line Trust Negotiation. Lecture Notes in Computer Science, Springer-Verlag GmbH , Volume 2482 / 2003, pp. 129–143.
5. Seamons KE, Winslett M, Yu T. (2001) Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation. Proc. symposium on network and distributed systems security, NDSS
6. Chen W, Clarke L, Kurose J, Towsley D (2004) Optimizing Cost-sensitive Trust-negotiation Protocols. Technical Report 04-29, Dept. of Computer Sci- ence, UMass, Amherst
7. Prime Consortium (2004) PRIME – Architecture version 0. Deliverable D14.2.a 8. Prime Consortium (2005) PRIME – Framework version 1. Deliverable D14.1.a 9. DAIDALOS Consortium (2004) DAIDALOS pervasive systems privacy and
38 Porekar et al.
10. DAIDALOS Consortium (2004) A4C Framework Design Specification. De- liverable D341
11. Richardson M, Agrawal R, Domingos P (2003) Trust Management for the Semantic Web. Proc. 2nd International Semantic Web Conf., LNCS 2870, Springer-Verlag, pp. 351–368.
12. Nejdl W, Olmedilla D, Winslett M. (2004) PeerTrust: Automated Trust Nego- tiation for Peers on the Semantic Web. Secure Data Management, pp. 118–132. 13. Winslett M, Yu T, Seamons KE, Hess A, Jacobson J, Jarvis R, Smith B, Yu L
(2002) Negotiating trust in the Web. Internet Computing, IEEE, Nov/Dec, Vol. 6, pp. 30–37.
14. OpenCyc, http://www.opencyc.org.
15. Wenning R (2005), The Platform for Privacy Preferences 1.1 (P3P1.1) Speci- fication. W3C Working Draft
16. Nejdl W, Olmedilla D, Winslett M, Zhang CC (2005) Ontology-Based Policy Specification and Management. Proceedings of European Semantic Web Con- ference (ESWC2005), May/Jun, Heraklion, Greece.
17. Porekar J, Dolinar K, Jerman Blažič B (2007) Middleware for Privacy Protec- tion of Ambient Intelligence and Pervasive Systems. WSEAS Transactions on Information Science and Applications, Issue 3, vol 4, March, p/pp 633–639
3 Applying Trust in Mobile and Wireless
Networks
3.1 Introduction
Security-sensitive data and applications transmitted within mobile ad-hoc networks require a high degree of security. Because of the absence of fixed base stations and infrastructure services like routing, naming and certifica- tion authorities, mobile ad-hoc networks differ highly from traditional wireless networks. In MANETs, nodes may join and leave the network ar- bitrarily, sometimes even without leaving a trace and the network topology may change dynamically. Consequently, it is very important to provide se- curity services such as authentication, confidentiality, access control, non- repudiation, availability and integrity. Due to the fact that central trusted third parties (TTP) are not appropriate in mobile ad-hoc network settings, the notion of Trust becomes more and more important. Although Trust is
Dagmara Spiewak and Thomas Engel
well known in everybody’s life, the formal definition poses several chal- lenges. So far, subjective interpretations and notions about the word Trust lead to ambiguousness of the term. In [19] Pradip Lamsal presents a wide expertise on the description of trust in networks and its relationship to- wards Security. Nowadays, the concept of Trust in the computing envi- ronment mainly appears in combination with e-commerce on the Internet, for example in the PayPal Payment System used for securely transferring money over the Internet. In [10] a direct comparison between Trust sys- tems applied in the Internet and the requirements for Trust systems in spontaneously emerged mobile ad-hoc networks, where the Trust estab- lishment has to be performed without the presence of a Trust infrastruc- ture, is presented. Due to the dynamic character and quick topology changes, Trust establishment in mobile ad-hoc networks should support
SECAN-Lab
University of Luxembourg, 6, r. Richard Coudenhove-Kalergi, L-1359 Luxembourg
40
on trusted key exchange and trusted key exchange on the other side can only proceed with required security services. Moreover, ad-hoc networks rest on trust-relationships between the neighboring nodes that evolve and elapse on the fly and have typically only short durability. Assuming such an environment misleadingly as cooperative by default would ignore the high vulnerability to attacks on these trust relationships. Particularly self- ish, malicious, or faulty nodes pose a threat to availability and function- ality of mobile ad-hoc networks and may even exploit these trust rela- tionships in order to reach desired goals. To overcome these difficulties, again Trust in mobile ad-hoc networks has been used, introducing several conditions, such as the presence of a central authority. Unfortunately, these solutions are mainly against the real nature of spontaneous mobile ad-hoc networks. The concept of Trust Management is defined by Audun Jøsang, Claudia Keser and Theo Dimitrikos in [18] as “The activity of creating systems and methods that allow relying parties to make assess- ments and decisions regarding the dependability of potential transaction involving risk, and that also allow players and system owners to increase and correctly represent the reliability of themselves and their systems”.
The following section presents feasible attacks in mobile ad-hoc net- work settings, prior to the descriptions of different Trust Models in the subsequent sections.