7 October 1998© 1998 University of Salford1 Intelligent Computation of Trust David W Chadwick...

7 October 1998 © 1998 University of Salford 1

Intelligent Computation of Trust

David W Chadwick

d.w.chadwick@iti.salford.ac.uk

7 October 1998 © 1998 University of Salford 2

Scenario

• You receive a digitally signed email message inviting you to a research meeting in Brussels, saying that the EC will pay all your travelling expenses and give you 110 ecus subsistence for the day

• The SMTP from field is Peter.WINTLEV-JENSEN@BXL.DG13.cec.be

• Digital signature computes

7 October 1998 © 1998 University of Salford 3

What do you do?

• trust the message and book your air ticket

• distrust the message and phone Peter up to confirm

• do some further checking

7 October 1998 © 1998 University of Salford 4

7 October 1998 © 1998 University of Salford 5

Now do you trust the message?

• Not unless you know and trust the Certs-R-Us Certification Authority

• Assuming you don’t know it, how do you if it is a trustworthy CA?

• Download its Certification Practice Statement and read it

7 October 1998 © 1998 University of Salford 6

The CPS

• You download the CPS

• You don’t understand it

• What do you do now?

• You need help

CPS

7 October 1998 © 1998 University of Salford 7

INTERNET

ExpertTrust Quotient

CalculatorUser 2(Message Recipient)

RelyingParty

User 1’sCA’s Policy &

CPS

User 1(Message Sender)

CertifiedParty

Intelligent Computation of Trust - The Participants -

7 October 1998 © 1998 University of Salford 8

TTP’sPolicy

andCPS

ExpertTrust Quotient

Calculator

Verbose Client

Mode of Operation - Method 1

7 October 1998 © 1998 University of Salford 9

TTP’sPolicy

andCPS

ExpertTrust Quotient

Calculator

StructuredPolicy/CPS

Automatic Client

Mode of Operation - Method 2

7 October 1998 © 1998 University of Salford 10

Creating the Trust Quotient Calculator

• A probablistic inference net has been built

• Using the ISTAR KBS developed at Salford University by Andrew Basden

• Initial nodes determined by reference to Chokani and Ford’s CPS Framework (PKIX Part 4)

7 October 1998 © 1998 University of Salford 11

7 October 1998 © 1998 University of Salford 12

Building Knowledge into the Inference Net

• Knowledge Poor Domain :-(

• Developed a questionnaire

• Now need to interview experts in the field of Public Key Infrastructures

• d.w.chadwick@iti.salford.ac.uk

• Feed their answers into the Net

• Try to gain some overall consensus of trust in the relevant elements

7 October 1998 © 1998 University of Salford 13

Longer Term

• Check that the CA actually abides by its own CPS

• By retrieving objects from the Internet and comparing them to the CPS– e.g. download the CRL at look at its timestamp