For many current Internet applications, users experience a crisis of confidence. Is the website really served from the correct server or was it altered in transit? Is the Facebook invitation really originating from the claimed individual or was it created by an impostor? Is the received email from the claimed individual or was it sent by a spammer? The PI's proposed work is based on the observation that individuals often have physical interactions with resources or other individuals they communicate with. Often, people communicate over the Internet after having met in person. Similarly people visit brick-and-mortar stores and later visit their websites. The intellectual merit is that human-understandable trust establishment is a fundamental research challenge. Despite decades of research, easy-to-use and secure mechanisms that individuals can use to establish trust in Internet resources are still elusive. This exploratory work has the potential to have a transformative effect on the research directions of the community, such that the urgent crisis of confidence users are experiencing for their digital communications can be resolved. The broader impacts of the work are that achieving a high confidence for the authenticity of Internet resources is an urgent need for our society. The proposed research could provide new directions on how to address these important challenges.
We had the following major findings during the project. 1) Development of a theory of trust in networks of humans and computers. Our community needs a general theory of trust in networks of humans and computers. Although we lack a theory of computational trust, we believe elements of this theory needs to build on concepts such as isolation, correctness, and trustworthiness. Thus, towards a general theory of trust, our first task is to identify primitives of computational trust akin to primitives of behavioral trust. A second task is to understand the precise relationship between concepts from computational trust and those from behavioral trust. Where are they the same? Where are they different? How do they combine and interact? For example, behavioral trust shares with computational trust the notion of belief in others trustworthiness, e.g., gift-exchange games in economics and reputation-building protocols in computer science. Both areas target robust game design, which cannot be manipulated by unscrupulous trustees. The notion of risk aversion and risk management are common to both but are treated differently in practice to account for specific domain differences; e.g., one domain addresses social sciences concerns whereas the other addresses concerns of computer network design. The problem of determining whether a receiver may safely accept attributes (e.g., identity, credentials, location) of unknown senders in various online social protocols is a special instance of a more general problem of establishing trust in interactive protocols. We introduce the notion of interactive trust protocols to illustrate the usefulness of social collateral in reducing the inherent trust asymmetry in large classes of online user interactions. We define a social collateral model that allows receivers to accept attributes from unknown senders based on explicit recommendations received from social relations. We use social collateral as a measure of both social relations and tie strength among individuals to provide different degrees of accountability when accepting attribute information from unknown senders. Our model is robust in the face of several specific attacks, such as impersonation and tie-strength-amplification attacks. Preliminary experiments with visualization of measured tie strength among users of a social network indicate that the model is usable by ordinary protocol participants. We have published a paper at the 20th International Workshop on Security Protocols, Cambridge UK, March 2012, that analyzes these topics. 2) Development of a local trust establishment system. We have made a lot of progress on this topic during the project. We have developed SafeSlinger, a system for securely exchanging data among a group of users. You may select any fields from your personal contact, photo, and/or developer-designed keys for exchange. SafeSlinger is available for free for Android and iPhone smartphones. SafeSlinger addresses the following problem: How can we start a trusted relationship between people, on the fly, without people having sophisticated knowledge of security protocols? Historically, researchers have tried a few approaches to this problem. People may meet to digitally sign each other’s PGP keys, which leverages physical proximity to bootstrap trust. This method, however, requires all parties to have some sophisticated knowledge of security protocols. Another method would be to have a central organization which signs keys, called a certificate authority. The latter method requires considerable investment in infrastructure and administration and, as such, is not a good fit for small spontaneous groups. The solution: easily bootstrap secure communication in-person with a device most people already own - their phone - in just a few easy steps. SafeSlinger is designed to allow users to store any data, such as a public key, in their phone’s address book. When users run SafeSlinger, they select their own key from the address book, enter a pair of short numbers and confirm a 3-word list matches that displayed by other users' phones. The result is a set of imported keys for each user in the phone’s address book. Attacks are automatically detected via the word list confirmation, and users can be confident that trustworthy communication is possible when complete. No central administration or sophisticated security knowledge is needed. Indeed, even the process of selecting keys can be streamlined such that users need not even be aware of its existence. They're just exchanging contact information. We have published our paper on SafeSlinger as a CyLab Technical Report. More information is available at: www.cylab.cmu.edu/safeslinger/
