Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2007.14-C.7.545

Design and Analysis of a Secure Protocol for the P3P Standard  

Choi, Hyun-Woo (성균관대학교 대학원 전기전자컴퓨터공학부)
Jang, Hyun-Su (성균관대학교 대학원 전기전자및컴퓨터공학과)
Ko, Kwang-Sun (성균관대학교 대학원 이동통신공학과)
Kim, Gu-Su (동양대학교 정보통신공학부)
Eom, Young-Ik (성균관대학교 정보통신공학부)
Publication Information
The KIPS Transactions:PartC / v.14C, no.7, 2007 , pp. 545-552 More about this Journal
Abstract
P3P(Platform for Privacy Preference) that is used in the World Wide Web is a standard to define and negotiate policies about definition, transmission, collection, and maintenance of personal information. Current P3P standard provides methods that define client personal information protection policy and P3P policy associated with web server. It also provides a method that compares these two policies. The current P3P standard, however, does not handle detail functions for safe transmission of the personal information and data. Also, it does not handle problems that can be induced by the detail functions. In this paper, in order to solve these problems, we propose a Secure P3P(S-P3P) protocol, which is a security protocol for the current P3P standard, offers mutual authentication between the web server and the client, and guarantees integrity and confidentiality of the messages and data. Furthermore, a S-P3P protocol provides non-repudiation on transmission and reception of personal information that is transmitted from the client to the web server.
Keywords
Platform for Privacy Preference(P3P); Privacy Protection; Mutual Authentication; Secure Protocol; Web Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. Bennicke and P. Langendorfer, 'Towards automatic negotiation of privacy contracts for Internet services', Proc. of 11th IEEE Conference on Computer Networks, ICON2003, IEEE Society, pp.319-324, 2003   DOI
2 L. Cranor, L. Marc, M. Massimo, P. Martin, and R. Joseph, 'The Platform for Privacy Preferences 1.0 specification', http://www.w3.org/TR/P3P/, 2002
3 L. Cranor, H. Giles, L. Marc, M. Massimo, P. Martin, R. Joseph, and S. Matthias, 'The Platform for Privacy Preferences 1.1 specification', http://www.w3.org/TR/P3P11/, 2006
4 H. Hochheiser, 'The platform for privacy preference as a social protocol: An examination within the U.S. policy context', ACM Transactions on Internet Technology (TOIT), Vol. 2, Issue 4, pp.276-306, 2002   DOI
5 L. F. Cranor, 'P3P: making privacy policies more useful', Security & Privacy Magazine, IEEE, Vol. 1, Issue 6, pp.50-55, 2003   DOI   ScienceOn
6 Purpose of Platform for Privacy Preferences, http://en.wikipedia.org/wiki/P3P#Purpose
7 W. Stallings, Cryptography and network Security? Principles and Practices (Fourth Edition)'. PEARSON Education
8 A. O. Freier, P. Karlton and P. C. Kocher, 'The SSL Protocol Version 3.0', Netscape, http://wp.netscape.com/eng/ssl3/draft302.txt, 1996
9 A. Elgohary, T. S. Sobh and M. Zaki, 'Design of an enhancement for SSL/TLS protocols', Computers & Security, Elsevier, Vol. 25, Issue 4, pp.297-306, 2006   DOI   ScienceOn
10 AT&T privacy bird, AT&T, http://www.privacybird.com, 2002
11 Privacy in Internet Explorer 6, http://msdn.microsoft. com/workshop/security/privacy/overview/privacyie6.asp, MICROSOFT
12 L. Cranor, M. Langhinrich, and M. Marchiori, 'A P3P Preference Exchange Language 1.0 (APPEL1.0)', W3C Working Draft, 2001
13 L. Aversano, G. Canfora, A. De Lucia, and P. Gallucci, 'Intergrating Document and Workflow Management Tools using XML and Web Technologies: A Case Study', Proc. of Sixth European Conference of Software Maintenance and Reengineering, pp.24-33, 2002   DOI
14 M. S. Ackerman, 'Privacy in pervasive environments: next generation labeling protocols', Personal and Ubiquitous Computing, Vol. 8, Issue 6, pp.430-439, 2004   DOI