120 likes | 338 Views
Trust on the Network. What is Trust. Trust is approached differently by different disciplines Economics Rational trust exhibited through behavior Social Capital Internal trust which cannot be directly observed Philosophy Core human need Computer Science Rational extension of trust
E N D
What is Trust Trust is approached differently by different disciplines Economics Rational trust exhibited through behavior Social Capital Internal trust which cannot be directly observed Philosophy Core human need Computer Science Rational extension of trust Trustworthy versus trusted systems
Rational Trust • Trustworthy systems (NAS) • Reliance (Golberg, Hill & Shostack, 2001) • Risk (Camp, 2001) • Transitive (Beth et al 2002)
Trust as Privacy, Security Reliability • Security -- measurable, determinant but not static • Reliability -- measurable, failures detectable • Privacy • Exposure of identifiable information, addressed by anonymity • OR • Exposure of information identified by the data subject as creating risks
Trust in the Network is Both • Privacy • Rational fear of risk e.g., medical privacy • Perception of risk, e.g., self-censorship • Network level: Routing • Rational • Shared trust • Dynamic updates • Motivation to cooperate
Trust Must be Created and Communicated • Users bad security managers • PGP, P3P,…. • Security should necessarily be a default • Does end-to-end security maximize autonomy without end-to-end human abilities and tendencies? • Do users need to be managed or informed?
Irrational Human Trust • Humans may not differentiate between machines • Humans become more trusting of ‘the network’ • Humans begin with too much trust for computers • Confirmed by philosophical macro observation • Confirmed by computer security incidents • E-mail based • Scams • Viruses • Hoaxes • Is the Nigerian Scam a case of flawed security?
Computer security is built for machines • Passwords • Humans are a bad source of entropy • SSL • Two categories: secure and not secure • Does not encourage differentiation • Every site should include a unique graphic with the lock • Computer security should seek to differentiate machines
Privacy standards are built for machines • P3P assumes • All merchants trustworthy w.r.t. their own policies • Assumes increasingly sophisticated user • One standard for all transactions • PGP • Monotonic increase in trust • No reset • No decrease in rate of trust extension • To compensate for increasing trust • No global or local reset • E.g. change in status
Agents and Standards set Trust Levels • Assumes a simple cut-off • People may accept more risk for lower price • Variable trade-offs for different products • Markets have different variables • Medical vs auto markets • Products have intrinsic differences • Open code: games vs government • Trust is too variable in different environments • An example of an inadequate standard
Trust Seals • Not self-verifying • Do users distinguish between trust seals: • PrivacyBird (P3P) • Practices not verified, set of simple policies • Better Business Bureau • Mortar business in good standing with BBB • Truste • Company applies its own privacy policy • No limits on data use • Truste EU • Company complies with EU Data Protection Policies
WHAT TO CONCLUDE? Computer security must be designed with humans in mind - OR - Assuming the human will act like the computer is the core design problem, remove assumptions about humans Is This Possible?