Trust

1
Trust
Prakash Kolan Srikanth Palla
2
Trust

• Trust is a social good to be protected just as
  much as the air we breathe or the water we drink.
  When it is damaged, the community as a whole
  suffers and when it is destroyed, societies
  falter and collapse
• - Sissela Bok,
• 
  "Lying Moral Choice in Public and
  Private Life", 1978

3
Introduction

• Internet
• The Internet of the past is one of limited
  services and a fixed set of users, mainly
  academics and scientists
• From this, it has developed into a pervasive
  utility, playing host to a vast range of services
• High volume transactions and online activity
  everyday.
• With all this comes greater uncertainty and risk
  arising from the intentional hostility or
  carelessness of on-line entities.
• Existing examples of the risks include viruses
  and Trojan horses, applets and macros embedded in
  documents, subverted databases of sensitive
  financial information, etc7

4
Introduction

• The open and pervasive nature of Internet
• No central authority for monitoring system
  activity
• Improper maintenance of host and network security
  coupled with end host vulnerabilities in context
  of huge volume host interactions
• The level of expertise and experience required to
  recognize potential risk in every on-line
  interaction is currently beyond the ability and
  resources of the average user
• To help with this situation, users must be given
  the ability to assess the trustworthiness of
  entities it encounters.

5
Introduction

• Current security technology provides us with some
  capability to build in a certain level of trust
  into our communication.
• cryptographic algorithms for privacy and digital
  signatures
• signatures, authentication protocols for proving
  authenticity
• access control methods for managing
  authorization.
• These methods cannot manage the more general
  concept of trustworthiness.
• Cryptographic algorithms, for instance, cannot
  say if a piece of digitally signed code has been
  authored by competent programmers and a signed
  public-key certificate does not tell you if the
  owner is an industrial spy

6
Trust can be defined as

• Trust may be regarded as a judgment made by the
  user, based on general experience learned from
  being a consumer and from the perception of a
  particular merchant4
• Trust an agents belief in another agents
  capabilities, honesty and reliability based on
  its own direct experiences5

7
Trust can be defined as

• Assured reliance on the character, ability,
  strength, or truth of someone or some thing 1
• As confidence in or reliance on some quality or
  attribute of a person or thing, or the truth or a
  statement2
• Trust indicates a positive belief about the
  perceived reliability of, dependability of, and
  confidence in a person, object, or process3

8
Preconditions for Trust

• In order for trust to be relevant in a particular
  situation, two conditions must be present.
• Dependence of the trustor on the trustee. This
  dependence entails two things39
• The trustor has a particular need to fulfill
• The trustee possesses the potential to satisfy
  this need
• The Risk for the above Dependence
• The trustor possesses uncertainty about the
  outcomes and vulnerability to a potential loss if
  the outcomes are undesirable.

9
Principles of Trust

• Principle 1 Trust depends on identity.
• Trust accrues over time between individuals and
  companies that build a shared history of positive
  interactions.
• Trust depends on identity, the condition of being
  distinguishable from others, for without identity
  there is no way to group together separate
  interactions into a history.
• Principle 2 Trust is based on information32
• To trust someone or some organization one must
  first get to know them.
• The information required to know another party
  has many dimensions as it must capture knowledge
  about complex behaviors surrounding issues such
  as privacy, reliability and past performance.

10
Principles of Trust

• Principle 3 Trust is a function of the
  perception of risk.
• Trust is a belief or expectation that the word or
  promise by other agent can be relied upon and
  will not take advantage of the his
  vulnerability33
• Risk is the core of trust in that trust is the
  degree to which a truster holds a positive
  attitude toward the trustees goodwill and
  reliability in a risky exchange situation34
• Principle 4 Trust deepens over time and with
  increased reciprocity.
• Trust is intimately associated with risk and when
  a trustee realizes that a truster has taken
  considerable risk in trusting them, they tend to
  be motivated to behave in a trustworthy manner.
• do not blindly take unjustified risk in the hope
  of developing a trustful relationship but rather
  adopt a gradual approach in which partners start
  with limited incremental investment when risk and
  uncertainly levels are high35

11
Principles of Trust

• Principle 5 Trust is a matter of degree
• There is no such thing as blanket trust
• trust can be defined as the degree to which the
  truster holds a positive attitude toward the
  trustees goodwill and reliability in a risky
  exchange situation36
• Principle 6 Culture affects trust.
• The fundamental bases of trust varies across
  nationalities
• Agents coming from individualistic countries
  having a higher trusting stance in general and
  being more willing to base their trust in other
  agents on factors that are inferred from an
  impersonal Web site than agents from collectivist
  countries37

12
Principles of Trust

• Principle 7 Third party ratings are important in
  developing trust.
• Trust is affected not only via first hand
  interaction, but also by the opinions of other
  parties.
• An important source of opinions is trusted third
  parties. In the offline world such parties
  include organizations such as the Better Business
  Bureau, Consumer Reports, and the media in
  general who render expert opinions based on
  research37
• Principle 8Second party opinions are important
  in developing trust.
• Trust can also be affected by the opinions of
  second parties that have had experience in
  conducting similar transactions.
• Such parties are synonymous to friends and family
  in offline world.

13
Principles of Trust

• Principle 9 First party information is important
  in developing trust.
• First party information, i.e., information that
  the party provides concerning themselves is
  critical to developing trust online.
• The first party needs to clearly present
  information about their services (e.g., delivery
  methods, insurance, payment methods), policies
  (e.g., privacy, security, returns) and products
  (e.g., description, pricing, availability).
• Principle 10 Formal and social controls are
  important in developing trust.
• Formal controls employ codified rules, goals,
  procedures and regulations that specify desired
  patterns of behavior36
• social controls use organizational and cultural
  values and norms to encourage desirable behavior.
  Social controls in alliances often take the form
  of socialization, interaction and training36

14
Trust Typology

• Interpersonal Trust Trust an agent has in other
  agent directly. It is agent and context specific
  25. For example Alice may trust a specific
  agent Bob the Mechanic in the specific context of
  servicing her car but not in the context of
  babysitting her children.
• System Trust or Impersonal TrustTrust that is
  not based on any property or state of the trustee
  but rather on the perceived properties or
  reliance on the system or institution within
  which that trust exists. E.g. The monetary
  system
• Dispositional TrustSometimes referred to as
  ones basic trust, describes the general
  trusting attitude of the truster. A sense of
  basic trust, which is a pervasive attitude toward
  oneself and the world 25.

15
A Typology of Related Trust Constructs

• Trust can be categorized into different
  conceptual types, such as attitudes, beliefs,
  behaviors, and dispositions. It could be even
  categorized as reflecting different referents
  trust in something, in someone, or in a specific
  characteristic of someone (e.g., ones honesty).
• Based on above, an interdisciplinary model of
  trust types can be defined
• Disposition to Trust
• Institution-based Trust
• Trusting Beliefs
• Trusting Intention

16
Interdisciplinary trust constructs model
17
Disposition to trust

• The extent to which one displays a consistent
  tendency to be willing to depend on general
  others across a broad spectrum of situations and
  persons28.
• Sub-Constructs
• Faith in Humanity29
• Refers to underlying assumptions about people
• one assumes others are usually upright,
  well-meaning, and dependable
• Trusting Stance30Means that, regardless of
  what one assumes about other people generally,
  one assumes that one will achieve better outcomes
  by dealing with people as though they are
  well-meaning and reliable.

18
Institution Based Trust

• One believes the needed conditions are in place
  to enable one to anticipate a successful outcome
  in an endeavor or aspect of ones life
• Comes from the sociology tradition that people
  can rely on others because of structures,
  situations, or roles that provide assurances that
  things will go well.
• Sub Constructs
• Structural Assurance31One believes that
  success is likely because guarantees, contracts,
  regulations, promises, legal recourse, processes,
  or procedures are in place that assure success
• Situational NormalityOne believes that success
  is likely because the situation is normal or
  favorable.

19
Trusting Beliefs

• One believes (and feels confident in believing)
  that the other person has one or more traits
  desirable to one in a situation in which negative
  consequences are possible.
• Sub constructs
• CompetenceOne believes the other person has the
  ability or power to do for one what one needs
  done.
• BenevolenceOne believes the other person cares
  about one and is motivated to act in ones
  interest
• IntegrityOne believes the other person makes
  good faith agreements, tells the truth, and
  fulfills promises
• Predictabilityone believes the other persons
  actions (good or bad) are consistent enough that
  one can forecast them in a given situation

20
Trusting Intentions

• One is willing to depend on, or intends to depend
  on, the other person in a given task or situation
  with a feeling of relative security, even though
  negative consequences are possible.
• Sub Constructs
• Willingness to dependone is volitionally
  prepared to make oneself vulnerable to the other
  person in a situation by relying on them
• Subjective probability of Dependingthe extent to
  which one forecasts or predicts that one will
  depend on the other person

21
Example E-commerce Relationship Trust Model
22
Different methods

• Trust models in peer-to-peer networks
• Trust models on the semantic web

23
Trust models in Peer-to-peer N/w

• Decentralized Peer to Peer (P2P) networks offer
  both opportunities and threats.
• Its open and decentralized nature makes it
  extremely susceptible to malicious users
  spreading harmful content like viruses, trojans
  or, even just wasting valuable resources of the
  network.
• In order to minimize such threats, the use of
  community-based reputations as trust measurements
  is fast becoming a de-facto standard
• The idea is to dynamically assign a trust rating
  for each peer and the peers can communicate among
  themselves based on the peer trust rating.

24
Trust Models in Peer-to-peer N/w

• Bayesian Network-Based Trust Model in
  Peer-to-Peer Networks5
• Represents a differentiated trust model as trust
  differs for different peers at different
  instances and situations
• Depending on the situation, a peer may need to
  consider its trust in a specific aspect of
  another peers capability or in multiple aspects.
  
• It employs Bayesian network concepts for
  providing flexible methods for deducing these
  differentiated trust values.

25
Trust Models in Peer-to-peer networks

• Collaborative Automated Trust Negotiation in
  Peer-to-Peer Systems13
• Many of the users are reluctant to do high volume
  transactions over the internet as the security
  issues posed by the P2P systems are severe and
  daunting
• Investigates building trust by automated trust
  negotiations.
• These trust negotiations help in proving that a
  peer satisfies certain trust requirements.
• The peers in the peer-to-peer networks build
  trust relationships among each other by
  collaboratively negotiating their credentials
• These trust negotiations can be used along with
  reputation systems to build efficient P2P trust
  systems.

26
Trust Networks on the Semantic Web

• "Trust" is a word that has come to have
  several very specific definitions on the
• Semantic Web. Much research has focused on
  authentication of resources, including work on
  digital signatures and public keys. Confidence in
  the source or author of a document is important,
  but trust, in this sense, ignores many important
  points. Just because a person can confirm the
  source of documents does not have any explicit
  implication about trusting the content of those
  documents.

27
Introduction

• Here we are going to addresses trust as
  credibility or reliability in a much more human
  sense. It opens up the door for questions like
  how much credence should I give to what this
  person says about a given topic, and based on
  what my friends say, how much should I trust this
  new person?"

28
Introduction

• we will discusses how to build a meaningful
  social network from the architecture of the
  semantic web, and how it conveys meaning about
  the structure of the world. We describe a sample
  algorithm for computing trust in a network.

29
Networks on the Semantic Web

• Studying the structure of the hypertext web
  can be used to find community structure in a
  limited way. A set of pages clustered by
  hyperlinks may indicate a common topic among the
  pages, but it does not show more than a generic
  relationship among the pages. Furthermore, pages
  with fewer outgoing links are less likely to show
  up in a cluster at all because their connectance
  is obviously lower. These two facts make it
  difficult for a person to actually see any
  relationship among specific concepts on the web
  as it currently stands classification is not
  specific enough, and it relies on heavy
  hyperlinking that may not be present.

30

• The Semantic Web changes this. Since the
  semantic data is machine-understandable, there is
  no need to use heuristics to relate pages.
  Concepts in semantically marked up pages are
  automatically linked, relating both pages and
  concepts across a distributed web

31
Implementation

• The semantic web of trust requires that
  users describe their beliefs about others. Once a
  person has a file that lists who they know and
  how much they trust them, social information can
  be automatically compiled and processed.

32
Requirments

• The Internet provides an easy way to set up shops
  and conduct commerce at any place in the world.
  Vendors can thus sell goods and conduct commerce
  on the Internet. Most of the time customers use
  the Internet commerce mechanism to order goods
  and pay for the transaction through a credit card
  (extending the so called mail -order, phone order
  to Internet-order). In order to secure the
  transmission of credit card numbers customers
  could send it encrypted using protocols such as
  Secure Sockets Layer (SSL) until implementations
  of special payment protocols like Secure
  Electronic Transactions (SET) or Joint Electronic
  Payment Initiative (JEPI) become available.

33
Requirments

• It is important that transactions be atomic. In
  other words, the entire transaction should be
  carried out in a fault tolerant way such that no
  party involved in the transaction may be put at a
  loss after the completion of the transaction
  i.e., the vendor should not feel cheated by
  having not received payment for goods sold, nor
  the customer feel cheated for not having received
  goods for payment made. Electronic commerce
  protocols have been designed to provide this kind
  of EC-atomicity. However, these protocols have
  not been equipped with mechanisms to protect a
  vendor from a customer who makes a fraudulent
  payment or a customer from a vendor who supplies
  low quality or garbage goods. In other words,
  these protocols need to be equipped with suitable
  trust mechanisms i.e., they should be
  strengthened by adding a non-repudiable context
  to the transaction protocol.

34
Measurement of Trust

• Eventhough the quantitative measurement of trust
  cannot be adequately performed, several variables
  on which trust depends could be used to define
  trust. These variables in turn influence actions
  taken by a transacting entity. Certain parameters
  modify trust actions.

35
Trust Variables

• Cost of Transaction
• Transaction History
• Customer Loyalty
• Indemnity
• Spending Pattern

36
Cost of Transaction

• Careful customers pay attention to the price and
  quality of goods. Expensive items are bought
  after careful thought and consumer report
  analysis. Vendors make sure that the money
  offered for the item is not counterfeit, that the
  buyer has enough funds in his bank account or on
  his credit card. Risk is based on cost of goods.
  For example, a vendor may not be concerned on
  losing revenue on a single micro-transaction. (A
  micro-transaction is one that has negligible cost
  value like a tenth of a cent to a cent). This is
  a micro-risk transaction. As the cost of the
  transaction increases or the number of such
  micro-transactions increase, vendors pay
  attention to revenues and income on such
  transactions.

37
Transaction History

• Transaction history is similar to a persons
  credit history. Just as a persons credit history
  is checked before issuing a loan, or before
  increasing the credit limit on his card, a
  persons transaction history measures trust and
  is consulted for evaluating transactions. For
  example, questionable customers who always
  complain that they receive outdated stock
  information, might need a non-repudiated proof of
  verification. This could be in the form of a
  time-stamped receipt of stock information.

38
Customer Loyalty

• It is a well known practice in commercial
  establishments that they tend to provide several
  benefits in the form of awards, mileage points,
  etc. to customers who show them loyalty. A
  frequent buyer will be treated with greater trust
  than a stranger.

39
Indemnity

• If a trusted intermediary stands as a guarantee
  against loss, then there is an increase in trust
  level of the transaction.

40
Spending Pattern

• If a customers host is compromised or if someone
  steals the customers smart card, or currency,
  one could notice a suspicious activity by
  observing the spending pattern.

41
Conclusion

• Trust is a complex and multi-dimensional
  phenomenon.
• The human perception of trust is a core
  ingredient in any online transaction, and future
  electronic systems must support trust services to
  gain loyalty at both ends.
• Trust is many faceted form of human behavior. Ask
  people why they trust an individual or company
  and you will receive an enormous range of
  answers. In many cases you will find that people
  cannot even articulate the inner workings of
  their own trust processes.

42
Conclusion

• The trust principles presented represent aspects
  of trust that need to be addressed when building
  infrastructure to support online trust.
• We have discussed the conceptual level constructs
  which consist of Disposition to Trust (from
  Psychology), Institution-based Trust (from
  Sociology), and Trusting Beliefs and Trusting
  Intentions (from Social Psychology).
• The typology of trust constructs helps address
  conceptual confusion by representing trust as a
  coherent set of four constructs and ten sub
  constructs.

43
Conclusion

• Enabling peers to develop trust among themselves
  is important in a peer-to-peer system where
  resources (either computational, or files) of
  different quality are offered.
• It will become increasingly important in systems
  for peer-to-peer computation, where trust can
  provide a way for protection of unreliable,
  buggy, infected or malicious peers
• If we are to create online environments in which
  trading relationships are as easy to navigate, we
  will need to evolve rich and varied forms of
  online trust infrastructure and address numerous
  business, technical, social and legal issues.

44
References

1. Merriam-Webster. Merriam-Webster Online
   Merriam-Webster, Inc., 2002. URL
   http//www.m-w.com
2. Oxford. Oxford English Dictionary. Oxford
   University Press, 2nd edition, 1989
3. Ben Shneiderman. Designing Trust into Online
   Experiences. Communications of the ACM,
   43(12)5759, December 2000
4. Derek Sisson. ecommerce. URL http//www.philosoph
   e.com/commerce/ecommerce.html, February 2000
5. Wang, Y., Vassileva J. (2003) Bayesian
   Network-Based Trust Model in Peer-to-Peer
   Networks, Proc. Workshop on "Deception, Fraud and
   Trust in Agent Societies" at the Autonomous
   Agents and Multi Agent Systems 2003 (AAMAS-03),
   Melbourne, Australia, July 2003 (full paper, 9pp).

45
References

1. L. Mui, M. Mohtashemi,Ari Halberstadt, "A
   Computational Model of Trust and Reputation",
   Proceedings of the 35th Hawaii International
   Conference on System Sciences 2002
2. A. Abdul-Rahman and S. Hailes, "A Distributed
   Trust Model", in Proceedings of the New Security
   Paradigms Workshop, ACM, 1997.
3. Wang Y., Vassileva J. (2003) Bayesian
   Network-Based Trust Model, Proc. of IEEE
   International Conference on Web Intelligence (WI
   2003), October 13-17, 2003, Halifax, Canada
4. W.Winsborough,K.Seamons,and V.Jones. Automated
   Trust Negotiation. In DARPA Information
   Survivability Conference and Exposition , Hilton
5. A. Abdul-Rahman and S. Hailes. Supporting trust
   in virtual communities. In 33rd Annual Hawaii
   International Conference on System Sciences
   (HICSS-33), 2000.

46
References

1. Peer Trust. http//disl.cc.gatech.edu/PeerTrust
2. Heckerman, D. A Tutorial on Learning with
   Bayesian Networks, Microsoft Research report
   MSR-TR-95-06, 1995
3. Song Ye Makedon, F. Ford, J. Collaborative
   automated trust negotiation in peer-to-peer
   systems. Peer-to-Peer Computing, 2004.
   Proceedings. Proceedings. Fourth International
   Conference on 25-27 Aug. 2004 Page(s)108 115
4. D. W. MANCHALA, E-Commerce Trust Metrics and
   Models, IEEE Internet Computing, April 2000
5. K. Aberer, Z. Despotovic, Managing Trust in a
   Peer-2-Peer Information System. Proceedings of
   the Tenth International Conference on Information
   and Knowledge Management 2001
6. Wang Y. Vassileva J. (2003) Trust and Reputation
   Model in Peer-to-Peer Networks, Proc. of IEEE
   Conference on P2P Computing, Linkoeping, Sweden,
   September 2003, IEEE Press, 150-157

47
References

• F. Azzedin and M. Maheswaran, Trust Modeling for
  Peer-to-Peer based Computing Systems, 12th IEEE
  Heterogeneous Computing Workshop (HCW 2003)
• WEEKS, S. ,Understanding trust management
  systems. In Proceedings of 2001 IEEE Symposium on
  Security and Privacy. IEEE Computer Society
  Press, 94105, 2001.
• JIM, T., A trust management system with certified
  evaluation. In Proceedings of the 2001 IEEE
  Symposium on Security and Privacy. IEEE Computer
  Society Press, 106115, 2001
• Trust negotiation in peer-to-peer systems.
  Technical Report (in progress), 2004, available
  at http//scens.cs.dartmouth.edu.
• R. Chen and W. Yeager, Poblano A distributed
  trust model for peer-to-peer networks.
  htppsecurity.jxta.org, 2001
• P. R. Zimmerman (1995) The Official PGP User's
  Guide, Cambridge, Massachusetts MIT Press

48
References

• R. Khare, A. Rifkin (1997) "Weaving a Web of
  Trust, World Wide Web Journal, 2(3), pp. 77-112.
• B. Borcherding and M. Borcherding, Efficient and
  Trustworthy Key Distribution in Webs of Trust,
  Computers and Security, vol. 17,no.5, 1998,pp.
  447-454.
• D. H. McKnight, N. L. Chervany. The Meanings of
  Trust. Technical Report 94-04, Carlson School of
  Management, University of Minnesota, 1996.
• L. Rasmusson and S. Jansson. Simulated Social
  control for Secure Internet Commerce (position
  paper). In Proceedings, New Security Paradigms
  Workshop, Lake Arrowhead, 1996.
• A. Abdul-Rahman. The PGP Trust Model. EDI-Forum,
  April 1997
• Erikson, E. H. Identity Youth and Crisis. W. W.
  Norton, New York, 1968.

49
References

1. Rosenberg, M. Occupations and Values. Free Press,
   Glencoe, IL, 1957.
2. Riker, W. H. The Nature of Trust. In J. T.
   Tedeschi (Ed.), Perspectives on social power,
   Aldine Publishing Company, Chicago, 1971, pp.
   63-81.
3. Shapiro, S P. The social control of impersonal
   trust. American Journal of Sociology (93), 1987,
   pp. 623-658.
4. Urban, G.L., Sultan, F., and Qualls, W.J. Placing
   Trust at the Center of Your Internet Strategy.
   MIT Sloan Management Review. Vol. 42(1), 2000,
   pp. 39-48.
5. Geyskens, I., Steenkamp, J-B, E.M., Scheer, L.K.
   and Kumar, N. The effects of trust and
   interdependence on relationship commitment A
   trans-Atlantic study. International Journal of
   Research in Marketing. Vol. 13(4). 1996, pp. 303-
   317.
6. Gambetta, D. Can we trust trust? In D. Gambetta
   (Ed.), Trust Making and breaking cooperative
   relations. Basil Blackwell. NY, 1988.

50
References

1. Bowman, E. H. and Hurry, D. Strategy through the
   Option Lens An Integrated view of Resource
   Investments and the Incremental-Choice Process.
   Academy of Management Review. Vol.18(4)., 1993,
   pp. 760-782.
2. Das, T.K. and Bing-Sheng, T. Between Trust and
   Control Developing Confidence in Partner
   Cooperation in Alliances. The Academy of
   Management Review. Vol. 23(3), 1998, pp. 491-512.
3. Dawar, N., Parker, P. M. and Price, L. J. A
   cross-cultural study of interpersonal information
   exchange. Journal of International Business
   Studies, Vol. 27(3), 1996, pp. 497-516.
4. eCommerce Trust Study.. Cheskin Research Studio
   Archtype/Sapient. 1999. online. Available
   http//www.cheskin.com/think/studies/ecomtrust.htm
   l viewed July 30, 2001.

51
References

• D. M. Rousseau, S. B. Sitkin, R. S. Burt, and C.
  Camerer, "Not so different after all A
  cross-discipline view of trust," Academy of
  Management Review, vol. 23, pp. 393