A Generalized Honest-But-Curious Strategy for Automatically Harvesting Credentials

Lars Olson, Mike Rosulek, and Marianne Winslett.

University of Illinois Technical Report UIUCDCS-R-2007-2892. Extended abstract appeared in WPES 2007 as "Harvesting Credentials in Trust Negotiation as an Honest-But-Curious Adversary."

Abstract

Need-to-know is a fundamental security concept: a party should not learn information that is irrelevant to its mission. In this paper we show that during a trust negotiation in which parties show their credentials to one another, an adversary Alice can systematically harvest information about all of a victim Bob's credentials that Alice is entitled to see, regardless of their relevance to a negotiation. We prove that it is not possible to enforce need-to-know conditions in the trust negotiation model and protocol developed by Yu, Winslett, and Seamons. We also present examples of similar need-to-know attacks with the trust negotiation approaches proposed by Bonatti and Samarati, and by Winsborough and Li. Finally, we propose possible countermeasures against need-to-know attacks, and discuss their advantages and disadvantages.

Downloads