Trust Models Presentation

Trust ModelsTrust Models

Vishwas Patil, TIFR. 2/100Trust Models Presentation

Trust Models: IntroductionTrust Models: Introduction

What is Trust ? assured reliance on the character, ability, strength, or

truth of someone or something. [Webster] The confidence that participants in commerce have that

their activities (transactions and other exchanges of information, goods, and services) will be protected and conducted as intended.

Real World v/s Internet Seeing is believing - in real world ? - Internet

Vishwas Patil, TIFR. 3/100Trust Models Presentation

Trust Models: Why is it required ?Trust Models: Why is it required ?

While transacting over the Internet, the entities need to trust each other at various stages of the transaction. So the entities specifically :-

1. Trust that the other entity is really who it claims to be2. Trust the process and mechanisms by which they exchange

information3. Trust the actual information exchanged4. Trust the negotiation process and final contract5. Trust that the other party will complete its contract and not

defect

Vishwas Patil, TIFR. 4/100Trust Models Presentation

Trust Models: Overview/RelatedTrust Models: Overview/Related

PGP Web of Trust

X.509 Direct Cross-certification 2-tier hierarchy Hub certification authority Hub authentication authority

SPKI/SDSI Local trust domain

Vishwas Patil, TIFR. 5/100Trust Models Presentation

Trust Models: Trust Models:

Trust that the other entity is really who it claims to beAUTHENTICATION / AUTHORIZATION

Trust the process and mechanisms by which they exchange information

ENCRYPTION

Trust the actual information exchangedDATA INTEGRITY

Trust the negotiation process and final contractDIGITAL SIGNATURE

Trust that the other party will complete its contract and not defect

NON-REPUDIATION

How does these technologies (PKIs) help?

Vishwas Patil, TIFR. 6/100Trust Models Presentation

Trust Models: Constituents of TrustTrust Models: Constituents of Trust

Authentication Message Confidentiality Message Integrity Non-Repudiation Transparent Process Traceability and Accountability

Vishwas Patil, TIFR. 7/100Trust Models Presentation

Trust Models: Enhancing TrustTrust Models: Enhancing Trust

Social FactorsInvoke and establish trust

Organizational and Procedural FactorsEnable trust

TechnologyEnable and enforce trust

Legal SystemsEnforce trust

Vishwas Patil, TIFR. 8/100Trust Models Presentation

Trust Models: Design Trust Models: Design

Organizational Reputation Model Trusted Communities

• Localize trust• Allow continuous changes in the trust relationships amongst the users

of a local domain• Allow the administrators of local domains to establish / abolish the

relations with other domains as and when required• Support mechanism to express intentional transitivity of trust• These characteristics can be achieved under SPKI/SDSI framework.

Certification for trust• Involves reputation, so responsibility / accountability.

Legal Enforcement Trust in Unenforced Environment

• Mechanism like Secret-Sharing will help.

By Imitating real world practices in the digital world

Vishwas Patil, TIFR. 9/100Trust Models Presentation

Trust Models: DiscussionTrust Models: Discussion

PolicyMaker KeyNote PGP, X.509 SPKI/SDSI