Provided by the author(s) and NUI Galway in accordance with publisher policies. Please cite the published version when available. Title A Privacy-enhanced Usage Control Model Author(s) Slawomir, Grzonkowski Publication Date 2010-04-20 Item record http://hdl.handle.net/10379/1849 Downloaded 2021-09-25T17:55:36Z Some rights reserved. For more information, please see the item record link above. A Privacy-Enhanced Usage Control Model Sławomir Grzonkowski Submitted in fulfillment of the requirements for the degree of Doctor of Philosophy SUPERVISOR: DIRECTOR OF RESEARCH: EXTERNAL EXAMINER: Dr. Peter Corcoran Prof. Manfred Hauswirth Prof. Witold Abramowicz Digital Enterprise Research Institute, National University of Ireland, Galway September 2010 Acknowledgments I would like to thank to my supervisor, Dr. Peter Corcoran, for his proactive guidance through academia and supervision of this thesis work, and also for spending many hours improving my thesis even if his tight schedule did not allow him to. I am especially thankful for taking me over after one year of my studies. I am also thankful to Bill McDaniel for providing a very good environment for work within the e-learning cluster and later in the DAI stream. In particular I appreciate the fact that he let me investigate thoroughly the ideas I believed in. I thank to Prof. Stefan Decker for giving me the opportunity of doing my Ph.D in DERI; and for his support and supervision at the early stage of my studies. I am indebted to Dr. Brian Wall for seeing opportunity in my ideas and also for stimulating me to work hard on them. I would like to thank other people who worked with me, especially to Wojciech Zaremba for his help on on the early ZKP prototype implementation; and to Łukasz Korczy´nskiand Anna D ˛abrowska for their great performance on the SeDiCi project. I am also thankful to prof. Manfred Hauswirth for his constructive feedback on the final version of this thesis, and also for his help in formulating a well structured documentation of my research. I would also like to express my gratitude to prof. Witold Abramowicz for agreeing to be my external examiner, his scientific support, and also for his time and energy in reviewing my thesis. I thank to my peers, colleagues and mentors at DERI for many stimulating conversations about research ideas and also for their help in settling in Ireland. My work also benefited from Enterprise Ireland due to its financial support under the grants no. *ILP/05/203* and REI1005. I dedicate the highest thanks to my parents, Elzbieta˙ and Kazimierz, without their help I could not possibly done this work. They kept motivating me, even in the most stressful moments. Sławomir Grzonkowski, Galway, Ireland, 2010 i ii Abstract Recently we have observed a growing demand for secure technologies for e-commerce that do not put customers at risk of identity theft. We have also experienced the advent of Web 2.0 which has led to new business models and which has changed the way users interact with the Web. This thesis proposes a set of strategies and enhancements towards providing improved security and privacy in such new settings. We introduce a novel concept: Fair Rights Management (FRM). It can be classified as a usage control solution. FRM enables a flexible way of managing digital content. There was a need to provide additional security extensions to keep such a flexible model applicable. Thus, in our approach we take advantage of trust obtained from social networks. This is also the reason why we created an efficient zero-knowledge proof protocol that is lightweight enough to be deployed within existing web-applications. The proposed protocol is also suc- cessfully integrated with Semantic Web architecture and associated components. It enables practical Web and mobile applications which employ trust-based transactions as part of their workflow. This core contribution overcomes various disadvantages of prior art and enables a range of new applications and potentially new business models. We show that compared to existing Usage Control Models (UCON) (i) FRM is a step to- wards fair use in the digital world and we also argue that our approach is enforced by law; (ii) the participants of the proposed solution do not put their privacy at risk. Our research shows that existing infrastructure is sufficient to support ZKP-based solutions; and thus, it is feasible to offer the users enhanced privacy within existing deployed solutions. iii iv Contents Acknowledgmentsi Abstract iii Contents v I Prelude1 1 Introduction 5 1.1 Motivation........................................5 1.2 Research Questions...................................7 1.3 Contribution.......................................8 1.4 Reader’s Guide.....................................9 II State of the Art 13 2 Management and Usage Control of Digital Media 17 2.1 Access Control...................................... 18 2.2 Trust Management................................... 21 2.3 Digital Rights Management.............................. 23 2.4 Usage Control Models................................. 29 2.5 Fair Use.......................................... 31 v 2.6 Summary and Conclusion............................... 34 3 Web Authentication 37 3.1 Vulnerabilities of Authentication Protocols..................... 38 3.2 Web Authentication Solutions............................. 41 3.3 Summary and Conclusion............................... 48 4 Trust Issues in The Social Semantic Web 51 4.1 Social Networks..................................... 51 4.2 Friend-of-a-Friend Vocabulary............................ 54 III Core 59 5 Conceptual Model 63 5.1 Existing Usage Control Solutions........................... 63 5.2 FRM Usage Control Model............................... 64 5.3 Structure of Authorization Decision......................... 66 5.4 Model Definitions.................................... 67 5.5 Summary......................................... 70 6 Zero Knowledge Proof Authentication 71 6.1 Zero Knowledge Proof Authentication........................ 71 6.2 Approaches to ZKP................................... 73 6.3 Protocol Compositions................................. 76 6.4 Usability Considerations of using ZKP Protocols.................. 78 7 Implementation 79 7.1 Conceptual Model Implementation.......................... 79 7.2 Trust Management and Access Control........................ 82 7.3 Applied Rights Expression Model.......................... 83 7.4 Rights Management Vocabularies........................... 86 7.5 Digital Watermarking.................................. 88 vi 7.6 Authentication Service................................. 90 7.7 Application Scenarios.................................. 97 8 Evaluation 103 8.1 Usability of a Web-based ZKP implementation................... 103 8.2 Sequential Composition................................ 105 8.3 Parallel Composition.................................. 106 8.4 Concurrent Composition................................ 114 8.5 Other Protocol Threats................................. 117 8.6 Open Questions of Graph Isomorphism....................... 118 8.7 Summary and Conclusion............................... 119 IV Conclusions 121 9 Summary and Future Work 125 9.1 Summary......................................... 125 9.2 Conclusions and Contributions............................ 126 9.3 Future Work....................................... 128 V Appendices 129 A FRM Implementation Design 133 A.1 Object Discovery.................................... 133 A.2 Object Download.................................... 134 A.3 Member Item...................................... 134 A.4 Borrow Object...................................... 134 A.5 Buy Object........................................ 136 A.6 Digital Watermarking.................................. 136 A.7 Content Player...................................... 136 B RDF Examples of FRM Data Samples 139 vii C Sampled Data 141 C.1 Parallel composition.................................. 141 C.2 Concurrent composition................................ 141 D Academic Contributions 145 D.1 Principle Academic Contributions.......................... 145 D.2 Supplemental Publications and Academic Contributions............. 152 D.3 Volunteer Work & Contributions........................... 152 Bibliography 155 List of Figures 173 List of Tables 175 Glossary 177 Index 179 viii Part I Prelude 1 3 "I, myself, have had many failures and I’ve learned that if you are not failing a lot, you are probably not being as creative as you could be -you aren’t stretching your imagination." — John Warner Backus 4 Chapter 1 Introduction In this chapter we explain our motivations and goals. A short historical overview of e- commerce and information dissemination solutions is presented to provide a context for our research. A reader’s guide and overview of the thesis structure are also provided. 1.1 Motivation There are two primary motivations for the research presented in this thesis. The first is the growing demand for secure technologies for e-commerce that do not put customers at risk of identity theft. The second is the advent of Web 2.0 and the social semantic web. It has led to new business models and has changed the way that user’s interact with the web. 1.1.1 E-commerce Commerce is defined as the exchange of goods and services between parties, typically for money. Originally, such exchanges were made face to face. Thus there was a natural element of trust increased by the familiarity of the seller by the buyer [Gefen 2000]. In the today’s world
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages191 Page
-
File Size-