Privacy preserving credential verification for non-monotonic trust management systems

Trust management systems provide a flexible way for performing decentralized security management. However, most trust management systems only support monotonic policies. Compared with non-monotonic policies, monotonic ones are less flexible and cannot express policies such as "Chinese wall policies" and "separation of duties". To support non-monotonic policies, trust management systems must be able to correctly identify the credentials which a subject has that are required by the policies. Previous efforts address the problem by letting the system query the issuers directly to verify the possession status of the credentials. But this approach can violate the subject's privacy. The main contribution of this paper is a cryptographic credential verification scheme for non-monotonic trust management systems that can correctly identify the credentials that a subject has while also protecting the subject's privacy. We also analyze the security of the scheme and prove that with correct construction and certain cryptographic assumptions, the scheme is secure.