Towards a Theory of Trust in Networks of Humans and Computers

We argue that a general theory of trust in networks of humans and computers must be build on both a theory of behavioral trust and a theory of computational trust. This argument is motivated by increased participation of people in social networking, crowdsourcing, human computation, and socio-economic protocols, e.g., protocols modeled by trust and gift-exchange games [3, 10, 11], norms-establishing contracts [1], and scams [6, 35, 33]. User participation in these protocols relies primarily on trust, since on-line verification of protocol compliance is often impractical; e.g., verification can lead to undecidable problems, coNP complete test procedures, and user inconvenience. Trust is captured by participant preferences (i.e., risk and betrayal aversion) and beliefs in the trustworthiness of other protocol participants [11, 10]. Both preferences and beliefs can be enhanced whenever protocol non-compliance leads to punishment of untrustworthy participants [11, 23]; i.e., it seems natural that betrayal aversion can be decreased and belief in trustworthiness increased by properly defined punishment [1]. We argue that a general theory of trust should focus on the establishment of new trust relations where none were possible before. This focus would help create new economic opportunities by increasing the pool of usable services, removing cooperation barriers among users, and at the very least, taking advantage of “network effects.” Hence a new theory of trust would also help focus security research in areas that promote trust-enhancement infrastructures in human and computer networks. Finally, we argue that a general theory of trust should mirror, to the largest possible extent, human expectations and mental models of trust without relying on false methaphors and analogies with the physical world.

[1]  Ernst Fehr ON THE ECONOMICS AND BIOLOGY OF TRUST , 2009 .

[2]  A. Jøsang,et al.  Challenges for Robust Trust and Reputation Systems , 2009 .

[3]  Adrian Perrig,et al.  Flooding-resilient broadcast authentication for VANETs , 2011, MobiCom.

[4]  Joyce E. Berg,et al.  Trust, reciprocity and social history’, Games and Economic Behaviour, . , 1995 .

[5]  Bo-Yin Yang,et al.  GAnGS: gather, authenticate 'n group securely , 2008, MobiCom '08.

[6]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[7]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[8]  Virgil D. Gligor,et al.  On inter-realm authentication in large distributed systems , 1991, Proceedings. 25th Annual 1991 IEEE International Carnahan Conference on Security Technology.

[9]  Akbar Zaheer,et al.  Landmark Papers on Trust , 2008 .

[10]  Butler W. Lampson,et al.  A Global Authentication Service without Global Trust , 1986, 1986 IEEE Symposium on Security and Privacy.

[11]  Armin Falk,et al.  A Theory of Reciprocity , 2001, Games Econ. Behav..

[12]  Hung-Min Sun,et al.  SPATE: Small-Group PKI-Less Authenticated Trust Establishment , 2010, IEEE Transactions on Mobile Computing.

[13]  Panagiotis Papadimitratos,et al.  On Data-Centric Trust Establishment in Ephemeral Ad Hoc Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[14]  H. Simon,et al.  Rational choice and the structure of the environment. , 1956, Psychological review.

[15]  Virgil D. Gligor,et al.  Brief Encounters with a Random Key Graph , 2009, Security Protocols Workshop.

[16]  Frank Stajano,et al.  Understanding scam victims , 2011, Commun. ACM.

[17]  Audun Josang Robustness of Trust and Reputation Systems , 2010, 2010 Fourth IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshop.

[18]  D. D. de Quervain,et al.  The Neural Basis of Altruistic Punishment , 2004, Science.

[19]  Adrian Perrig,et al.  Seven cardinal properties of sensor network broadcast authentication , 2006, SASN '06.

[20]  A. Tversky,et al.  Prospect theory: an analysis of decision under risk — Source link , 2007 .

[21]  John S. Baras,et al.  On Trust Establishment in Mobile Ad-Hoc Networks , 2002, Security Protocols Workshop.

[22]  A. Tversky,et al.  Prospect theory: analysis of decision under risk , 1979 .

[23]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[24]  A. Zaheer,et al.  Handbook of Trust Research , 2006 .

[25]  Martín Abadi,et al.  Authentication in distributed systems: theory and practice , 1991, SOSP '91.

[26]  Peter Marbach A lower-bound on the number of rankings required in recommender systems using collaborativ filtering , 2008, 2008 42nd Annual Conference on Information Sciences and Systems.

[27]  Butler W. Lampson,et al.  Usable Security: How to Get It , 2009 .

[28]  Akira Yamada,et al.  RelationGrams: Tie-Strength Visualization for User-Controlled Online Identity Authentication (CMU-CyLab-11-014) , 2011 .

[29]  Ernst Fehr,et al.  Neuroeconomic Foundations of Trust and Social Preferences , 2005, SSRN Electronic Journal.

[30]  E. Fehr,et al.  Neuroeconomic Foundations of Trust and Social Preferences: Initial Evidence. , 2005, The American economic review.

[31]  Butler W. Lampson Privacy and securityUsable security , 2009, Commun. ACM.

[32]  Akbar Zaheer,et al.  Book Review Symposium: Handbook of Trust Research, edited by Reinhard , 2008 .

[33]  Mahadev Satyanarayanan,et al.  Rapid Trust Establishment for Pervasive Personal Computing , 2007, IEEE Pervasive Computing.

[34]  Michael Howard,et al.  Measuring Relative Attack Surfaces , 2005 .

[35]  Nicolas Christin,et al.  Dissecting one click frauds , 2010, CCS '10.

[36]  J. Doug Tygar,et al.  Computer Security in the 21st Century , 2010 .

[37]  Virgil D. Gligor,et al.  Towards a theory of penetration-resistant systems and its applications , 1991, Proceedings Computer Security Foundations Workshop IV.

[38]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[39]  Joyce E. Berg,et al.  Trust, Reciprocity, and Social History , 1995 .

[40]  Virgil D. Gligor,et al.  On Inter-Realm Authentication in Large Distributed Systems , 1993, J. Comput. Secur..

[41]  David Clark,et al.  The End-to-End Argument and Application Design: The Role of Trust , 2007 .