Computational trust
Encyclopedia
In Information security
, computational trust is the generation of trusted authorities or user trust through cryptography
. In centralised systems, security is typically based on the authenticated identity of external parties. Rigid authentication mechanisms, such as Public Key Infrastructure
s (PKIs) or Kerberos
have allowed this model to be extended to distributed systems within a few closely collaborating domains or within a single administrative domain. During the last years, Computer Science has moved from centralised computer systems to distributed computing. This evolution has several implications on the security models, the policies and the mechanisms needed to protect users’ information and resources in an increasingly interconnected computing infrastructure.
Identity-based security mechanisms cannot authorise
an operation without authenticating the claiming entity. This means that no interaction can occur unless both parties known their authentication frameworks. Spontaneous interactions would, therefore, require a single, or a few trusted certificate authorities (CAs). In the present context, PKI has not been considered since they have shown difficulties to emerge, thus it is not so probable that they will establish themselves as a reference standard in the near future. In the present, a user who wishes to join spontaneous collaboration with another party can choose between enabling security and thereby disabling spontaneous collaboration, or disabling security and enabling spontaneous collaboration. It is fundamental that mobile users and devices can authenticate in an autonomous way without relying on a common authentication infrastructure. In order to face this problem, we need to examine the challenges introduced by ”Global Computing“, a term coined by the EU for the future of the global information society, and to identify their impact on security.
is oriented to increase the reliability and performance of electronic communities.
A trust-based decision in a specific domain is a multi-stage process. The first step of this process consists in identifying and selecting the proper input data, that is, the trust evidences. In general, these are domain-specific and they result from an analysis conducted over the application
involved. In the next step, a trust computation is performed over evidences to produce Trust values, that means the estimation of the trustworthiness of entities in that particular domain. The selection of evidences and the subsequent trust computation are informed by a notion of Trust, defined in the Trust model. Finally, the trust decision is taken by considering the computed values and exogenous factors, like disposition or risk assessments.
. The multi-agent system
paradigm and the huge evolution of e-commerce are factors that contributed to the increase of interest on trust and reputation. In fact, Trust and reputation systems have been recognized as the key factors for a successful electronic commerce adoption. These systems are used by intelligent software agents as an incentive in decision-making, when deciding whether or not to honor contracts, and as a mechanism to search trustworthy exchange partners. In particular, reputation is used in electronic markets as a trust-enforcing mechanism or as a method to avoid cheaters and frauds.
Another area of application of these concepts, in agent technology, is teamwork and cooperation.
Several definitions of the human notion of trust have been proposed during the last years in different domains from sociology
, psychology
to political
and business science. These definitions may even change in accordance with the application domain. For example, Romano’s recent definition tries to encompass the previous work in all these domains:
Trust and reputation both have a social value. When someone is trustworthy, that person may be expected to perform in a beneficial or at least not in a suspicious way that assure others, with high probability, good collaborations with him. On the contrary, when someone appears not to be trustworthy, others refrain from collaborating since there is a lower level of probability that these collaborations will be successful.
Trust is strongly connected to confidence and it implies some degrees of uncertainty, hopefulness or optimism. Eventually, Marsh addressed the issue of formalizing trust as a computational concept in his PhD thesis. His trust model is based on social and psychological factors.
Trust and reputation can be analysed from different points of view and can be applied in many situations. The next classification is based considering the peculiar characteristics of these models and the environment where they evolve.
In models based on a cognitive approach, Trust and reputation are made up of underlying beliefs and are a function of the degree of these beliefs. The mental states, that lead to trust another agent or to assign a reputation, are an essential part of the model, as well as the mental consequences of the decision and the act of relying on another agent;
Trust and reputation are considered subjective probabilities by which the individual A, expects the individual B to perform a given action on which its welfare depends.
In this approach, trust and reputation are not the result of a mental state of the agent in a cognitive sense, but the result of a more pragmatic game with utility functions and numerical aggregation of past interactions.
Direct experience is the most relevant and reliable information source for a Trust/reputation model. Two types of direct experiences can be recognizable:
Witness information, also called indirect information, is what comes from the experience of other members of community. It can be based on their own direct experiences or on other data they gathered from others’ experience. Witness information is usually the most abundant but its use is complex for Trust and reputation model. In fact, it introduces uncertainty and agents can manipulate or hide parts of the information for their own benefit.
In real world, people that belong to a community establish different types of relations among them. Each individual plays one or several roles in that society, influencing their behavior and the interaction with other people. In a multi-agent system, where there are plenty of interactions, the social relations among agents are a simplified reflection of a more complex relation which is among their human counterparts. Only a few Trust and reputation models adopt this sociological information, using techniques like social network
analysis. These methods study social relationships among individuals in a society that emerged as a set of methods for the analysis of social structures, methods that specifically allow an investigation of the relational aspects of these structures.
Prejudice is another, though uncommon, mechanism that has a sensible influence on trust and reputation. According to this method, an individual is given properties that are peculiar of a particular group and that make him recognisable as a member of this group. These signs can be everything like a uniform, a concrete behavior, etc.
As most people today use the word, prejudice
refers to a negative or hostile attitude towards another social group, usually racially defined. However, this negative connotation has to be revised when applied to agent communities. The set of signs used in computational trust and reputations models are usually out of the ethical discussion, differently from the signs used in human societies, like skin color or sex.
Most of the literature in Cognitive and Social Sciences claims that humans often exhibit non-rational, biased behavior with respect to trust. Recently biased human trust models have been designed, analyzed and validated against empirical data. The results show that such biased trust models are able to predict human trust significantly better than unbiased trust models.
presented before, are direct experiences and witness information. In the actual e-markets, the sociological information is almost non-existent and, in order to increase the efficiency of actual Trust and reputation models, it should be considered. However, there is no sense to increase the complexity of models introducing trust evidences if, later, they have to be used in an environment where it is not possible to exploit their capabilities. The aggregation of more Trust and reputation evidences is useful in a computational model but it can increase its complexity and so it is difficult to find a general solution. Several models are extremely dependent on the characteristics of the environment and a possible solution could be the use of adaptive mechanisms that can modify how to combine different sources of information in a given environment. A lot of trust and reputation definitions have been presented and there are several works that help to give a precise and distinct meaning
of both concepts.
There is a relation between both the concepts that should be considered in depth: reputation is a concept that helps to build trust on others. Nowadays, game theory is the predominant paradigm considered to design computational trust and reputation models. In all likelihood, this theory is taken into account because a significant number of economists and computer scientists, with a strong background in game theory and artificial intelligence techniques, are working in multi-agent and e-commerce contexts. Game theoretical models produce good results but, when the complexity of the agents, in terms of social relations and interaction increases, become too restrictive. The exploration of new possibilities should be considered and, for example, there should be an aggregation between cognitive approaches with game theoretical ones. Apart from that, more trust evidences should be considered and trust metric
s more sensitive to time, represent the first step to encourage the improvement of computational trust.
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
, computational trust is the generation of trusted authorities or user trust through cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
. In centralised systems, security is typically based on the authenticated identity of external parties. Rigid authentication mechanisms, such as Public Key Infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
s (PKIs) or Kerberos
Kerberos
Kerberos may refer to:* Cerberus, the hound of Hades * Kerberos saga, a science fiction series by Mamoru Oshii* Kerberos , a computer network authentication protocol* Kerberos Dante, a character from Saint Seiya...
have allowed this model to be extended to distributed systems within a few closely collaborating domains or within a single administrative domain. During the last years, Computer Science has moved from centralised computer systems to distributed computing. This evolution has several implications on the security models, the policies and the mechanisms needed to protect users’ information and resources in an increasingly interconnected computing infrastructure.
Identity-based security mechanisms cannot authorise
Authorization
Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define access policy...
an operation without authenticating the claiming entity. This means that no interaction can occur unless both parties known their authentication frameworks. Spontaneous interactions would, therefore, require a single, or a few trusted certificate authorities (CAs). In the present context, PKI has not been considered since they have shown difficulties to emerge, thus it is not so probable that they will establish themselves as a reference standard in the near future. In the present, a user who wishes to join spontaneous collaboration with another party can choose between enabling security and thereby disabling spontaneous collaboration, or disabling security and enabling spontaneous collaboration. It is fundamental that mobile users and devices can authenticate in an autonomous way without relying on a common authentication infrastructure. In order to face this problem, we need to examine the challenges introduced by ”Global Computing“, a term coined by the EU for the future of the global information society, and to identify their impact on security.
History
Computational Trust applies the human notion of trust into the digital world, that is seen as malicious rather than cooperative. The expected benefits, according to Marsh et al., result in an exploitation of others' ability through delegation and in an achievement of more cooperation in an open and less protected environment. The scientific research in the area of computational mechanism for trust and reputation in virtual societiesVirtual community
A virtual community is a social network of individuals who interact through specific media, potentially crossing geographical and political boundaries in order to pursue mutual interests or goals...
is oriented to increase the reliability and performance of electronic communities.
A trust-based decision in a specific domain is a multi-stage process. The first step of this process consists in identifying and selecting the proper input data, that is, the trust evidences. In general, these are domain-specific and they result from an analysis conducted over the application
Application software
Application software, also known as an application or an "app", is computer software designed to help the user to perform specific tasks. Examples include enterprise software, accounting software, office suites, graphics software and media players. Many application programs deal principally with...
involved. In the next step, a trust computation is performed over evidences to produce Trust values, that means the estimation of the trustworthiness of entities in that particular domain. The selection of evidences and the subsequent trust computation are informed by a notion of Trust, defined in the Trust model. Finally, the trust decision is taken by considering the computed values and exogenous factors, like disposition or risk assessments.
Defining Trust
These concepts have been acquiring a great relevance in the last decade in the computer science field, mostly in the area of distributed artificial intelligenceArtificial intelligence
Artificial intelligence is the intelligence of machines and the branch of computer science that aims to create it. AI textbooks define the field as "the study and design of intelligent agents" where an intelligent agent is a system that perceives its environment and takes actions that maximize its...
. The multi-agent system
Multi-agent system
A multi-agent system is a system composed of multiple interacting intelligent agents. Multi-agent systems can be used to solve problems that are difficult or impossible for an individual agent or a monolithic system to solve...
paradigm and the huge evolution of e-commerce are factors that contributed to the increase of interest on trust and reputation. In fact, Trust and reputation systems have been recognized as the key factors for a successful electronic commerce adoption. These systems are used by intelligent software agents as an incentive in decision-making, when deciding whether or not to honor contracts, and as a mechanism to search trustworthy exchange partners. In particular, reputation is used in electronic markets as a trust-enforcing mechanism or as a method to avoid cheaters and frauds.
Another area of application of these concepts, in agent technology, is teamwork and cooperation.
Several definitions of the human notion of trust have been proposed during the last years in different domains from sociology
Sociology
Sociology is the study of society. It is a social science—a term with which it is sometimes synonymous—which uses various methods of empirical investigation and critical analysis to develop a body of knowledge about human social activity...
, psychology
Psychology
Psychology is the study of the mind and behavior. Its immediate goal is to understand individuals and groups by both establishing general principles and researching specific cases. For many, the ultimate goal of psychology is to benefit society...
to political
Political science
Political Science is a social science discipline concerned with the study of the state, government and politics. Aristotle defined it as the study of the state. It deals extensively with the theory and practice of politics, and the analysis of political systems and political behavior...
and business science. These definitions may even change in accordance with the application domain. For example, Romano’s recent definition tries to encompass the previous work in all these domains:
Trust and reputation both have a social value. When someone is trustworthy, that person may be expected to perform in a beneficial or at least not in a suspicious way that assure others, with high probability, good collaborations with him. On the contrary, when someone appears not to be trustworthy, others refrain from collaborating since there is a lower level of probability that these collaborations will be successful.
Trust is strongly connected to confidence and it implies some degrees of uncertainty, hopefulness or optimism. Eventually, Marsh addressed the issue of formalizing trust as a computational concept in his PhD thesis. His trust model is based on social and psychological factors.
Trust model classification
A lot of proposals have appeared in the literature and here a selection of computational trust and reputation models, that represent a good sample of the current research, is presented.Trust and reputation can be analysed from different points of view and can be applied in many situations. The next classification is based considering the peculiar characteristics of these models and the environment where they evolve.
Conceptual model
Trust and reputation model can be characterized as:- Cognitive
In models based on a cognitive approach, Trust and reputation are made up of underlying beliefs and are a function of the degree of these beliefs. The mental states, that lead to trust another agent or to assign a reputation, are an essential part of the model, as well as the mental consequences of the decision and the act of relying on another agent;
- Game-theoreticalGame theoryGame theory is a mathematical method for analyzing calculated circumstances, such as in games, where a person’s success is based upon the choices of others...
Trust and reputation are considered subjective probabilities by which the individual A, expects the individual B to perform a given action on which its welfare depends.
In this approach, trust and reputation are not the result of a mental state of the agent in a cognitive sense, but the result of a more pragmatic game with utility functions and numerical aggregation of past interactions.
Information sources
It is possible to sort out models by considering the information sources used to compute Trust and reputation values. The traditional information sources are direct experiences and witness information, but recent models have started to consider the connection between information and the sociological aspect of agent’s behavior. When the model contains several information sources it can increase the reliability of the results, but conversely, it can increases the complexity of the model.Direct experiences
Direct experience is the most relevant and reliable information source for a Trust/reputation model. Two types of direct experiences can be recognizable:
- the experience based on the direct interaction with the interlocutor;
- the experience based on the observed interaction of the other members of a community.
Witness information
Witness information, also called indirect information, is what comes from the experience of other members of community. It can be based on their own direct experiences or on other data they gathered from others’ experience. Witness information is usually the most abundant but its use is complex for Trust and reputation model. In fact, it introduces uncertainty and agents can manipulate or hide parts of the information for their own benefit.
Sociological information
In real world, people that belong to a community establish different types of relations among them. Each individual plays one or several roles in that society, influencing their behavior and the interaction with other people. In a multi-agent system, where there are plenty of interactions, the social relations among agents are a simplified reflection of a more complex relation which is among their human counterparts. Only a few Trust and reputation models adopt this sociological information, using techniques like social network
Social network
A social network is a social structure made up of individuals called "nodes", which are tied by one or more specific types of interdependency, such as friendship, kinship, common interest, financial exchange, dislike, sexual relationships, or relationships of beliefs, knowledge or prestige.Social...
analysis. These methods study social relationships among individuals in a society that emerged as a set of methods for the analysis of social structures, methods that specifically allow an investigation of the relational aspects of these structures.
Prejudice and Bias
Prejudice is another, though uncommon, mechanism that has a sensible influence on trust and reputation. According to this method, an individual is given properties that are peculiar of a particular group and that make him recognisable as a member of this group. These signs can be everything like a uniform, a concrete behavior, etc.
As most people today use the word, prejudice
Prejudice
Prejudice is making a judgment or assumption about someone or something before having enough knowledge to be able to do so with guaranteed accuracy, or "judging a book by its cover"...
refers to a negative or hostile attitude towards another social group, usually racially defined. However, this negative connotation has to be revised when applied to agent communities. The set of signs used in computational trust and reputations models are usually out of the ethical discussion, differently from the signs used in human societies, like skin color or sex.
Most of the literature in Cognitive and Social Sciences claims that humans often exhibit non-rational, biased behavior with respect to trust. Recently biased human trust models have been designed, analyzed and validated against empirical data. The results show that such biased trust models are able to predict human trust significantly better than unbiased trust models.
Discussion on Trust/Reputation models
The most relevant sources of information considered by the trust and reputation modelsReputation system
A reputation system computes and publishes reputation scores for a set of objects within a community or domain, based on a collection of opinions that other entities hold about the objects...
presented before, are direct experiences and witness information. In the actual e-markets, the sociological information is almost non-existent and, in order to increase the efficiency of actual Trust and reputation models, it should be considered. However, there is no sense to increase the complexity of models introducing trust evidences if, later, they have to be used in an environment where it is not possible to exploit their capabilities. The aggregation of more Trust and reputation evidences is useful in a computational model but it can increase its complexity and so it is difficult to find a general solution. Several models are extremely dependent on the characteristics of the environment and a possible solution could be the use of adaptive mechanisms that can modify how to combine different sources of information in a given environment. A lot of trust and reputation definitions have been presented and there are several works that help to give a precise and distinct meaning
of both concepts.
There is a relation between both the concepts that should be considered in depth: reputation is a concept that helps to build trust on others. Nowadays, game theory is the predominant paradigm considered to design computational trust and reputation models. In all likelihood, this theory is taken into account because a significant number of economists and computer scientists, with a strong background in game theory and artificial intelligence techniques, are working in multi-agent and e-commerce contexts. Game theoretical models produce good results but, when the complexity of the agents, in terms of social relations and interaction increases, become too restrictive. The exploration of new possibilities should be considered and, for example, there should be an aggregation between cognitive approaches with game theoretical ones. Apart from that, more trust evidences should be considered and trust metric
Trust metric
In psychology and sociology, a trust metric is a measurement of the degree to which one social actor trusts another social actor...
s more sensitive to time, represent the first step to encourage the improvement of computational trust.
Evaluation of Trust Models
Currently, there is no commonly accepted evaluation framework or benchmark that would allow for a comparison of the models under a set of representative and common conditions. A game-theoretic approach in this direction has been proposed, where the configuration of a trust model is optimized assuming attackers with optimal attack strategies; this allows in a next step to compare the expected utitily of different trust models.See also
- IT riskIT riskInformation technology risk, or IT risk, IT-related risk, is a risk related to information technology. This relatively new term due to an increasing awareness that information security is simply one facet of a multitude of risks that are relevant to IT and the real world processes it...
- IT risk managementIT risk managementThe IT risk management is the application of risk management to Information technology context in order to manage IT risk, i.e.:IT risk management can be considered a component of a wider Enterprise risk management system....
- KerberosKerberosKerberos may refer to:* Cerberus, the hound of Hades * Kerberos saga, a science fiction series by Mamoru Oshii* Kerberos , a computer network authentication protocol* Kerberos Dante, a character from Saint Seiya...
- PKIPKIPKI can refer to any of several things:* Kings Island, an amusement park formerly known as Paramount's Kings Island.* Partai Komunis Indonesia...