1

Trust in the Web

Paul G. Spirakis (google: paul spirakis)

Computer Technology Institute & Press “DIOPHANTUS”

2nd ISACA Athens Chapter Conference

December 7, 2012

2

Then and Now • The Web was originally conceived as a tool for researchers who trusted one another implicitly.

• No strong models of security initially built in.

• The Internet/Web is different now. It grows, is been operated and used by a multitude of diverse (and even competing) interests and groups. Many people’s jobs depend on it.

• A huge social phenomenon.

WWW: A Transformational Explosion

2 Billion Internet users

5 Billion mobile users

22 Billion Web pages

From the Web of Documents toThe Web• of People• as a social machine• as a scientific infrastructure• as an innovation infrastructure

3

4

An open issueIn today’s Internet/Web, trust is no more simplyassumed. It must be obtained, perceived,assessed, measured, certified.

There exists, also, the need for privacyprotection and for protection of the freedom of the users.

It seems that substantial research should bedevoted in engineering layers of trust into Webinteractions.

Smart “everything” – must be trusted

EnergyNetworks

Game Machine

Telephone

PC

DVD

Audio

TVSTBDVC

DigitalLiving

Sm

art

Spa

ce

Future InternetFuture Internet

TransportNetworks

eHealth & Healthnetworks

5

6

MIT Technology Review November 2012

•Dark Clouds

Cloud computing teaches people not to worry about hosting data and running software.

But a study by researchers in RSA suggests this could be “a costly mistake” “Some very valuable data should not be entrusted to the cloud at all”

(Ari Juels, chief Scientist, RSA)

•A side – channel attack(Side –channel attacker can be lethal)

7

Passwords are Broken •On average people maintain 25 accounts

•Username/Password reuse across sites is very common

•Even strong passwords are vulnerable (e.g. phishing, spyware)

•Rising cost of identity theft: - Over 10 million Americans are also victims of identity theft each year. “The Department of Justice’s Effort to Combat Identity Theft”. U.S. Department of Justice. Office of the Inspector General. Mar. 2010. Web. 2/6/2010, http://www.justice.gov/oig/reports/plus/a1021.pdf- A Federal Trade Commission survey found that some victims of identity theft can spend more than 130 hours reconstructing their identities (e.g. credit rating, bank accounts, reputation, etc.) following an identity crime. “2006 Identity Theft Survey Report”. Federal Trade Commission, Nov. 2007, p. 6 Web. 2/6/2010. http://www.ftc.gov/os/2007/11/SynovateFinalReportIDTheft2006.pdf

•Deployment of services demanding higher level of assurance not progressing due to high barrier of entry.

8

9

Open Data Initiative Neelie Kroes (VP of the EC for the Digital Agenda)

•The best thing about the Internet is that it is open

•EU is planning to shake up how public authorities share data.

•“Opening up will pay off. It will restore trust in out political system and rejuvenate democracy”

(From Crisis of Trust to Open Governing Word Wide Web Conf., Bratislava, 5/3/2012 and Lyon 19/4/2012)

10

But N.K. also says: •Achieving openness is not always so straightforward

•Strengthening regulation is necessary (but not sufficient)

•Openness is complex because sometimes it’s unclear what it means.

•Openness should not come at the expense of privacy or safety.

•Clearly, there are many issues when considering how to build an open Internet, and get most value from it.

11

“Trust is what glues together society, the market, the institutions. Without trust, nothing works. Without trust, the social contract dissolves and people disappear as they transform into defensive individuals fighting for survival”

Manuel Castells (Networks of outrage and hope)

(Just published)

12

But, what is trust?“Generally an entity can be said to trust a second entity when the first entity makes theassumption that the second entity will behave exactly as the first entity expects”

[ITU-T X.509, section 3.3.54]

• Trust is a belief

[Dimitrakos]: “Trust of a party A in a party B for a service X is the measurable belief of A in B behaving dependably for a specified period, within a specified context in relation to X”.

13

• Distrust is not lack of trust

[Dimitrakos]: “Distrust of a party A to a party B fora service X is A’s measurable belief in that Bbehaves non-dependably for a specified period, within a specified context, in relation to serviceX”.• Distrust is an important notion when dealing in dynamic environments:

- is the basis on which one can revoke previously agreed trust. - obstruct the propagation of trust - ignore recommendations - “blacklist”

• Trust (and distrust) evolve in time.

14

Trust Relations • When you achieve a satisfactory level of confidence in the attributes provided by an entity, then you establish a trust relation.• The simplest way to see it: A binary relation “A trusts B”[in a specific context: A may trust B to drive her car but not to prepare a dinner]• There are different degrees of trust: Agent A may trust agent B more than A trusts agent C (for the same task, in the same context)

i.e. trust is measurable.

15

Trust metrics • Quantitative vs qualitative • Scalar vs “vector” (group) • With global scope vs local scope

Examplesglobal scope: Eigen Trust (draws from the Page Rank algorithm)local scope: PKI, [Golbeck] for Semantic

Web trust, etc.• Distributed metrics: the trust data themselves may be distributed over the network (the Web). Issues: Trust computation (asynchronous, itsconvergence depends on the eagerness of nodes to propagate information), delays, localcomputation loads …

16

Trust Models • Any trust model has “in mind” to respond to a specific threat profile.

Threats in the Web: Many (identity theft,cyberbullying, digital espionage, false claims …)• Direct Trust: When you validate an entity’s credentials without reliance to the rest of the “net”• Transitive Trust: Trust transmitted throng other parties. E.g. in the Web, in P2P systems.• Assumptive Trust: No mandatory or explicit validation of credentials. “Take it or leave it” Example: The PGP web of trust.

17

Related Mathematics

• Trust graphs

(Directed, weighted, dynamic, sometimes random …) • Trust logics (first or second order sentences, implications etc) A B : A trusts B• Belief calculus (usually with use of probabilities)

Prob (A trusts B / x) = 0.7Prob (B trusts C/ ( )) = 0.5Prob (A trusts C / x) = ?

yx

A BW

18

Related Mathematics (2)

• Trust propagation models (stochastic processes, branching models …)• Economics – inspired models (strategic Games, Equilibria, Population Evolutionary Games, Enforcement / Punishment)

- Repeated Prisoners Dillema - The “best response” assumption - Selfish entities

19

Related Mathematics (3)

• Interactive Proofs (IP)

(crypto based methods, used for authentication and verification of assertions).

e.g.

[Alice] (wise): I know how to compute x in y=x2 mod p[Bob] (not very smart): Here is y0 find x0 [Alice]: Here is x0! (If Bob selects at random, only a truly master of the method will always answer correctly).

Alice Bob

20

But how are beliefs to be represented in the Web?

21

The Rise of Semantics!• The Semantic Web: a network of data on the Web.• It promises to give much more targeted answers to our questions. • Its primary language: The Resource Description Framework (RDF) (on top of HTML)

RDF gives meaning to data via sets of “triples” (assertions)e.g. “Person X” [subject] “is a friend of” [verb]“Person Y” [object]

22

The Rise of Semantics (2)

• These simple triple structure seems to be a good way to describe most of the data processed by machines!

• Each “subject”, “verb” or “object” is identified by a Universal Resource Identifier (URI) (an address like those of Web pages)

• Anyone can define a new concept (or a new verb) by defining a URI for it in the Web.

• These definitions grow and interlink. Taxonomies and ontologies emerge!

23

Establishing, monitoring and using Trust in the Web

24

• A trust policy is a subjective procedure used for evaluating the trustworthiness of information in a specific situation.

• Depends on: our preferences, past experience, and the trust relevant info available.

• A trust mechanism: Is a way to implement a trust policy on the Web.

25

What can we use? • Reputation (and ratings) • Monitoring (e.g. behaviour observations) • Context (meta-info about the circumstances in which information has been claimed) e.g. who said what, when, why.• Content (use rules and axioms together with the information content itself, and related info about the topic published by others)

e.g. Believe what has been stated by at least 5independent sources.

26

Trust Services They aim in delivering trust and confidence in Web transactions.

They should at least include

- Establishing trust - Maintaining trust - Negotiations of trust - Formation of contracts - Dispute resolutions - Notarization

It is not clear yet what their range should be.

Improving Security on the Web: Trust Frameworks –One Possibility

Operational Specifications• Content • Technical specifications, process standards, policies, procedures, performance requirements, assessment criteria, etc.

• Goal• Make it work • Accomplish interoperability

Legal Rules• Content • Existing law • Contractual obligations

• Goals • Regulate Operational Specifications • Make Operational Specifications legally binding on the participants • Define and govern the legal rights and responsibilities of the participants 27

28

Trust Architectures in the Web (the complete answer?)

29

The aim of a Trust Architecture is to provide an integrated view of trust in the web, i.e. a “complete” and structured set of trust services and mechanisms to all kinds of information providers.

30

Some Serious Requirements for Trust Architectures

(R1): Must be Open and not based on central trusted third parties.

(R2): Should not exclude info providers which have not been rated or do not publish trust relevant info in a specific way.

(R3): Should try to use all relevant (to trust) information either published or generated during the information gathering process.

(R4): Should allow users to formulate subjective and task-specific trust policies and to combine different trust mechanisms.

31

(R5): Should be able to justify (to the user) its trust decisions.

I.e. support the Tim Berners – Lee’sbutton

“Oh yeah”?

meaning that the user can click on any piece of information and get explanations why she should trust the information.

(according to that user’s trust requirements!)

(R6): Should be “light-weighted”

32

The Challenges to beat • Besides explicit trust ratings, there exist huge trust –relevant implicit data, or even emerging trust (and distrust).• Privacy protection is often based on anonymity. How does one trust anonymous entities?• The Web should be open to independent information providers each with a different view, level of knowledge, intentions. And they may compete or have conflicting goals. • Flexibility and Adaptiveness to dynamic situations (e.g. Mobile, virtual coalitions, web communities etc).• Situation awareness

33

MAIN QUESTION Is it possible to develop such a pragmatic trustarchitecture?

Impossibility meta-theorem:

No, because the distributed nature of theoverhead (delays, updates, propagation) and the conflicting demands will always lead to inconsistencies and flaws. Like in a big society with freedom, total social Control mechanisms cannot exist (like Arrow’s impossibility theorem in Economics).

34

But we can try to approximate the perfect dream!

• Most kinds of Trust Mechanisms (reputation, content, context, behaviour based) exist and can be put together. • The existence and development of the Semantic Web allows for defining logical trust architecture layers.

- RDF extensions - querying languages - justification “trees” - distributed proof traces

35

Also, modern cryptography comes (again) to help:

- Secret handshakes - Hidden credentials - Trust negotiation protocols - Secret splitting schemes

Such methods can protect sensitive info,respect privacy, and reduce overhead!

(But mind the fact that some of the best minds today are focusing on malicious practices)

36

EU Policy and

EU research agenda

(Regulations, Policy, Research)

EU Legal framework on Data protection and Privacy and Technology

• DP Directive: Privacy Directive:

• Safer internet• “Controlling” the big players• Personal Data: information relating to an identified or

identifiable person• Scope:

– Material: which information and processes addressed– Personal: which roles (data controller, processor, subject)– Territorial: applicable law, cross-border data transfer

• Issues:– Linked data, smart data mining and Personal Data– Accountability and transparency of controller and processor;

need for technology support– Risk assessment and user control, need for technology

support

37

•“Fibre”Europe

•Research &

Innovation

•DigitalSkills•Openness &

interoperability

•Sustainable services & applications

Digital Agenda for Europe(To use you must trust)

•Trust & Security

•Single Market

38

Next steps– Ongoing: Parliament and Council negotiations on the

basis of the Commission proposals

– Ongoing: Parliament and Council negotiations on EU budget 2014-2020 (including overall budget for Horizon 2020)

– July 2012: Final calls under 7th Framework Programme for research to bridge gap towards Horizon 2020

– Mid 2013: Adoption of legislative acts by Parliament and Council on Horizon 2020

– 6-8/11 2013: ICT in H2020 Launch Conference, Vilnius, Lithuania Launch of first calls

– 1/1/2014: Horizon 2020 starts

39

40

Thus,

• we have in front of us a big Research issue, that puts the human user (info provider, consumer, citizen) in the “center” in contrast to the older view of “Security of Systems”.

• It could be as interdisciplinary as Web Science itself as a whole, since it touches upon issues of Society control.

• An open call to all kinds of expert minds!

41

Thank you!