Trust
Prakash Kolan
Srikanth Palla
Trust
Trust is a social good to be protected just as much as the air
we breathe or the water we drink. When it is damaged, the
community as a whole suffers; and when it is destroyed,
societies falter and collapse“
- Sissela Bok,
"Lying: Moral Choice in
Public and Private Life", 1978
Introduction

Internet
–
–
–

The Internet of the past is one of limited services and a fixed set of users,
mainly academics and scientists
From this, it has developed into a pervasive utility, playing host to a vast
range of services
High volume transactions and online activity everyday.
With all this comes greater uncertainty and risk arising from the
intentional hostility or carelessness of on-line entities.
–
Existing examples of the risks include viruses and Trojan horses, applets
and macros embedded in documents, subverted databases of sensitive
financial information, etc[7]
Introduction

The open and pervasive nature of Internet

No central authority for monitoring system activity

Improper maintenance of host and network security coupled with end
host vulnerabilities in context of huge volume host interactions

The level of expertise and experience required to recognize potential
risk in every on-line interaction is currently beyond the ability and
resources of the average user

To help with this situation, users must be given the ability to assess the
trustworthiness of entities it encounters.
Introduction

Current security technology provides us with some capability to build
in a certain level of trust into our communication.
–
–
–


cryptographic algorithms for privacy and digital signatures
signatures, authentication protocols for proving authenticity
access control methods for managing authorization.
These methods cannot manage the more general concept of
‘trustworthiness’.
Cryptographic algorithms, for instance, cannot say if a piece of
digitally signed code has been authored by competent programmers
and a signed public-key certificate does not tell you if the owner is an
industrial spy
Trust can be defined as…

Trust may be regarded as a judgment made by the user, based on
general experience learned from being a consumer and from the
perception of a particular merchant[4]

Trust – an agent’s belief in another agent’s capabilities, honesty and
reliability based on its own direct experiences[5]
Trust can be defined as…

Assured reliance on the character, ability, strength, or truth of
someone or some thing” [1]

As “confidence in or reliance on some quality or attribute of a person
or thing, or the truth or a statement[2]

Trust indicates a positive belief about the perceived reliability of,
dependability of, and confidence in a person, object, or process”[3]
Preconditions for Trust
In order for trust to be relevant in a particular situation, two conditions
must be present.

Dependence of the trustor on the trustee. This dependence entails two
things[39]

–
The trustor has a particular need to fulfill
–
The trustee possesses the potential to satisfy this need
The Risk for the above Dependence
–
The trustor possesses uncertainty about the outcomes and
vulnerability to a potential loss if the outcomes are undesirable.
Principles of Trust
Principle 1: Trust depends on identity.
–
–
Trust accrues over time between individuals and companies that build
a shared history of positive interactions.
Trust depends on identity, the condition of being distinguishable from
others, for without identity there is no way to group together separate
interactions into a history.
Principle 2: Trust is based on information[32]
–
–
To trust someone or some organization one must first “get to know
them”.
The information required to “know” another party has many
dimensions as it must capture knowledge about complex behaviors
surrounding issues such as privacy, reliability and past performance.
Principles of Trust
Principle 3: Trust is a function of the perception of risk.
–
–

Trust is a belief or expectation that the word or promise by other agent can
be relied upon and will not take advantage of the his vulnerability[33]
Risk is the core of trust in that trust is the degree to which a truster holds a
positive attitude toward the trustee’s goodwill and reliability in a risky
exchange situation[34]
Principle 4: Trust deepens over time and with increased
reciprocity.
–
–
Trust is intimately associated with risk and when a trustee realizes that a
truster has taken considerable risk in trusting them, they tend to be
motivated to behave in a trustworthy manner.
do not blindly take unjustified risk in the hope of developing a trustful
relationship but rather adopt a gradual approach in which partners start
with limited incremental investment when risk and uncertainly levels are
high[35]
Principles of Trust
Principle 5: Trust is a matter of degree
–
–
There is no such thing as blanket trust
trust can be defined as the degree to which the truster holds a positive
attitude toward the trustee’s goodwill and reliability in a risky exchange
situation[36]
Principle 6: Culture affects trust.
–
–
The fundamental bases of trust varies across nationalities
Agents coming from individualistic countries having a higher trusting
stance in general and being more willing to base their trust in other agents
on factors that are inferred from an impersonal Web site than agents from
collectivist countries[37]
Principles of Trust
Principle 7: Third party ratings are important in developing trust.
–
–
Trust is affected not only via first hand interaction, but also by the opinions of
other parties.
An important source of opinions is trusted third parties. In the offline world such
parties include organizations such as the Better Business Bureau, Consumer
Reports, and the media in general who render “expert” opinions based on
research[37]
Principle 8:Second party opinions are important in developing
trust.
–
–
Trust can also be affected by the opinions of second parties that have had
experience in conducting similar transactions.
Such parties are synonymous to friends and family in offline world.
Principles of Trust
Principle 9: First party information is important in developing
trust.
–
–
First party information, i.e., information that the party provides concerning
themselves is critical to developing trust online.
The first party needs to clearly present information about their services (e.g.,
delivery methods, insurance, payment methods), policies (e.g., privacy, security,
returns) and products (e.g., description, pricing, availability).
Principle 10: Formal and social controls are important in
developing trust.
–
–
Formal controls employ codified rules, goals, procedures and regulations that
specify desired patterns of behavior[36]
social controls use organizational and cultural values and norms to encourage
desirable behavior. Social controls in alliances often take the form of
socialization, interaction and training[36]
Trust Typology

Interpersonal Trust
Trust an agent has in other agent directly. It is agent and context specific
[25]. For example Alice may trust a specific agent Bob the Mechanic in
the specific context of servicing her car but not in the context of
babysitting her children.

System Trust or Impersonal Trust
Trust that is not based on any property or state of the trustee but rather on
the perceived properties or reliance on the system or institution within
which that trust exists. E.g.; The monetary system

Dispositional Trust
Sometimes referred to as one’s ‘basic trust’, describes the general
trusting attitude of the truster. A sense of basic trust, which is a
pervasive attitude toward oneself and the world” [25].
A Typology of Related Trust
Constructs


Trust can be categorized into different conceptual types, such as
attitudes, beliefs, behaviors, and dispositions. It could be even
categorized as reflecting different referents: trust in something, in
someone, or in a specific characteristic of someone (e.g., one’s
honesty).
Based on above, an interdisciplinary model of trust types can be
defined
– Disposition to Trust
– Institution-based Trust
– Trusting Beliefs
– Trusting Intention
Interdisciplinary trust
constructs model
Disposition to trust


The extent to which one displays a consistent tendency to be willing
to depend on general others across a broad spectrum of situations and
persons[28].
Sub-Constructs
– Faith in Humanity[29]


–
Refers to underlying assumptions about people
one assumes others are usually upright, well-meaning, and
dependable
Trusting Stance[30]
Means that, regardless of what one assumes about other people
generally, one assumes that one will achieve better outcomes by dealing
with people as though they are well-meaning and reliable.
Institution Based Trust



One believes the needed conditions are in place to enable one to
anticipate a successful outcome in an endeavor or aspect of one’s life
Comes from the sociology tradition that people can rely on others
because of structures, situations, or roles that provide assurances that
things will go well.
Sub Constructs
– Structural Assurance[31]
One believes that success is likely because guarantees, contracts,
regulations, promises, legal recourse, processes, or procedures are in
place that assure success
–
Situational Normality
One believes that success is likely because the situation is normal or
favorable.
Trusting Beliefs


One believes (and feels confident in believing) that the other person
has one or more traits desirable to one in a situation in which negative
consequences are possible.
Sub constructs
– Competence
One believes the other person has the ability or power to do for one what
one needs done.
–
Benevolence
One believes the other person cares about one and is motivated to act in
one’s interest
–
Integrity
One believes the other person makes good faith agreements, tells the
truth, and fulfills promises
–
Predictability
one believes the other person’s actions (good or bad) are consistent
enough that one can forecast them in a given situation
Trusting Intentions


One is willing to depend on, or intends to depend on, the other person
in a given task or situation with a feeling of relative security, even
though negative consequences are possible.
Sub Constructs
– Willingness to depend
one is volitionally prepared to make oneself vulnerable to the other
person in a situation by relying on them
–
Subjective probability of Depending
the extent to which one forecasts or predicts that one will depend on the
other person
Example E-commerce
Relationship Trust Model
Different methods


Trust models in peer-to-peer networks
Trust models on the semantic web
Trust models in Peer-to-peer N/w

Decentralized Peer to Peer (P2P) networks offer both opportunities
and threats.

Its open and decentralized nature makes it extremely susceptible to
malicious users spreading harmful content like viruses, trojans or,
even just wasting valuable resources of the network.

In order to minimize such threats, the use of community-based
reputations as trust measurements is fast becoming a de-facto standard

The idea is to dynamically assign a trust rating for each peer and the
peers can communicate among themselves based on the peer trust
rating.
Trust Models in Peer-to-peer N/w

Bayesian Network-Based Trust Model in Peer-to-Peer Networks[5]
–
Represents a differentiated trust model as trust differs for different peers at
different instances and situations
–
Depending on the situation, a peer may need to consider its trust in
a specific aspect of another peer’s capability or in multiple aspects.
–
It employs Bayesian network concepts for providing flexible
methods for deducing these differentiated trust values.
Trust Models in Peer-topeer networks

Collaborative Automated Trust Negotiation in Peer-to-Peer
Systems[13]
–
–
–
–
–
Many of the users are reluctant to do high volume transactions over the
internet as the security issues posed by the P2P systems are severe and
daunting
Investigates building trust by automated trust negotiations.
These trust negotiations help in proving that a peer satisfies certain trust
requirements.
The peers in the peer-to-peer networks build trust relationships among
each other by collaboratively negotiating their credentials
These trust negotiations can be used along with reputation systems to
build efficient P2P trust systems.
Trust Networks on the
Semantic Web
"Trust" is a word that has come to have several very specific definitions on the
Semantic Web. Much research has focused on authentication of resources,
including work on digital signatures and public keys. Confidence in the source
or author of a document is important, but trust, in this sense, ignores many
important points. Just because a person can confirm the source of documents
does not have any explicit implication about trusting the content of those
documents.
Introduction
Here we are going to addresses “trust” as credibility or reliability in a much more
human sense. It opens up the door for questions like “how much credence
should I give to what this person says about a given topic,” and “based on what
my friends say, how much should I trust this new person?"
Introduction
we will discusses how to build a meaningful social network from the
architecture of the semantic web, and how it conveys meaning about the
structure of the world. We describe a sample algorithm for computing trust in a
network.
Networks on the
Semantic Web
Studying the structure of the hypertext web can be used to find community
structure in a limited way. A set of pages clustered by hyperlinks may indicate a
common topic among the pages, but it does not show more than a generic
relationship among the pages. Furthermore, pages with fewer outgoing links are
less likely to show up in a cluster at all because their connectance is obviously
lower. These two facts make it difficult for a person to actually see any
relationship among specific concepts on the web as it currently stands –
classification is not specific enough, and it relies on heavy hyperlinking that
may not be present.
The Semantic Web changes this. Since the semantic data is machineunderstandable, there is no need to use heuristics to relate pages. Concepts in
semantically marked up pages are automatically linked, relating both pages and
concepts across a distributed web
Implementation
The semantic web of trust requires that users describe their beliefs about others.
Once a person has a file that lists who they know and how much they trust
them, social information can be automatically compiled and processed.
Requirments
The Internet provides an easy way to set up shops and conduct commerce at any
place in the world. Vendors can thus sell goods and conduct commerce on the
Internet. Most of the time customers use the Internet commerce mechanism to order
goods and pay for the transaction through a credit card (extending the so called
mail -order, phone order to Internet-order). In order to secure the transmission of
credit card numbers customers could send it encrypted using protocols such as
Secure Sockets Layer (SSL) until implementations of special payment protocols
like Secure Electronic Transactions (SET) or Joint Electronic Payment Initiative
(JEPI) become available.
Requirments
It is important that transactions be atomic. In other words, the entire transaction
should be carried out in a fault tolerant way such that no party involved in the
transaction may be put at a loss after the completion of the transaction i.e., the
vendor should not feel cheated by having not received payment for goods sold, nor
the customer feel cheated for not having received goods for payment made.
Electronic commerce protocols have been designed to provide this kind of ECatomicity. However, these protocols have not been equipped with mechanisms to
protect a vendor from a customer who makes a fraudulent payment or a customer
from a vendor who supplies low quality or garbage goods. In other words, these
protocols need to be equipped with suitable trust mechanisms i.e., they should be
strengthened by adding a non-repudiable context to the transaction protocol.
Measurement of Trust
Eventhough the quantitative measurement of trust cannot be adequately performed,
several variables on which trust depends could be used to define trust. These
variables in turn influence actions taken by a transacting entity. Certain parameters
modify trust actions.
Trust Variables
Cost
of Transaction
Transaction
Customer
History
Loyalty
Indemnity
Spending
Pattern
Cost of Transaction
Careful customers pay attention to the price and quality of goods. Expensive items
are bought after careful thought and consumer report analysis. Vendors make sure
that the money offered for the item is not counterfeit, that the buyer has enough
funds in his bank account or on his credit card. Risk is based on cost of goods. For
example, a vendor may not be concerned on losing revenue on a single microtransaction. (A micro-transaction is one that has negligible cost value like a tenth of
a cent to a cent). This is a micro-risk transaction. As the cost of the transaction
increases or the number of such micro-transactions increase, vendors pay attention
to revenues and income on such transactions.
Transaction History
Transaction history is similar to a person’s credit history. Just as a person’s credit
history is checked before issuing a loan, or before increasing the credit limit on his
card, a person’s transaction history measures trust and is consulted for evaluating
transactions. For example, questionable customers who always complain that they
receive outdated stock information, might need a non-repudiated proof of
verification. This could be in the form of a time-stamped receipt of stock
information.
Customer Loyalty
It is a well known practice in commercial establishments that they tend to provide
several benefits in the form of awards, mileage points, etc. to customers who show
them loyalty. A frequent buyer will be treated with greater trust than a stranger.
Indemnity
If a trusted intermediary stands as a guarantee against loss, then there is an increase
in trust level of the transaction.
Spending Pattern
If a customer’s host is compromised or if someone steals the customer’s smart card,
or currency, one could notice a suspicious activity by observing the spending
pattern.
Conclusion

Trust is a complex and multi-dimensional phenomenon.

The human perception of trust is a core ingredient in any online transaction,
and future electronic systems must support trust services to gain loyalty at
both ends.

Trust is many faceted form of human behavior. Ask people why they trust an
individual or company and you will receive an enormous range of answers. In
many cases you will find that people cannot even articulate the inner
workings of their own trust processes.
Conclusion

The trust principles presented represent aspects of trust that need to be
addressed when building infrastructure to support online trust.

We have discussed the conceptual level constructs which consist of
Disposition to Trust (from Psychology), Institution-based Trust (from
Sociology), and Trusting Beliefs and Trusting Intentions (from Social
Psychology).

The typology of trust constructs helps address conceptual confusion by
representing trust as a coherent set of four constructs and ten sub constructs.
Conclusion

Enabling peers to develop trust among themselves is important in a peer-topeer system where resources (either computational, or files) of different
quality are offered.

It will become increasingly important in systems for peer-to-peer
computation, where trust can provide a way for protection of unreliable,
buggy, infected or malicious peers

If we are to create online environments in which trading relationships are as
easy to navigate, we will need to evolve rich and varied forms of online trust
infrastructure and address numerous business, technical, social and legal
issues.
References
1.
2.
3.
4.
5.
Merriam-Webster. Merriam-Webster Online Merriam-Webster, Inc., 2002.
URL: http://www.m-w.com
Oxford. Oxford English Dictionary. Oxford University Press, 2nd edition,
1989
Ben Shneiderman. Designing Trust into Online Experiences. Communications
of the ACM, 43(12):57–59, December 2000
Derek Sisson. ecommerce. URL:
http://www.philosophe.com/commerce/ecommerce.html, February 2000
Wang, Y., Vassileva J. (2003) Bayesian Network-Based Trust Model in Peerto-Peer Networks, Proc. Workshop on "Deception, Fraud and Trust in Agent
Societies" at the Autonomous Agents and Multi Agent Systems 2003
(AAMAS-03), Melbourne, Australia, July 2003 (full paper, 9pp).
References
6.
7.
8.
9.
10.
L. Mui, M. Mohtashemi,Ari Halberstadt, "A Computational Model of Trust
and Reputation", Proceedings of the 35th Hawaii International Conference
on System Sciences – 2002
A. Abdul-Rahman and S. Hailes, "A Distributed Trust Model", in
Proceedings of the New Security Paradigms Workshop, ACM, 1997.
Wang Y., Vassileva J. (2003) Bayesian Network-Based Trust Model, Proc.
of IEEE International Conference on Web Intelligence (WI 2003), October
13-17, 2003, Halifax, Canada
W.Winsborough,K.Seamons,and V.Jones. Automated Trust Negotiation. In
DARPA Information Survivability Conference and Exposition , Hilton
A. Abdul-Rahman and S. Hailes. Supporting trust in virtual communities. In
33rd Annual Hawaii International Conference on System Sciences (HICSS33), 2000.
References
11.
12.
13.
14.
15.
16.
Peer Trust. http://disl.cc.gatech.edu/PeerTrust
Heckerman, D. “A Tutorial on Learning with Bayesian Networks”,
Microsoft Research report MSR-TR-95-06, 1995
Song Ye; Makedon, F.; Ford, J.; Collaborative automated trust negotiation
in peer-to-peer systems. Peer-to-Peer Computing, 2004. Proceedings.
Proceedings. Fourth International Conference on 25-27 Aug. 2004
Page(s):108 – 115
D. W. MANCHALA, E-Commerce Trust Metrics and Models, IEEE
Internet Computing, April 2000
K. Aberer, Z. Despotovic, Managing Trust in a Peer-2-Peer Information
System. Proceedings of the Tenth International Conference on Information
and Knowledge Management 2001
Wang Y. Vassileva J. (2003) Trust and Reputation Model in Peer-to-Peer
Networks, Proc. of IEEE Conference on P2P Computing, Linkoeping,
Sweden, September 2003, IEEE Press, 150-157
References
17.
18.
19.
20.
21.
22.
F. Azzedin and M. Maheswaran, Trust Modeling for Peer-to-Peer based
Computing Systems, 12th IEEE Heterogeneous Computing Workshop
(HCW 2003)
WEEKS, S. ,Understanding trust management systems. In Proceedings of
2001 IEEE Symposium on Security and Privacy. IEEE Computer Society
Press, 94–105, 2001.
JIM, T., A trust management system with certified evaluation. In
Proceedings of the 2001 IEEE Symposium on Security and Privacy. IEEE
Computer Society Press, 106–115, 2001
Trust negotiation in peer-to-peer systems. Technical Report (in progress),
2004, available at http://scens.cs.dartmouth.edu.
R. Chen and W. Yeager, “Poblano: A distributed trust model for peer-to-peer
networks.” ”htpp:security.jxta.org”, 2001
P. R. Zimmerman (1995) The Official PGP User's Guide, Cambridge,
Massachusetts: MIT Press
References
23.
24.
25.
26.
27.
28.
R. Khare, A. Rifkin (1997) "Weaving a Web of Trust,” World Wide Web
Journal, 2(3), pp. 77-112.
B. Borcherding and M. Borcherding, “Efficient and Trustworthy Key
Distribution in Webs of Trust,” Computers and Security, vol. 17,no.5,
1998,pp. 447-454.
D. H. McKnight, N. L. Chervany. The Meanings of Trust. Technical Report
94-04, Carlson School of Management, University of Minnesota, 1996.
L. Rasmusson and S. Jansson. Simulated Social control for Secure Internet
Commerce (position paper). In Proceedings, New Security Paradigms
Workshop, Lake Arrowhead, 1996.
A. Abdul-Rahman. The PGP Trust Model. EDI-Forum, April 1997
Erikson, E. H. Identity: Youth and Crisis. W. W. Norton, New York, 1968.
References
29.
30.
31.
32.
33.
34.
Rosenberg, M. Occupations and Values. Free Press, Glencoe, IL, 1957.
Riker, W. H. “The Nature of Trust.” In J. T. Tedeschi (Ed.), Perspectives on social
power, Aldine Publishing Company, Chicago, 1971, pp. 63-81.
Shapiro, S P. The social control of impersonal trust. American Journal of Sociology
(93), 1987, pp. 623-658.
Urban, G.L., Sultan, F., and Qualls, W.J. Placing Trust at the Center of Your Internet
Strategy. MIT Sloan Management Review. Vol. 42(1), 2000, pp. 39-48.
Geyskens, I., Steenkamp, J-B, E.M., Scheer, L.K. and Kumar, N. The effects of trust
and interdependence on relationship commitment: A trans-Atlantic study.
International Journal of Research in Marketing. Vol. 13(4). 1996, pp. 303- 317.
Gambetta, D. Can we trust trust? In D. Gambetta (Ed.), Trust: Making and
breaking cooperative relations. Basil Blackwell. NY, 1988.
References
35.
36.
37.
38.
Bowman, E. H. and Hurry, D. Strategy through the Option Lens: An
Integrated view of Resource Investments and the Incremental-Choice
Process. Academy of Management Review. Vol.18(4)., 1993, pp. 760-782.
Das, T.K. and Bing-Sheng, T. Between Trust and Control: Developing
Confidence in Partner Cooperation in Alliances. The Academy of
Management Review. Vol. 23(3), 1998, pp. 491-512.
Dawar, N., Parker, P. M. and Price, L. J. A cross-cultural study of
interpersonal information exchange. Journal of International Business
Studies, Vol. 27(3), 1996, pp. 497-516.
eCommerce Trust Study.. Cheskin Research & Studio Archtype/Sapient.
1999. [online]. Available:
http://www.cheskin.com/think/studies/ecomtrust.html [viewed July 30,
2001].
References
39.
D. M. Rousseau, S. B. Sitkin, R. S. Burt, and C. Camerer, "Not so different
after all: A cross-discipline view of trust," Academy of Management
Review, vol. 23, pp. 393