Trust - PowerPoint PPT Presentation

About This Presentation
Title:

Trust

Description:

... applets and macros embedded in documents, subverted databases of sensitive ... can confirm the source of documents does not have any explicit implication ... – PowerPoint PPT presentation

Number of Views:119
Avg rating:3.0/5.0
Slides: 52
Provided by: cse54
Category:
Tags: trust

less

Transcript and Presenter's Notes

Title: Trust


1
Trust
Prakash Kolan Srikanth Palla
2
Trust
  • Trust is a social good to be protected just as
    much as the air we breathe or the water we drink.
    When it is damaged, the community as a whole
    suffers and when it is destroyed, societies
    falter and collapse
  • - Sissela Bok,

  • "Lying Moral Choice in Public and
    Private Life", 1978

3
Introduction
  • Internet
  • The Internet of the past is one of limited
    services and a fixed set of users, mainly
    academics and scientists
  • From this, it has developed into a pervasive
    utility, playing host to a vast range of services
  • High volume transactions and online activity
    everyday.
  • With all this comes greater uncertainty and risk
    arising from the intentional hostility or
    carelessness of on-line entities.
  • Existing examples of the risks include viruses
    and Trojan horses, applets and macros embedded in
    documents, subverted databases of sensitive
    financial information, etc7

4
Introduction
  • The open and pervasive nature of Internet
  • No central authority for monitoring system
    activity
  • Improper maintenance of host and network security
    coupled with end host vulnerabilities in context
    of huge volume host interactions
  • The level of expertise and experience required to
    recognize potential risk in every on-line
    interaction is currently beyond the ability and
    resources of the average user
  • To help with this situation, users must be given
    the ability to assess the trustworthiness of
    entities it encounters.

5
Introduction
  • Current security technology provides us with some
    capability to build in a certain level of trust
    into our communication.
  • cryptographic algorithms for privacy and digital
    signatures
  • signatures, authentication protocols for proving
    authenticity
  • access control methods for managing
    authorization.
  • These methods cannot manage the more general
    concept of trustworthiness.
  • Cryptographic algorithms, for instance, cannot
    say if a piece of digitally signed code has been
    authored by competent programmers and a signed
    public-key certificate does not tell you if the
    owner is an industrial spy

6
Trust can be defined as
  • Trust may be regarded as a judgment made by the
    user, based on general experience learned from
    being a consumer and from the perception of a
    particular merchant4
  • Trust an agents belief in another agents
    capabilities, honesty and reliability based on
    its own direct experiences5

7
Trust can be defined as
  • Assured reliance on the character, ability,
    strength, or truth of someone or some thing 1
  • As confidence in or reliance on some quality or
    attribute of a person or thing, or the truth or a
    statement2
  • Trust indicates a positive belief about the
    perceived reliability of, dependability of, and
    confidence in a person, object, or process3

8
Preconditions for Trust
  • In order for trust to be relevant in a particular
    situation, two conditions must be present.
  • Dependence of the trustor on the trustee. This
    dependence entails two things39
  • The trustor has a particular need to fulfill
  • The trustee possesses the potential to satisfy
    this need
  • The Risk for the above Dependence
  • The trustor possesses uncertainty about the
    outcomes and vulnerability to a potential loss if
    the outcomes are undesirable.

9
Principles of Trust
  • Principle 1 Trust depends on identity.
  • Trust accrues over time between individuals and
    companies that build a shared history of positive
    interactions.
  • Trust depends on identity, the condition of being
    distinguishable from others, for without identity
    there is no way to group together separate
    interactions into a history.
  • Principle 2 Trust is based on information32
  • To trust someone or some organization one must
    first get to know them.
  • The information required to know another party
    has many dimensions as it must capture knowledge
    about complex behaviors surrounding issues such
    as privacy, reliability and past performance.

10
Principles of Trust
  • Principle 3 Trust is a function of the
    perception of risk.
  • Trust is a belief or expectation that the word or
    promise by other agent can be relied upon and
    will not take advantage of the his
    vulnerability33
  • Risk is the core of trust in that trust is the
    degree to which a truster holds a positive
    attitude toward the trustees goodwill and
    reliability in a risky exchange situation34
  • Principle 4 Trust deepens over time and with
    increased reciprocity.
  • Trust is intimately associated with risk and when
    a trustee realizes that a truster has taken
    considerable risk in trusting them, they tend to
    be motivated to behave in a trustworthy manner.
  • do not blindly take unjustified risk in the hope
    of developing a trustful relationship but rather
    adopt a gradual approach in which partners start
    with limited incremental investment when risk and
    uncertainly levels are high35

11
Principles of Trust
  • Principle 5 Trust is a matter of degree
  • There is no such thing as blanket trust
  • trust can be defined as the degree to which the
    truster holds a positive attitude toward the
    trustees goodwill and reliability in a risky
    exchange situation36
  • Principle 6 Culture affects trust.
  • The fundamental bases of trust varies across
    nationalities
  • Agents coming from individualistic countries
    having a higher trusting stance in general and
    being more willing to base their trust in other
    agents on factors that are inferred from an
    impersonal Web site than agents from collectivist
    countries37

12
Principles of Trust
  • Principle 7 Third party ratings are important in
    developing trust.
  • Trust is affected not only via first hand
    interaction, but also by the opinions of other
    parties.
  • An important source of opinions is trusted third
    parties. In the offline world such parties
    include organizations such as the Better Business
    Bureau, Consumer Reports, and the media in
    general who render expert opinions based on
    research37
  • Principle 8Second party opinions are important
    in developing trust.
  • Trust can also be affected by the opinions of
    second parties that have had experience in
    conducting similar transactions.
  • Such parties are synonymous to friends and family
    in offline world.

13
Principles of Trust
  • Principle 9 First party information is important
    in developing trust.
  • First party information, i.e., information that
    the party provides concerning themselves is
    critical to developing trust online.
  • The first party needs to clearly present
    information about their services (e.g., delivery
    methods, insurance, payment methods), policies
    (e.g., privacy, security, returns) and products
    (e.g., description, pricing, availability).
  • Principle 10 Formal and social controls are
    important in developing trust.
  • Formal controls employ codified rules, goals,
    procedures and regulations that specify desired
    patterns of behavior36
  • social controls use organizational and cultural
    values and norms to encourage desirable behavior.
    Social controls in alliances often take the form
    of socialization, interaction and training36

14
Trust Typology
  • Interpersonal Trust Trust an agent has in other
    agent directly. It is agent and context specific
    25. For example Alice may trust a specific
    agent Bob the Mechanic in the specific context of
    servicing her car but not in the context of
    babysitting her children.
  • System Trust or Impersonal TrustTrust that is
    not based on any property or state of the trustee
    but rather on the perceived properties or
    reliance on the system or institution within
    which that trust exists. E.g. The monetary
    system
  • Dispositional TrustSometimes referred to as
    ones basic trust, describes the general
    trusting attitude of the truster. A sense of
    basic trust, which is a pervasive attitude toward
    oneself and the world 25.

15
A Typology of Related Trust Constructs
  • Trust can be categorized into different
    conceptual types, such as attitudes, beliefs,
    behaviors, and dispositions. It could be even
    categorized as reflecting different referents
    trust in something, in someone, or in a specific
    characteristic of someone (e.g., ones honesty).
  • Based on above, an interdisciplinary model of
    trust types can be defined
  • Disposition to Trust
  • Institution-based Trust
  • Trusting Beliefs
  • Trusting Intention

16
Interdisciplinary trust constructs model
17
Disposition to trust
  • The extent to which one displays a consistent
    tendency to be willing to depend on general
    others across a broad spectrum of situations and
    persons28.
  • Sub-Constructs
  • Faith in Humanity29
  • Refers to underlying assumptions about people
  • one assumes others are usually upright,
    well-meaning, and dependable
  • Trusting Stance30Means that, regardless of
    what one assumes about other people generally,
    one assumes that one will achieve better outcomes
    by dealing with people as though they are
    well-meaning and reliable.

18
Institution Based Trust
  • One believes the needed conditions are in place
    to enable one to anticipate a successful outcome
    in an endeavor or aspect of ones life
  • Comes from the sociology tradition that people
    can rely on others because of structures,
    situations, or roles that provide assurances that
    things will go well.
  • Sub Constructs
  • Structural Assurance31One believes that
    success is likely because guarantees, contracts,
    regulations, promises, legal recourse, processes,
    or procedures are in place that assure success
  • Situational NormalityOne believes that success
    is likely because the situation is normal or
    favorable.

19
Trusting Beliefs
  • One believes (and feels confident in believing)
    that the other person has one or more traits
    desirable to one in a situation in which negative
    consequences are possible.
  • Sub constructs
  • CompetenceOne believes the other person has the
    ability or power to do for one what one needs
    done.
  • BenevolenceOne believes the other person cares
    about one and is motivated to act in ones
    interest
  • IntegrityOne believes the other person makes
    good faith agreements, tells the truth, and
    fulfills promises
  • Predictabilityone believes the other persons
    actions (good or bad) are consistent enough that
    one can forecast them in a given situation

20
Trusting Intentions
  • One is willing to depend on, or intends to depend
    on, the other person in a given task or situation
    with a feeling of relative security, even though
    negative consequences are possible.
  • Sub Constructs
  • Willingness to dependone is volitionally
    prepared to make oneself vulnerable to the other
    person in a situation by relying on them
  • Subjective probability of Dependingthe extent to
    which one forecasts or predicts that one will
    depend on the other person

21
Example E-commerce Relationship Trust Model
22
Different methods
  • Trust models in peer-to-peer networks
  • Trust models on the semantic web

23
Trust models in Peer-to-peer N/w
  • Decentralized Peer to Peer (P2P) networks offer
    both opportunities and threats.
  • Its open and decentralized nature makes it
    extremely susceptible to malicious users
    spreading harmful content like viruses, trojans
    or, even just wasting valuable resources of the
    network.
  • In order to minimize such threats, the use of
    community-based reputations as trust measurements
    is fast becoming a de-facto standard
  • The idea is to dynamically assign a trust rating
    for each peer and the peers can communicate among
    themselves based on the peer trust rating.

24
Trust Models in Peer-to-peer N/w
  • Bayesian Network-Based Trust Model in
    Peer-to-Peer Networks5
  • Represents a differentiated trust model as trust
    differs for different peers at different
    instances and situations
  • Depending on the situation, a peer may need to
    consider its trust in a specific aspect of
    another peers capability or in multiple aspects.
  • It employs Bayesian network concepts for
    providing flexible methods for deducing these
    differentiated trust values.

25
Trust Models in Peer-to-peer networks
  • Collaborative Automated Trust Negotiation in
    Peer-to-Peer Systems13
  • Many of the users are reluctant to do high volume
    transactions over the internet as the security
    issues posed by the P2P systems are severe and
    daunting
  • Investigates building trust by automated trust
    negotiations.
  • These trust negotiations help in proving that a
    peer satisfies certain trust requirements.
  • The peers in the peer-to-peer networks build
    trust relationships among each other by
    collaboratively negotiating their credentials
  • These trust negotiations can be used along with
    reputation systems to build efficient P2P trust
    systems.

26
Trust Networks on the Semantic Web
  • "Trust" is a word that has come to have
    several very specific definitions on the
  • Semantic Web. Much research has focused on
    authentication of resources, including work on
    digital signatures and public keys. Confidence in
    the source or author of a document is important,
    but trust, in this sense, ignores many important
    points. Just because a person can confirm the
    source of documents does not have any explicit
    implication about trusting the content of those
    documents.

27
Introduction
  • Here we are going to addresses trust as
    credibility or reliability in a much more human
    sense. It opens up the door for questions like
    how much credence should I give to what this
    person says about a given topic, and based on
    what my friends say, how much should I trust this
    new person?"

28
Introduction
  • we will discusses how to build a meaningful
    social network from the architecture of the
    semantic web, and how it conveys meaning about
    the structure of the world. We describe a sample
    algorithm for computing trust in a network.

29
Networks on the Semantic Web
  • Studying the structure of the hypertext web
    can be used to find community structure in a
    limited way. A set of pages clustered by
    hyperlinks may indicate a common topic among the
    pages, but it does not show more than a generic
    relationship among the pages. Furthermore, pages
    with fewer outgoing links are less likely to show
    up in a cluster at all because their connectance
    is obviously lower. These two facts make it
    difficult for a person to actually see any
    relationship among specific concepts on the web
    as it currently stands classification is not
    specific enough, and it relies on heavy
    hyperlinking that may not be present.

30
  • The Semantic Web changes this. Since the
    semantic data is machine-understandable, there is
    no need to use heuristics to relate pages.
    Concepts in semantically marked up pages are
    automatically linked, relating both pages and
    concepts across a distributed web

31
Implementation
  • The semantic web of trust requires that
    users describe their beliefs about others. Once a
    person has a file that lists who they know and
    how much they trust them, social information can
    be automatically compiled and processed.

32
Requirments
  • The Internet provides an easy way to set up shops
    and conduct commerce at any place in the world.
    Vendors can thus sell goods and conduct commerce
    on the Internet. Most of the time customers use
    the Internet commerce mechanism to order goods
    and pay for the transaction through a credit card
    (extending the so called mail -order, phone order
    to Internet-order). In order to secure the
    transmission of credit card numbers customers
    could send it encrypted using protocols such as
    Secure Sockets Layer (SSL) until implementations
    of special payment protocols like Secure
    Electronic Transactions (SET) or Joint Electronic
    Payment Initiative (JEPI) become available.

33
Requirments
  • It is important that transactions be atomic. In
    other words, the entire transaction should be
    carried out in a fault tolerant way such that no
    party involved in the transaction may be put at a
    loss after the completion of the transaction
    i.e., the vendor should not feel cheated by
    having not received payment for goods sold, nor
    the customer feel cheated for not having received
    goods for payment made. Electronic commerce
    protocols have been designed to provide this kind
    of EC-atomicity. However, these protocols have
    not been equipped with mechanisms to protect a
    vendor from a customer who makes a fraudulent
    payment or a customer from a vendor who supplies
    low quality or garbage goods. In other words,
    these protocols need to be equipped with suitable
    trust mechanisms i.e., they should be
    strengthened by adding a non-repudiable context
    to the transaction protocol.

34
Measurement of Trust
  • Eventhough the quantitative measurement of trust
    cannot be adequately performed, several variables
    on which trust depends could be used to define
    trust. These variables in turn influence actions
    taken by a transacting entity. Certain parameters
    modify trust actions.

35
Trust Variables
  • Cost of Transaction
  • Transaction History
  • Customer Loyalty
  • Indemnity
  • Spending Pattern

36
Cost of Transaction
  • Careful customers pay attention to the price and
    quality of goods. Expensive items are bought
    after careful thought and consumer report
    analysis. Vendors make sure that the money
    offered for the item is not counterfeit, that the
    buyer has enough funds in his bank account or on
    his credit card. Risk is based on cost of goods.
    For example, a vendor may not be concerned on
    losing revenue on a single micro-transaction. (A
    micro-transaction is one that has negligible cost
    value like a tenth of a cent to a cent). This is
    a micro-risk transaction. As the cost of the
    transaction increases or the number of such
    micro-transactions increase, vendors pay
    attention to revenues and income on such
    transactions.

37
Transaction History
  • Transaction history is similar to a persons
    credit history. Just as a persons credit history
    is checked before issuing a loan, or before
    increasing the credit limit on his card, a
    persons transaction history measures trust and
    is consulted for evaluating transactions. For
    example, questionable customers who always
    complain that they receive outdated stock
    information, might need a non-repudiated proof of
    verification. This could be in the form of a
    time-stamped receipt of stock information.

38
Customer Loyalty
  • It is a well known practice in commercial
    establishments that they tend to provide several
    benefits in the form of awards, mileage points,
    etc. to customers who show them loyalty. A
    frequent buyer will be treated with greater trust
    than a stranger.

39
Indemnity
  • If a trusted intermediary stands as a guarantee
    against loss, then there is an increase in trust
    level of the transaction.

40
Spending Pattern
  • If a customers host is compromised or if someone
    steals the customers smart card, or currency,
    one could notice a suspicious activity by
    observing the spending pattern.

41
Conclusion
  • Trust is a complex and multi-dimensional
    phenomenon.
  • The human perception of trust is a core
    ingredient in any online transaction, and future
    electronic systems must support trust services to
    gain loyalty at both ends.
  • Trust is many faceted form of human behavior. Ask
    people why they trust an individual or company
    and you will receive an enormous range of
    answers. In many cases you will find that people
    cannot even articulate the inner workings of
    their own trust processes.

42
Conclusion
  • The trust principles presented represent aspects
    of trust that need to be addressed when building
    infrastructure to support online trust.
  • We have discussed the conceptual level constructs
    which consist of Disposition to Trust (from
    Psychology), Institution-based Trust (from
    Sociology), and Trusting Beliefs and Trusting
    Intentions (from Social Psychology).
  • The typology of trust constructs helps address
    conceptual confusion by representing trust as a
    coherent set of four constructs and ten sub
    constructs.

43
Conclusion
  • Enabling peers to develop trust among themselves
    is important in a peer-to-peer system where
    resources (either computational, or files) of
    different quality are offered.
  • It will become increasingly important in systems
    for peer-to-peer computation, where trust can
    provide a way for protection of unreliable,
    buggy, infected or malicious peers
  • If we are to create online environments in which
    trading relationships are as easy to navigate, we
    will need to evolve rich and varied forms of
    online trust infrastructure and address numerous
    business, technical, social and legal issues.

44
References
  1. Merriam-Webster. Merriam-Webster Online
    Merriam-Webster, Inc., 2002. URL
    http//www.m-w.com
  2. Oxford. Oxford English Dictionary. Oxford
    University Press, 2nd edition, 1989
  3. Ben Shneiderman. Designing Trust into Online
    Experiences. Communications of the ACM,
    43(12)5759, December 2000
  4. Derek Sisson. ecommerce. URL http//www.philosoph
    e.com/commerce/ecommerce.html, February 2000
  5. Wang, Y., Vassileva J. (2003) Bayesian
    Network-Based Trust Model in Peer-to-Peer
    Networks, Proc. Workshop on "Deception, Fraud and
    Trust in Agent Societies" at the Autonomous
    Agents and Multi Agent Systems 2003 (AAMAS-03),
    Melbourne, Australia, July 2003 (full paper, 9pp).

45
References
  1. L. Mui, M. Mohtashemi,Ari Halberstadt, "A
    Computational Model of Trust and Reputation",
    Proceedings of the 35th Hawaii International
    Conference on System Sciences 2002
  2. A. Abdul-Rahman and S. Hailes, "A Distributed
    Trust Model", in Proceedings of the New Security
    Paradigms Workshop, ACM, 1997.
  3. Wang Y., Vassileva J. (2003) Bayesian
    Network-Based Trust Model, Proc. of IEEE
    International Conference on Web Intelligence (WI
    2003), October 13-17, 2003, Halifax, Canada
  4. W.Winsborough,K.Seamons,and V.Jones. Automated
    Trust Negotiation. In DARPA Information
    Survivability Conference and Exposition , Hilton
  5. A. Abdul-Rahman and S. Hailes. Supporting trust
    in virtual communities. In 33rd Annual Hawaii
    International Conference on System Sciences
    (HICSS-33), 2000.

46
References
  1. Peer Trust. http//disl.cc.gatech.edu/PeerTrust
  2. Heckerman, D. A Tutorial on Learning with
    Bayesian Networks, Microsoft Research report
    MSR-TR-95-06, 1995
  3. Song Ye Makedon, F. Ford, J. Collaborative
    automated trust negotiation in peer-to-peer
    systems. Peer-to-Peer Computing, 2004.
    Proceedings. Proceedings. Fourth International
    Conference on 25-27 Aug. 2004 Page(s)108 115
  4. D. W. MANCHALA, E-Commerce Trust Metrics and
    Models, IEEE Internet Computing, April 2000
  5. K. Aberer, Z. Despotovic, Managing Trust in a
    Peer-2-Peer Information System. Proceedings of
    the Tenth International Conference on Information
    and Knowledge Management 2001
  6. Wang Y. Vassileva J. (2003) Trust and Reputation
    Model in Peer-to-Peer Networks, Proc. of IEEE
    Conference on P2P Computing, Linkoeping, Sweden,
    September 2003, IEEE Press, 150-157

47
References
  • F. Azzedin and M. Maheswaran, Trust Modeling for
    Peer-to-Peer based Computing Systems, 12th IEEE
    Heterogeneous Computing Workshop (HCW 2003)
  • WEEKS, S. ,Understanding trust management
    systems. In Proceedings of 2001 IEEE Symposium on
    Security and Privacy. IEEE Computer Society
    Press, 94105, 2001.
  • JIM, T., A trust management system with certified
    evaluation. In Proceedings of the 2001 IEEE
    Symposium on Security and Privacy. IEEE Computer
    Society Press, 106115, 2001
  • Trust negotiation in peer-to-peer systems.
    Technical Report (in progress), 2004, available
    at http//scens.cs.dartmouth.edu.
  • R. Chen and W. Yeager, Poblano A distributed
    trust model for peer-to-peer networks.
    htppsecurity.jxta.org, 2001
  • P. R. Zimmerman (1995) The Official PGP User's
    Guide, Cambridge, Massachusetts MIT Press

48
References
  • R. Khare, A. Rifkin (1997) "Weaving a Web of
    Trust, World Wide Web Journal, 2(3), pp. 77-112.
  • B. Borcherding and M. Borcherding, Efficient and
    Trustworthy Key Distribution in Webs of Trust,
    Computers and Security, vol. 17,no.5, 1998,pp.
    447-454.
  • D. H. McKnight, N. L. Chervany. The Meanings of
    Trust. Technical Report 94-04, Carlson School of
    Management, University of Minnesota, 1996.
  • L. Rasmusson and S. Jansson. Simulated Social
    control for Secure Internet Commerce (position
    paper). In Proceedings, New Security Paradigms
    Workshop, Lake Arrowhead, 1996.
  • A. Abdul-Rahman. The PGP Trust Model. EDI-Forum,
    April 1997
  • Erikson, E. H. Identity Youth and Crisis. W. W.
    Norton, New York, 1968.

49
References
  1. Rosenberg, M. Occupations and Values. Free Press,
    Glencoe, IL, 1957.
  2. Riker, W. H. The Nature of Trust. In J. T.
    Tedeschi (Ed.), Perspectives on social power,
    Aldine Publishing Company, Chicago, 1971, pp.
    63-81.
  3. Shapiro, S P. The social control of impersonal
    trust. American Journal of Sociology (93), 1987,
    pp. 623-658.
  4. Urban, G.L., Sultan, F., and Qualls, W.J. Placing
    Trust at the Center of Your Internet Strategy.
    MIT Sloan Management Review. Vol. 42(1), 2000,
    pp. 39-48.
  5. Geyskens, I., Steenkamp, J-B, E.M., Scheer, L.K.
    and Kumar, N. The effects of trust and
    interdependence on relationship commitment A
    trans-Atlantic study. International Journal of
    Research in Marketing. Vol. 13(4). 1996, pp. 303-
    317.
  6. Gambetta, D. Can we trust trust? In D. Gambetta
    (Ed.), Trust Making and breaking cooperative
    relations. Basil Blackwell. NY, 1988.

50
References
  1. Bowman, E. H. and Hurry, D. Strategy through the
    Option Lens An Integrated view of Resource
    Investments and the Incremental-Choice Process.
    Academy of Management Review. Vol.18(4)., 1993,
    pp. 760-782.
  2. Das, T.K. and Bing-Sheng, T. Between Trust and
    Control Developing Confidence in Partner
    Cooperation in Alliances. The Academy of
    Management Review. Vol. 23(3), 1998, pp. 491-512.
  3. Dawar, N., Parker, P. M. and Price, L. J. A
    cross-cultural study of interpersonal information
    exchange. Journal of International Business
    Studies, Vol. 27(3), 1996, pp. 497-516.
  4. eCommerce Trust Study.. Cheskin Research Studio
    Archtype/Sapient. 1999. online. Available
    http//www.cheskin.com/think/studies/ecomtrust.htm
    l viewed July 30, 2001.

51
References
  • D. M. Rousseau, S. B. Sitkin, R. S. Burt, and C.
    Camerer, "Not so different after all A
    cross-discipline view of trust," Academy of
    Management Review, vol. 23, pp. 393
Write a Comment
User Comments (0)
About PowerShow.com