Trust Prakash Kolan Srikanth Palla Trust Trust is a social good to be protected just as much as the air we breathe or the water we drink. When it is damaged, the community as a whole suffers; and when it is destroyed, societies falter and collapse“ - Sissela Bok, "Lying: Moral Choice in Public and Private Life", 1978 Introduction Internet – – – The Internet of the past is one of limited services and a fixed set of users, mainly academics and scientists From this, it has developed into a pervasive utility, playing host to a vast range of services High volume transactions and online activity everyday. With all this comes greater uncertainty and risk arising from the intentional hostility or carelessness of on-line entities. – Existing examples of the risks include viruses and Trojan horses, applets and macros embedded in documents, subverted databases of sensitive financial information, etc[7] Introduction The open and pervasive nature of Internet No central authority for monitoring system activity Improper maintenance of host and network security coupled with end host vulnerabilities in context of huge volume host interactions The level of expertise and experience required to recognize potential risk in every on-line interaction is currently beyond the ability and resources of the average user To help with this situation, users must be given the ability to assess the trustworthiness of entities it encounters. Introduction Current security technology provides us with some capability to build in a certain level of trust into our communication. – – – cryptographic algorithms for privacy and digital signatures signatures, authentication protocols for proving authenticity access control methods for managing authorization. These methods cannot manage the more general concept of ‘trustworthiness’. Cryptographic algorithms, for instance, cannot say if a piece of digitally signed code has been authored by competent programmers and a signed public-key certificate does not tell you if the owner is an industrial spy Trust can be defined as… Trust may be regarded as a judgment made by the user, based on general experience learned from being a consumer and from the perception of a particular merchant[4] Trust – an agent’s belief in another agent’s capabilities, honesty and reliability based on its own direct experiences[5] Trust can be defined as… Assured reliance on the character, ability, strength, or truth of someone or some thing” [1] As “confidence in or reliance on some quality or attribute of a person or thing, or the truth or a statement[2] Trust indicates a positive belief about the perceived reliability of, dependability of, and confidence in a person, object, or process”[3] Preconditions for Trust In order for trust to be relevant in a particular situation, two conditions must be present. Dependence of the trustor on the trustee. This dependence entails two things[39] – The trustor has a particular need to fulfill – The trustee possesses the potential to satisfy this need The Risk for the above Dependence – The trustor possesses uncertainty about the outcomes and vulnerability to a potential loss if the outcomes are undesirable. Principles of Trust Principle 1: Trust depends on identity. – – Trust accrues over time between individuals and companies that build a shared history of positive interactions. Trust depends on identity, the condition of being distinguishable from others, for without identity there is no way to group together separate interactions into a history. Principle 2: Trust is based on information[32] – – To trust someone or some organization one must first “get to know them”. The information required to “know” another party has many dimensions as it must capture knowledge about complex behaviors surrounding issues such as privacy, reliability and past performance. Principles of Trust Principle 3: Trust is a function of the perception of risk. – – Trust is a belief or expectation that the word or promise by other agent can be relied upon and will not take advantage of the his vulnerability[33] Risk is the core of trust in that trust is the degree to which a truster holds a positive attitude toward the trustee’s goodwill and reliability in a risky exchange situation[34] Principle 4: Trust deepens over time and with increased reciprocity. – – Trust is intimately associated with risk and when a trustee realizes that a truster has taken considerable risk in trusting them, they tend to be motivated to behave in a trustworthy manner. do not blindly take unjustified risk in the hope of developing a trustful relationship but rather adopt a gradual approach in which partners start with limited incremental investment when risk and uncertainly levels are high[35] Principles of Trust Principle 5: Trust is a matter of degree – – There is no such thing as blanket trust trust can be defined as the degree to which the truster holds a positive attitude toward the trustee’s goodwill and reliability in a risky exchange situation[36] Principle 6: Culture affects trust. – – The fundamental bases of trust varies across nationalities Agents coming from individualistic countries having a higher trusting stance in general and being more willing to base their trust in other agents on factors that are inferred from an impersonal Web site than agents from collectivist countries[37] Principles of Trust Principle 7: Third party ratings are important in developing trust. – – Trust is affected not only via first hand interaction, but also by the opinions of other parties. An important source of opinions is trusted third parties. In the offline world such parties include organizations such as the Better Business Bureau, Consumer Reports, and the media in general who render “expert” opinions based on research[37] Principle 8:Second party opinions are important in developing trust. – – Trust can also be affected by the opinions of second parties that have had experience in conducting similar transactions. Such parties are synonymous to friends and family in offline world. Principles of Trust Principle 9: First party information is important in developing trust. – – First party information, i.e., information that the party provides concerning themselves is critical to developing trust online. The first party needs to clearly present information about their services (e.g., delivery methods, insurance, payment methods), policies (e.g., privacy, security, returns) and products (e.g., description, pricing, availability). Principle 10: Formal and social controls are important in developing trust. – – Formal controls employ codified rules, goals, procedures and regulations that specify desired patterns of behavior[36] social controls use organizational and cultural values and norms to encourage desirable behavior. Social controls in alliances often take the form of socialization, interaction and training[36] Trust Typology Interpersonal Trust Trust an agent has in other agent directly. It is agent and context specific [25]. For example Alice may trust a specific agent Bob the Mechanic in the specific context of servicing her car but not in the context of babysitting her children. System Trust or Impersonal Trust Trust that is not based on any property or state of the trustee but rather on the perceived properties or reliance on the system or institution within which that trust exists. E.g.; The monetary system Dispositional Trust Sometimes referred to as one’s ‘basic trust’, describes the general trusting attitude of the truster. A sense of basic trust, which is a pervasive attitude toward oneself and the world” [25]. A Typology of Related Trust Constructs Trust can be categorized into different conceptual types, such as attitudes, beliefs, behaviors, and dispositions. It could be even categorized as reflecting different referents: trust in something, in someone, or in a specific characteristic of someone (e.g., one’s honesty). Based on above, an interdisciplinary model of trust types can be defined – Disposition to Trust – Institution-based Trust – Trusting Beliefs – Trusting Intention Interdisciplinary trust constructs model Disposition to trust The extent to which one displays a consistent tendency to be willing to depend on general others across a broad spectrum of situations and persons[28]. Sub-Constructs – Faith in Humanity[29] – Refers to underlying assumptions about people one assumes others are usually upright, well-meaning, and dependable Trusting Stance[30] Means that, regardless of what one assumes about other people generally, one assumes that one will achieve better outcomes by dealing with people as though they are well-meaning and reliable. Institution Based Trust One believes the needed conditions are in place to enable one to anticipate a successful outcome in an endeavor or aspect of one’s life Comes from the sociology tradition that people can rely on others because of structures, situations, or roles that provide assurances that things will go well. Sub Constructs – Structural Assurance[31] One believes that success is likely because guarantees, contracts, regulations, promises, legal recourse, processes, or procedures are in place that assure success – Situational Normality One believes that success is likely because the situation is normal or favorable. Trusting Beliefs One believes (and feels confident in believing) that the other person has one or more traits desirable to one in a situation in which negative consequences are possible. Sub constructs – Competence One believes the other person has the ability or power to do for one what one needs done. – Benevolence One believes the other person cares about one and is motivated to act in one’s interest – Integrity One believes the other person makes good faith agreements, tells the truth, and fulfills promises – Predictability one believes the other person’s actions (good or bad) are consistent enough that one can forecast them in a given situation Trusting Intentions One is willing to depend on, or intends to depend on, the other person in a given task or situation with a feeling of relative security, even though negative consequences are possible. Sub Constructs – Willingness to depend one is volitionally prepared to make oneself vulnerable to the other person in a situation by relying on them – Subjective probability of Depending the extent to which one forecasts or predicts that one will depend on the other person Example E-commerce Relationship Trust Model Different methods Trust models in peer-to-peer networks Trust models on the semantic web Trust models in Peer-to-peer N/w Decentralized Peer to Peer (P2P) networks offer both opportunities and threats. Its open and decentralized nature makes it extremely susceptible to malicious users spreading harmful content like viruses, trojans or, even just wasting valuable resources of the network. In order to minimize such threats, the use of community-based reputations as trust measurements is fast becoming a de-facto standard The idea is to dynamically assign a trust rating for each peer and the peers can communicate among themselves based on the peer trust rating. Trust Models in Peer-to-peer N/w Bayesian Network-Based Trust Model in Peer-to-Peer Networks[5] – Represents a differentiated trust model as trust differs for different peers at different instances and situations – Depending on the situation, a peer may need to consider its trust in a specific aspect of another peer’s capability or in multiple aspects. – It employs Bayesian network concepts for providing flexible methods for deducing these differentiated trust values. Trust Models in Peer-topeer networks Collaborative Automated Trust Negotiation in Peer-to-Peer Systems[13] – – – – – Many of the users are reluctant to do high volume transactions over the internet as the security issues posed by the P2P systems are severe and daunting Investigates building trust by automated trust negotiations. These trust negotiations help in proving that a peer satisfies certain trust requirements. The peers in the peer-to-peer networks build trust relationships among each other by collaboratively negotiating their credentials These trust negotiations can be used along with reputation systems to build efficient P2P trust systems. Trust Networks on the Semantic Web "Trust" is a word that has come to have several very specific definitions on the Semantic Web. Much research has focused on authentication of resources, including work on digital signatures and public keys. Confidence in the source or author of a document is important, but trust, in this sense, ignores many important points. Just because a person can confirm the source of documents does not have any explicit implication about trusting the content of those documents. Introduction Here we are going to addresses “trust” as credibility or reliability in a much more human sense. It opens up the door for questions like “how much credence should I give to what this person says about a given topic,” and “based on what my friends say, how much should I trust this new person?" Introduction we will discusses how to build a meaningful social network from the architecture of the semantic web, and how it conveys meaning about the structure of the world. We describe a sample algorithm for computing trust in a network. Networks on the Semantic Web Studying the structure of the hypertext web can be used to find community structure in a limited way. A set of pages clustered by hyperlinks may indicate a common topic among the pages, but it does not show more than a generic relationship among the pages. Furthermore, pages with fewer outgoing links are less likely to show up in a cluster at all because their connectance is obviously lower. These two facts make it difficult for a person to actually see any relationship among specific concepts on the web as it currently stands – classification is not specific enough, and it relies on heavy hyperlinking that may not be present. The Semantic Web changes this. Since the semantic data is machineunderstandable, there is no need to use heuristics to relate pages. Concepts in semantically marked up pages are automatically linked, relating both pages and concepts across a distributed web Implementation The semantic web of trust requires that users describe their beliefs about others. Once a person has a file that lists who they know and how much they trust them, social information can be automatically compiled and processed. Requirments The Internet provides an easy way to set up shops and conduct commerce at any place in the world. Vendors can thus sell goods and conduct commerce on the Internet. Most of the time customers use the Internet commerce mechanism to order goods and pay for the transaction through a credit card (extending the so called mail -order, phone order to Internet-order). In order to secure the transmission of credit card numbers customers could send it encrypted using protocols such as Secure Sockets Layer (SSL) until implementations of special payment protocols like Secure Electronic Transactions (SET) or Joint Electronic Payment Initiative (JEPI) become available. Requirments It is important that transactions be atomic. In other words, the entire transaction should be carried out in a fault tolerant way such that no party involved in the transaction may be put at a loss after the completion of the transaction i.e., the vendor should not feel cheated by having not received payment for goods sold, nor the customer feel cheated for not having received goods for payment made. Electronic commerce protocols have been designed to provide this kind of ECatomicity. However, these protocols have not been equipped with mechanisms to protect a vendor from a customer who makes a fraudulent payment or a customer from a vendor who supplies low quality or garbage goods. In other words, these protocols need to be equipped with suitable trust mechanisms i.e., they should be strengthened by adding a non-repudiable context to the transaction protocol. Measurement of Trust Eventhough the quantitative measurement of trust cannot be adequately performed, several variables on which trust depends could be used to define trust. These variables in turn influence actions taken by a transacting entity. Certain parameters modify trust actions. Trust Variables Cost of Transaction Transaction Customer History Loyalty Indemnity Spending Pattern Cost of Transaction Careful customers pay attention to the price and quality of goods. Expensive items are bought after careful thought and consumer report analysis. Vendors make sure that the money offered for the item is not counterfeit, that the buyer has enough funds in his bank account or on his credit card. Risk is based on cost of goods. For example, a vendor may not be concerned on losing revenue on a single microtransaction. (A micro-transaction is one that has negligible cost value like a tenth of a cent to a cent). This is a micro-risk transaction. As the cost of the transaction increases or the number of such micro-transactions increase, vendors pay attention to revenues and income on such transactions. Transaction History Transaction history is similar to a person’s credit history. Just as a person’s credit history is checked before issuing a loan, or before increasing the credit limit on his card, a person’s transaction history measures trust and is consulted for evaluating transactions. For example, questionable customers who always complain that they receive outdated stock information, might need a non-repudiated proof of verification. This could be in the form of a time-stamped receipt of stock information. Customer Loyalty It is a well known practice in commercial establishments that they tend to provide several benefits in the form of awards, mileage points, etc. to customers who show them loyalty. A frequent buyer will be treated with greater trust than a stranger. Indemnity If a trusted intermediary stands as a guarantee against loss, then there is an increase in trust level of the transaction. Spending Pattern If a customer’s host is compromised or if someone steals the customer’s smart card, or currency, one could notice a suspicious activity by observing the spending pattern. Conclusion Trust is a complex and multi-dimensional phenomenon. The human perception of trust is a core ingredient in any online transaction, and future electronic systems must support trust services to gain loyalty at both ends. Trust is many faceted form of human behavior. Ask people why they trust an individual or company and you will receive an enormous range of answers. In many cases you will find that people cannot even articulate the inner workings of their own trust processes. Conclusion The trust principles presented represent aspects of trust that need to be addressed when building infrastructure to support online trust. We have discussed the conceptual level constructs which consist of Disposition to Trust (from Psychology), Institution-based Trust (from Sociology), and Trusting Beliefs and Trusting Intentions (from Social Psychology). The typology of trust constructs helps address conceptual confusion by representing trust as a coherent set of four constructs and ten sub constructs. Conclusion Enabling peers to develop trust among themselves is important in a peer-topeer system where resources (either computational, or files) of different quality are offered. It will become increasingly important in systems for peer-to-peer computation, where trust can provide a way for protection of unreliable, buggy, infected or malicious peers If we are to create online environments in which trading relationships are as easy to navigate, we will need to evolve rich and varied forms of online trust infrastructure and address numerous business, technical, social and legal issues. References 1. 2. 3. 4. 5. Merriam-Webster. Merriam-Webster Online Merriam-Webster, Inc., 2002. URL: http://www.m-w.com Oxford. Oxford English Dictionary. Oxford University Press, 2nd edition, 1989 Ben Shneiderman. Designing Trust into Online Experiences. Communications of the ACM, 43(12):57–59, December 2000 Derek Sisson. ecommerce. URL: http://www.philosophe.com/commerce/ecommerce.html, February 2000 Wang, Y., Vassileva J. (2003) Bayesian Network-Based Trust Model in Peerto-Peer Networks, Proc. Workshop on "Deception, Fraud and Trust in Agent Societies" at the Autonomous Agents and Multi Agent Systems 2003 (AAMAS-03), Melbourne, Australia, July 2003 (full paper, 9pp). References 6. 7. 8. 9. 10. L. Mui, M. Mohtashemi,Ari Halberstadt, "A Computational Model of Trust and Reputation", Proceedings of the 35th Hawaii International Conference on System Sciences – 2002 A. Abdul-Rahman and S. Hailes, "A Distributed Trust Model", in Proceedings of the New Security Paradigms Workshop, ACM, 1997. Wang Y., Vassileva J. (2003) Bayesian Network-Based Trust Model, Proc. of IEEE International Conference on Web Intelligence (WI 2003), October 13-17, 2003, Halifax, Canada W.Winsborough,K.Seamons,and V.Jones. Automated Trust Negotiation. In DARPA Information Survivability Conference and Exposition , Hilton A. Abdul-Rahman and S. Hailes. Supporting trust in virtual communities. In 33rd Annual Hawaii International Conference on System Sciences (HICSS33), 2000. References 11. 12. 13. 14. 15. 16. Peer Trust. http://disl.cc.gatech.edu/PeerTrust Heckerman, D. “A Tutorial on Learning with Bayesian Networks”, Microsoft Research report MSR-TR-95-06, 1995 Song Ye; Makedon, F.; Ford, J.; Collaborative automated trust negotiation in peer-to-peer systems. Peer-to-Peer Computing, 2004. Proceedings. Proceedings. Fourth International Conference on 25-27 Aug. 2004 Page(s):108 – 115 D. W. MANCHALA, E-Commerce Trust Metrics and Models, IEEE Internet Computing, April 2000 K. Aberer, Z. Despotovic, Managing Trust in a Peer-2-Peer Information System. Proceedings of the Tenth International Conference on Information and Knowledge Management 2001 Wang Y. Vassileva J. (2003) Trust and Reputation Model in Peer-to-Peer Networks, Proc. of IEEE Conference on P2P Computing, Linkoeping, Sweden, September 2003, IEEE Press, 150-157 References 17. 18. 19. 20. 21. 22. F. Azzedin and M. Maheswaran, Trust Modeling for Peer-to-Peer based Computing Systems, 12th IEEE Heterogeneous Computing Workshop (HCW 2003) WEEKS, S. ,Understanding trust management systems. In Proceedings of 2001 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 94–105, 2001. JIM, T., A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 106–115, 2001 Trust negotiation in peer-to-peer systems. Technical Report (in progress), 2004, available at http://scens.cs.dartmouth.edu. R. Chen and W. Yeager, “Poblano: A distributed trust model for peer-to-peer networks.” ”htpp:security.jxta.org”, 2001 P. R. Zimmerman (1995) The Official PGP User's Guide, Cambridge, Massachusetts: MIT Press References 23. 24. 25. 26. 27. 28. R. Khare, A. Rifkin (1997) "Weaving a Web of Trust,” World Wide Web Journal, 2(3), pp. 77-112. B. Borcherding and M. Borcherding, “Efficient and Trustworthy Key Distribution in Webs of Trust,” Computers and Security, vol. 17,no.5, 1998,pp. 447-454. D. H. McKnight, N. L. Chervany. The Meanings of Trust. Technical Report 94-04, Carlson School of Management, University of Minnesota, 1996. L. Rasmusson and S. Jansson. Simulated Social control for Secure Internet Commerce (position paper). In Proceedings, New Security Paradigms Workshop, Lake Arrowhead, 1996. A. Abdul-Rahman. The PGP Trust Model. EDI-Forum, April 1997 Erikson, E. H. Identity: Youth and Crisis. W. W. Norton, New York, 1968. References 29. 30. 31. 32. 33. 34. Rosenberg, M. Occupations and Values. Free Press, Glencoe, IL, 1957. Riker, W. H. “The Nature of Trust.” In J. T. Tedeschi (Ed.), Perspectives on social power, Aldine Publishing Company, Chicago, 1971, pp. 63-81. Shapiro, S P. The social control of impersonal trust. American Journal of Sociology (93), 1987, pp. 623-658. Urban, G.L., Sultan, F., and Qualls, W.J. Placing Trust at the Center of Your Internet Strategy. MIT Sloan Management Review. Vol. 42(1), 2000, pp. 39-48. Geyskens, I., Steenkamp, J-B, E.M., Scheer, L.K. and Kumar, N. The effects of trust and interdependence on relationship commitment: A trans-Atlantic study. International Journal of Research in Marketing. Vol. 13(4). 1996, pp. 303- 317. Gambetta, D. Can we trust trust? In D. Gambetta (Ed.), Trust: Making and breaking cooperative relations. Basil Blackwell. NY, 1988. References 35. 36. 37. 38. Bowman, E. H. and Hurry, D. Strategy through the Option Lens: An Integrated view of Resource Investments and the Incremental-Choice Process. Academy of Management Review. Vol.18(4)., 1993, pp. 760-782. Das, T.K. and Bing-Sheng, T. Between Trust and Control: Developing Confidence in Partner Cooperation in Alliances. The Academy of Management Review. Vol. 23(3), 1998, pp. 491-512. Dawar, N., Parker, P. M. and Price, L. J. A cross-cultural study of interpersonal information exchange. Journal of International Business Studies, Vol. 27(3), 1996, pp. 497-516. eCommerce Trust Study.. Cheskin Research & Studio Archtype/Sapient. 1999. [online]. Available: http://www.cheskin.com/think/studies/ecomtrust.html [viewed July 30, 2001]. References 39. D. M. Rousseau, S. B. Sitkin, R. S. Burt, and C. Camerer, "Not so different after all: A cross-discipline view of trust," Academy of Management Review, vol. 23, pp. 393