Attacks on Confidentiality of Communications Between Stranger Organizations

Attacks on Confidentiality of Communications Between Stranger Organizations

Mikaël Ates (Entr’ouvert, Paris, France) and Gianluca Lax (Department of Computer Science, Electronics, Mathematics and Transportation (DIMET), University Mediterranea of Reggio Calabria, Reggio Calabria, Italy)
Copyright: © 2013 |Pages: 18
DOI: 10.4018/ijkbo.2013040101
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Knowledge has become the main intangible asset of many organizations. Two organizations that have had no previous contact or relationship are defined strangers. When two stranger organizations enter into a relationship, knowledge plays a very critical role since each party has to disclose its own knowledge to achieve knowledge from the other party. In this paper, the authors study the confidentiality of communications between stranger organizations, showing that even when strong authentication algorithms, like RSA, are exploited, no guarantee that the communication is confidential can be given. This study is surely useful to keep in mind the limitations concerning the confidentiality whenever stranger organizations are involved.
Article Preview

Introduction

In the industrial era, organizations were based on the physical work done by individuals in factories and, for this reason, they are referred as job-based organizations. Nowadays, the idea of workers holding a job is replaced by that of workers bringing knowledge to the organization, knowledge understood as capability of solving a problem, identifying a threat, analyzing a scenario, and so on. In this case, we refer to knowledge-based organizations (KBOs) (Lindgren Stenmark, & Ljungberg, 2003). Knowledge has become the main intangible asset of KBOs and plays a very critical role when two organizations enter into a relationship, since each interlocutor has to disclose its own knowledge in order to achieve knowledge from the other party (Allison & Strangwick, 2008). The above issue in also more critical whenever the two organizations are strangers, that is, they have no a priori information about their interlocutor and they have to take decisions (Heikkinen, Matuszewski, & Hammainen, 2008). This typically happens when organizations are in open environments, such as the Internet or ubiquitous and pervasive environments, where the perceived risk is high (Cunningham, Gerlach, Harper, & Kellogg, 2008). In this case, the environment is marked by the following three characteristics:

  • Absence of Identifiers (C1): Claiming an identity to the interlocutor is useless;

  • Insecure Channel (C2): The communication takes place over an insecure channel;

  • Absence of a Single Trusted Party (C3): There is no single authority able to ensure security services (e.g., confidentiality).

C1 derives directly from the definition of strangers: indeed, since organizations are strangers, any identifier name is unknown to the interlocutor. C2 is due to the fact that we are in open environments so that an attacker can sniff, modify, intercept, kill, re-route, delay, and reorder messages (Srinivasulu, Nagaraju, Kumar, & Rao, 2009). C3 models the fact that it is possible to have an external party trusted by two or more organizations but it is unrealistic to assume the presence of a third party trusted by all organizations.

It is expected that in the future there will be a lot of stranger organizations that will have the necessity of entering into a relationship for business reasons. In this paper, we analyze the relationship between stranger organizations and, in particular, the concepts of trust and confidentiality. Indeed, relationships between strangers in an open environment rely on trust, considered as a state in which an entity accepts to enter into a relationship with another entity, expecting to reach a goal (McKnight & Chervany, 2001). Confidentiality, usually defined as a service used to keep secret the content of a communication from all but those authorized to have access (Menezes, Vanstone, & Oorschot, 1996), may be requested for relationships. In this study, we formalize the task in which two entities enter into a relationship. Then, we analyze the confidentiality of their communication and we show possible threats.

We observe that the topic of communication between strangers is very relevant also in many other application contexts, like P2P systems, C2C e-commerce, ad-hoc networks, privacy preserving, authentication, trust negotiation, unlinkability, only to cite some examples (some of them will be discussed in the related work section). It is worth noting that we do not introduce here a new technology or a solution to the problem of confidentiality since, as we explain in the paper, no solution exists. Conversely, the contributions of our study can be summarized as follows:

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing