When network participants do not know how to trust each other, network operations suffer. Participants that naively trust will be victimized and their resources misused. Mistrustful participants will ignore opportunities and their resources will be wasted through inefficiencies. Current research on the establishment of trust often focuses on narrow models and specific domains. There is a gap between point solutions and a system-wide trust infrastructure. This research will address the major issues in designing such a trust infrastructure. In particular, what are the threat models for a trust infrastructure? How should those threats be mitigated? What is the meaning of trust, its properties, and measurement? Where and how should trusts in applications and across networks be managed? This project has several major components: a formal methodology for trust quantification and establishment, case studies, architectural design, graduate and undergraduate education, and outreach to the community at large. The goal of this research is to improve network performance without sacrificing network security through the right trust infrastructure.
Trust is a well-studied concepts in social science. In this project, inspirited by social science trust concepts and theories, we built theoretical foundation of trust infrastructure in computer networks, developed new mathematical trust models for cyber security purpose, and designed trust-based defense solutions in various computer networks. Through this research, we have discovered and investigated security vulnerabilities that were unknown or not well understood previously in critical computing and communication systems, including wireless sensor networks, cognitive radio networks, biomedical cyber-physical systems, and online social networks. Besides raising the awareness of new security vulnerabilities, this project yielded defense solutions from a unique angle: trust management. When the network entities know how to trust other network entities, they can avoid unnecessary risk, detect malicious intruders, and be motivated to behave honestly and efficiently. Techniques that were not commonly used to solve traditional security problems, were investigated in our study. These techniques include signal processing, cyber competitions, cross-layer design, and physical layer communication theories. This effort not only solved challenging security problems, but also promoted research crossing multiple subjects. The activities in this project have given research community a clear understanding of the benefit and cost in building trust-enhanced systems. The proposed theories, approaches and architecture provided a blueprint toward building trust and evaluating trustworthiness in various networking systems. This project contributes to making the future cyber space safer and more accessible, which will influent everyone’s life in the information era. Furthermore, many students benefited from this projects. Over 630 undergraduate students participated in the online rating Cyber Competition, which not only yielded valuable research dataset but also raised public awareness of the lack of trust in online reputation systems. The outreach activates reached out to community college students, as well as to elementary school students and their parents. The goal was to attract creative young mind to the exciting field of cyber security. Three graduate students, funded by this project, obtained their Ph.D. degrees. They continue contributing to the cyber security industry and education as a member of Qualcomm product security strategy team, a software engineer solving Internet security challenges, and a tenure-track assistant professor. In the future, the theoretical trust framework and models developed in this project may benefit other disciplines, beyond cyber security. These models may inspire social science researchers in their efforts of understanding human trust behavior in the digital era. The dataset collected from the Cyber Competition is also valuable resource to researchers who are interested in studying human dishonest behaviors in e-commerce applications.
