Upload
alexandra-carpenter
View
217
Download
1
Embed Size (px)
Citation preview
Trust Models Presentation
Trust ModelsTrust Models
Vishwas Patil, TIFR. 2/100Trust Models Presentation
Trust Models: IntroductionTrust Models: Introduction
What is Trust ? assured reliance on the character, ability, strength, or
truth of someone or something. [Webster] The confidence that participants in commerce have that
their activities (transactions and other exchanges of information, goods, and services) will be protected and conducted as intended.
Real World v/s Internet Seeing is believing - in real world ? - Internet
Vishwas Patil, TIFR. 3/100Trust Models Presentation
Trust Models: Why is it required ?Trust Models: Why is it required ?
While transacting over the Internet, the entities need to trust each other at various stages of the transaction. So the entities specifically :-
1. Trust that the other entity is really who it claims to be2. Trust the process and mechanisms by which they exchange
information3. Trust the actual information exchanged4. Trust the negotiation process and final contract5. Trust that the other party will complete its contract and not
defect
Vishwas Patil, TIFR. 4/100Trust Models Presentation
Trust Models: Overview/RelatedTrust Models: Overview/Related
PGP Web of Trust
X.509 Direct Cross-certification 2-tier hierarchy Hub certification authority Hub authentication authority
SPKI/SDSI Local trust domain
Vishwas Patil, TIFR. 5/100Trust Models Presentation
Trust Models: Trust Models:
Trust that the other entity is really who it claims to beAUTHENTICATION / AUTHORIZATION
Trust the process and mechanisms by which they exchange information
ENCRYPTION
Trust the actual information exchangedDATA INTEGRITY
Trust the negotiation process and final contractDIGITAL SIGNATURE
Trust that the other party will complete its contract and not defect
NON-REPUDIATION
How does these technologies (PKIs) help?
Vishwas Patil, TIFR. 6/100Trust Models Presentation
Trust Models: Constituents of TrustTrust Models: Constituents of Trust
Authentication Message Confidentiality Message Integrity Non-Repudiation Transparent Process Traceability and Accountability
Vishwas Patil, TIFR. 7/100Trust Models Presentation
Trust Models: Enhancing TrustTrust Models: Enhancing Trust
Social FactorsInvoke and establish trust
Organizational and Procedural FactorsEnable trust
TechnologyEnable and enforce trust
Legal SystemsEnforce trust
Vishwas Patil, TIFR. 8/100Trust Models Presentation
Trust Models: Design Trust Models: Design
Organizational Reputation Model Trusted Communities
• Localize trust• Allow continuous changes in the trust relationships amongst the users
of a local domain• Allow the administrators of local domains to establish / abolish the
relations with other domains as and when required• Support mechanism to express intentional transitivity of trust• These characteristics can be achieved under SPKI/SDSI framework.
Certification for trust• Involves reputation, so responsibility / accountability.
Legal Enforcement Trust in Unenforced Environment
• Mechanism like Secret-Sharing will help.
By Imitating real world practices in the digital world
Vishwas Patil, TIFR. 9/100Trust Models Presentation
Trust Models: DiscussionTrust Models: Discussion
PolicyMaker KeyNote PGP, X.509 SPKI/SDSI