Confidentiality in Online Collaborations

Keith Frikken, Visiting Assistant Professor
Computer Science Department, Purdue University


Abstract

One consequence of the advent of computing and networking is that more information is stored electronically, and this new information creates several new opportunities for collaboration. Furthermore, entities that participate in such collaborations may obtain substantial benefit from the collaboration. Surprisingly, in most cases these collaborations do not occur and thus these potential benefits go unrealized. There are many reasons why collaboration does not occur, but a primary reason is the apparent need to share sensitive nformation in order to collaborate. In this talk, I will discuss techniques for creating secure protocols that allow collaboration without the need to share sensitive information. The talk will focus on two applications of such technology. First, participants in e-commerce and other forms of online collaborations tend to be selfish and rational. In many common games, the joint strategy of the players is described by a list of pairs of actions, and one of those pairs is chosen according to a specified correlated probability distribution. In traditional game theory, it is a trusted third party mediator that carries out the random selection, and reveals to each player that player's recommended action from the selected pair. The second example is attribute-based access control. More specifically, in an open environment such as the Internet, the decision to collaborate with a stranger (e.g., by granting access to a resource) is often based on the characteristics (rather than the identity) of the requester, via digital credentials: Access is granted if Alice's credentials satisfy Bob's access policy. The literature contains many scenarios in which it is desirable to carry out such trust negotiations in a privacy-preserving manner, i.e., so as minimize the disclosure of credentials and/or of access policies. In this talk, I will introduce secure protocols for each of these applications.