Date post: | 15-Jan-2015 |
Category: |
Technology |
Upload: | george-vanecek |
View: | 97 times |
Download: | 1 times |
Technical background on the
“ Blueprints and Use Cases” - ICDS 2014
Dr. George Vaněček, Jr.(FICO, San Jose, CA, USA)
Deepak Vij, Ishita Majumdar, Naveen Dhar(FutureWei Technologies, Santa Clara, CA, USA)
The Eighth International Conference on Digital SocietiesICDS 2014, Barcelona Spain
Trust?
Trust is one of humanity’s most explicit and intrinsic social cognitions, yet within the digital world its mostly static, over simplified and generally not negotiable!?
Trust is the extent to which a trustor is willing to depend on something or someone (a trustee) in a given situation, even though negative consequences are possible.
! ?
The Untrustworthy Internet?
“Billions of people around the world do not trust the Internet”,
- claims European Commission vice-president Neelie Kroes.
“The future of internet was based on trust…Trust can never again be taken for granted.”
- March 2014, BBC
• 98% of Americans distrust the Internet• 56% fear on-line information is outdated• 53% feel the information is self-promotional• 45% feel unfamiliar with the sources
- Harris Interactive MRF, 2012
Human/Computer Co-evolution
People per
Com
puter
Computers Today
adapte
d f
rom
: F.
Matt
ern
, D
agst
uhl 2
00
2
50B+ interconnectedsensors, actuators, and intelligent, autonomous,and individualized devices, supported by massive cloud services.
Simple ComplexTrust
Many People per One Computer
One Computer for One Person
Many Computers for Everyone
Rising Problem for EnterprisesPeople and organizations will need to adopt a more flexible access policy to remain competitive yet open.
A company wants to enable employee and guest access from anywhere at anytime, but also meet compliance reviews and protect company data.
An employee wants access to corporate data and services anytime, anywhere (multiple employers or public sites) on any devices while protecting his/her privacy.
! !
By 2014, 80% of mobile professionals will use at least two personal devices to access corporate systems and data.
A device needs to know who and what to trust when, where, and why.
?
Internet and IoT Security Models need to adopt to new Trust Management Systems
Most of today’s security infrastructure is static and perimeter-centric with policies that are restrictive and insular.
This is no longer sufficient in an environment that is highly dynamic, multi-sourced and virtualized, and where consumer-oriented IT is increasingly used in lieu of enterprise-owed, provisioned systems.
Trust Management System Overview
A Logical Trust Network maintains entities and trust relationships between those entities
Trust values for a trustee are determined from the combined scores of a trustor’s
1. Evidence: trust values based on directly scoring of tracked evidence
2. Reputation: trust value based on indirect recommendations.
The Logical Trust Network is redundantly distributed over a topology of
1. Trust Agents: decentralized set of peers in a P2P topology
2. Trust Brokers: a centralized 3rd-party set of trust brokers
Where an entity and its adjacent relationship may appear differently in more than one agent or broker.
Current vs. Trust-based Interactions
Users
Public Devices
Personal Devices
Organizations
Service and Content Providers
Trust Relationship
TrustIndex
Inferred Trust
Relationship
Client Server
Req.
Resp.
Trust? Trustee
Req.
Truster
Logical TrustNetwork
IdP
Authentication and AuthorizationBased on Membership
Auth
?
?
yes
yes
Resp.
Auth
IdP
Today
Logical Trust Network
A digraph of nodes (i.e., entities) and directed edges (e.g., relationships), where
An entity is any person, place or thing with a distinct existence that needs to trust or be trusted by other entities.
Users
Public Devices
Personal Devices
Organizations
Service and Content Providers
Trust Relationship
TrustIndex
Inferred Trust
Relationship
Entities need not have unique identities; in their absence, their identities may be probabilistically resolved from their attributes.
Entities are contextually structured, and relationships are granularly scored…
Trust needs to differentiate an entity by its context(s) that change with time
Father
Consultant Employee
Teacher
Tourist
MotoHobbyist
Volunteer
EntityCijk
• Entity i
• Context j
• Version k
t
Entity Contexts change/are-created over Time by Events
Entity’s Current Contexts
Versioning from C000 to C001
Contextual Events CauseContext Evolution, e.g.,
Branching from C000 to C010
Describing Entities and their Contexts A context is a set of unique attributes
{(n0,v0,r0), …}An attribute is a tuple of n-name, v-value, r-unique attribute identifier,e.g., (“Name.Last”, “Smith”, “org:w3c:etc:context:…:name”) Attributes represent entities characteristics, configurations,
scenarios, locations, times, roles, etc.
Contexts are immutable. They may change or split. Their changes represent subsequent contexts in the entity’s context tree.
Entities are defined as the collection of their contexts at any given time t, e.g., e0t = (C011, C020, C030).
Situations differentiate contexts…
Situations identify Contexts
Father
ConsultantEmployee
Teacher
TouristHobbyist Volunteer
TrustorContexts
Walking in a park with daughter
Riding with a group of motorcycle club
members
Working on a patent with coworkers
Situations are represented by attribute sets
Mapping function mapssituations to contexts
Trust Relationships Connect Contexts
Edges in the Logical Trust Network represent direct trust relationships.
Indirect and derived relationships may be temporarily cached for auditing and verification but typically not persisted permanently.
Trustor contexts needs evidence (e.g., mutable performance profile) to prove trustworthiness
Trust Relationships
A trust relationship R is defined as a set of
scoring attributes
R(Ci, Cj) = {a0, …, am}
from Context Ci of Entity i to the Context Cj of
Entity j where a scoring attribute
an = (n, α, r, sn)
holds a score value 0≤α≤1 defined by a scoring
function over the jth evidence Dj
Sn(Dj) = α
An example is(“gradRatio”, 0.87, “org:shool:…:gradRatio”,
graduated/enrolled)
Ci
Cj Dj
Trustor
Trustee
R(Ci, Cj )
Closer look at the Logical Trust NetworkT
ime
Entity
Conte
xt
Now
TrustBroker
Truster
Trustee
Entity
CurrentContexts
Relationship
Evidence
Scores
Situation
ContextDetermination
Trust Belief Policy
A believe policy B is defined as a set of belief attributes qn
that reference score attributes asB = { qn | qn = (n, β) }
where n is the name of a score attribute, and β is a score threshold 0 ≤ β ≤ 1 and
∨qn c B, an c Re.g., (“GradRatio”, 0.85)
I trust until trust is broken
I distrust until trust is earned
Boolean Trust for an Explicit Relationship
Trust questions must be answered as “yes” or “no”.
Given a trust relationship R and a belief policy B, R represents trust based on direct evidence only if
Combining evidence-based trust with jth reputation, Uj, yields
Other trust determination functions can be formulated from the Logical Trust Network model…
Score
Expected score threshold
Open Problems
• Do we need a new identity ecosystem for all people, places
and things to manage trust on the Internet?
E.g., National Strategy for Trusted Identities in Cyberspace
(NSTIC) • Need algorithms to maintain and create entities’ contexts• How do trust brokers collect evidence?• Need tools for trustors to maintain their beliefs and
relationships.• Need to define a general and extensible taxonomy for attribute
names?• How do we define and share scoring functions?• How do we secure the Logical Trust Network?• How do we protect entity’s privacy while allowing sharing?
Summary
I. A generalized trust management system is needed to
address current aging security and privacy issues.
II. The evolution of IT into ICT and hybrid enterprise/public
services needs trust.
III. The digital world can no longer ignore trust.
IV. Its time for the computer science and security
communities to formalize and deploy a trust system in the
future Internet.
Thank [email protected]