6. Trust Transactions and Exchanging Security for Trust *.


84 views
Uploaded on:
Description
6. Trust Negotiations and Trading Privacy for Trust *. Introduced by: Prof. Bharat Bhargava Department of Computer Sciences and Center for Education and Research in Information Assurance and Security (CERIAS) Purdue University with commitments from Prof. Leszek Lilien
Transcripts
Slide 1

6. Trust Negotiations and Trading Privacy for Trust * Presented by: Prof. Bharat Bhargava Department of Computer Sciences and Center for Education and Research in Information Assurance and Security (CERIAS) Purdue University with commitments from Prof. Leszek Lilien Western Michigan University and CERIAS, Purdue University * Supported to some extent by NSF awards IIS-0209059, IIS-0242840 , ANI-0219110 , and Cisco URP gift.

Slide 2

Trust Negotiations and Trading Privacy for Trust Outline 1) Introduction 1.1) Privacy and Trust 1.2) T he Paradigm of Trust Small World Phenomenon 2) T rust Negotiations 2.1) S ymmetric T rust Negotiations a) P rivacy-uncovering b) P rivacy-safeguarding 2.2) Asymmetric T rust Negotiations a) Weaker Building Trust in Stronger b) Stronger Building Trust in Weaker 2.3) Summary: Trading Information for Trust in S ymm . what\'s more, A symm . T rust Negotiations 3) Trading Privacy Loss for Trust Gain 3.1) Privacy-trust Tradeoff 3.2) Proposed Approach 3.3) PRETTY Prototype for Experimental Studies

Slide 3

Introduction (1) 1.1) Privacy and Trust Privacy Problem Consider PC based connections From a straightforward exchange to a perplexing cooperation Interactions include spread of private information It is deliberate, "pseudo-willful," or required by law Threats of protection infringement result in lower trust Lower trust prompts confinement and absence of coordinated effort Trust must be built up Data – give quality a respectability End-to-end correspondence – sender verification, message honesty Network directing calculations – manage pernicious companions, gatecrashers, security assaults

Slide 4

1) Introduction (2) 1.2) T he Paradigm of Trust – a worldview of security for open figuring situations, (for example, the Web) Replaces/improves CIA (confid./integr./availab.) as one of means for accomplishing security But not as one of the objectives of security (as CIA seem to be) Trust is a capable worldview Well tried in social model s of collaboration and frameworks T rust is unavoidable : Constantly –if frequently unconsciously– connected in communications between: p eople/businesse s/organizations/creatures (e.g.: an aide pooch)/ancient rarities ( sic! — e.g.: "Would I be able to depend on my auto for this long trek?") Able to disentangle security arrangements B y decreasing multifaceted nature of cooperations among human and counterfeit framework segments

Slide 5

Introduction (3) Small World Phenomenon Small-world marvel [Milgram, 1967] Find chains of associates connecting any two haphazardly picked individuals in the United States who don\'t have any acquaintance with one another (recall the Erdös number?) Result: the normal number of middle of the road ventures in an effective chain: somewhere around 5 and 6 => the six degrees of partition guideline Relevance to security research [čapkun et al., 2002] A diagram displays the little world wonder if (generally) any two vertices in the chart are prone to be associated through a short succession of transitional vertices Trust is helpful because of its inalienably consolidating the little world wonder

Slide 6

2) T rust Negotiations Trust transactions Establish shared trust between communicating parties Types of trust negotiations [L. Lilien and B. Bhargava, 2006] 2.1) Symmetric trust arrangements - p artners of „ s imilar-strenght" Overwhelmingly well known in the writing 2.2) A symmetric trust transactions - a "weaker" and a "more grounded" accomplice Identified by us (to the extent we know)

Slide 7

S ymmetric and As ymmetric T rust Negotiations 2.1) Symmetric trust transactions Two sorts : a ) Symmetric „privacy-uncovering" transactions: Disclose authentications or approaches to the accomplice b ) Symmetric „privacy-protecting" transactions: Preserve security of testaments and strategies Examples : Individual to individual/most B2B/... 2.2) Asymmetric trust transactions Two sorts : a ) Weaker Building Trust in Stronger b) Stronger Building Trust in Weaker Examples : Individual to establishment/little business to vast business/...

Slide 8

2.1) S ymmetric T rust Negotiations (1) Two sorts of symmetric trust transactions: a) „ P rivacy-uncovering" b) „ P rivacy-protecting" a) P rivacy-uncovering symmetric trust arrangements Both re veal testaments or approaches to the next accomplice Growth of trust An underlying level of trust vital Must trust enough to uncover (a few) declarations/strategies immediately Stepwise trust development in each different as all the more (potentially private) data about each other uncovered Proportional to the quantity of ceritficates uncovered to each other Eventually „ f ull" common trust built up ( when arrangement succeeds) „Full" for the job needing to be done

Slide 9

2.1) S ymmetric T rust Negotiations (2) b) P rivacy-preserv ing symmetric trust arrangements Both p hold security of authentications and strategies Growth of trust Initial doubt No one needs to uncover any information to the accomplice No middle of the road trust development (no halfway degrees of trust set up ) Instead, hop „ f rom doubt to trust" Eventually „ f ull" shared trust set up ( when arrangement succeeds) „Full" for the job that needs to be done

Slide 10

2.2) As ymmetric T rust Negotiations Weaker and Stronger form trust in each other a) W eaker building trust in S tronger "from the earlier" E.g., a client searching for a home loan credit first chooses a respectable bank, at exactly that point begins arrangements b) S tronger building trust in W eaker "progressively" E.g., the bank approaches the client for a ton of private data (incl. individual salary and assessment information, … ) to set up trust in her

Slide 11

2.2) As ymmetric T rust Negotiations (2) a) Weaker Building Trust in Stronger Means of building trust by W eaker in S tronger ( from the earlier ) : Ask around Family, companions, colleagues, … Check accomplice\'s history and expressed reasoning Accomplishments, disappointments and related recuperations, … Mission, objectives, approaches (incl. security approaches), … Observe accomplice\'s conduct Trustworthy or not, steady or not, … Problem: Needs time for a reasonable judgment Check notoriety databases Better Business Bureau, shopper promotion bunches, … Verify accomplice\'s qualifications Certificates and honors, enrollments in trust-building associations (e.g., BBB), … Protect yourself against accomplice\'s misconduct Trusted outsider, security store, prepayment, purchasing protection, …

Slide 12

2.2) As ymmetric T rust Negotiations (3) b) Stronger Building Trust in Weaker Means of building trust by S tronger in W eaker ( "progressively" ) : Ask accomplice for an anonym ous installment for products or administrations Cash/Digital money/Other Ask accomplice for a non-unknown installment for merchandise or administrations Credit card/Traveler\'s Checks/Other Ask accomplice for particular private data Checks accomplice\'s financial record Computer an uthorization subsystem watches accomplice\'s conduct Trustworthy or not, steady or not, … Problem: Needs time for a reasonable judgment Computerized exchanging framework checks accomplice\'s records in notoriety databases e-Bay, PayPal, … Computer framework confirms accomplice\'s advanced accreditations Passwords, attractive and chip cards, biometrics, … Business ensures itself against accomplice\'s trouble making Trusted outsider, security store, prepayment, purchasing protection, … Note: Above blue line – namelessness saved, beneath – personality uncovered

Slide 13

Trust Growth in Asymmetric Trust Negotiations When/in what manner can accomplices believe each other? At first , Weaker has a „ full" trust into Stronger Weaker must trust Stronger „fully" to be prepared for uncovering all private data required to increase Stronger\'s „full" trust W eaker exchanges a (level of) protection misfortune for (a level of) a trust pick up as saw by S tronger A next level of security „lost" when a next endorsement uncovered to Stronger Exception: no protection misfortune in namelessness saving case in „ Stronger Building Trust in Weaker" Eventually „ f ull" trust of Stronger into Weaker set up when transaction finished

Slide 14

2.3) Summary: Trading Information for Trust in S ymm . what\'s more, A symm . Negot iation s When/by what means can accomplices believe each other? Symmetric „disclosing:" Initial level of trust/stepwise trust development/builds up „full" common trust Trades private information for trust ( level of data security shifts - 0 to 100%) Symmetric „preserving:" ( " from doubt to trust " ) Initial doubt/no stepwise trust development/sets up „full" shared trust No exchanging of private information for trust ( level of data protection fluctuates - 0 to 100%) Asymmetric: Initial „full" trust of Weaker into Stronger and no trust of Stronger into Weaker/stepwise trust development of Stronger/sets up „full" trust of Stronger into Weaker Trades private information for trust ( level of data security differs - 0 to 100%)

Slide 15

3) Trading Privacy Loss for Trust Gain We \'re center ing on hilter kilter trust transactions: Trading security for trust Approach to exchanging protection for trust: [Zhong and Bhargava, Purdue] Formalize the security trust tradeoff issue Estimate security misfortune because of uncovering a certification set Estimate trust increase because of unveiling an accreditation set Develop calculations that minimize protection misfortune for required trust pick up Bec. no one enjoys loosing more protection than should be expected More subtle elements accessible

Slide 16

Related Work Automated trust arrangement (ATN) [Yu, Winslett, and Seamons, 2003] Tradeoff between the length of the transaction, the measure of data uncovered, and the calculation exertion Trust-based basic leadership [Wegella et al. 2003] Trust lifecycle administration, with contemplations of both trust and hazard evaluations Trading security for trust [Seigneur and Jensen,

Recommended
View more...