Computational trust

In information security, computational trust is the generation of trusted authorities or user trust through cryptography. In centralised systems, security is typically based on the authenticated identity of external parties. Rigid authentication mechanisms, such as Public Key Infrastructures (PKIs) or Kerberos have allowed this model to be extended to distributed systems within a few closely collaborating domains or within a single administrative domain. During recent years, computer science has moved from centralised systems to distributed computing. This evolution has several implications for security models, policies and mechanisms needed to protect users’ information and resources in an increasingly interconnected computing infrastructure.Trust is a subjective assessment of another’s influence in terms of the extent of one’s perception about the quality and significance of another’s impact over one’s outcomes in a given situation, such that one’s expectation of, openness to, and inclination toward such influence provide a sense of control over the potential outcomes of the situation.Trust is a particular level of the subjective probability with which an agent assesses that another agent or group of agents will perform a particular action, both before he can monitor such action (or independently or his capacity ever to be able to monitor it) and in a context in which it affects his own action. In information security, computational trust is the generation of trusted authorities or user trust through cryptography. In centralised systems, security is typically based on the authenticated identity of external parties. Rigid authentication mechanisms, such as Public Key Infrastructures (PKIs) or Kerberos have allowed this model to be extended to distributed systems within a few closely collaborating domains or within a single administrative domain. During recent years, computer science has moved from centralised systems to distributed computing. This evolution has several implications for security models, policies and mechanisms needed to protect users’ information and resources in an increasingly interconnected computing infrastructure. Identity-based security mechanisms cannot authorise an operation without authenticating the claiming entity. This means that no interaction can occur unless both parties are known by their authentication frameworks. Spontaneous interactions would, therefore, require a single, or a few trusted certificate authorities (CAs). In the present context, PKI has not been considered since they have issues, thus it is unlikely that they will establish themselves as a reference standard in the near future. A user who wishes to collaborate with another party can choose between enabling security and thereby disabling spontaneous collaboration, or disabling security and enabling spontaneous collaboration. It is fundamental that mobile users and devices can authenticate in an autonomous way without relying on a common authentication infrastructure. In order to face this problem, we need to examine the challenges introduced by 'global computing', a term coined by the EU for the future of the global information society, and to identify their impact on security. Computational Trust applies the human notion of trust to the digital world, that is seen as malicious rather than cooperative. The expected benefits, according to Marsh et al., result in the use of others' ability through delegation, and in increased cooperation in an open and less protected environment. Research in the area of computational mechanisms for trust and reputation in virtual societies is directed towards increased reliability and performance of digital communities. A trust-based decision in a specific domain is a multi-stage process. The first step of this process consists in identifying and selecting the proper input data, that is, the trust evidence. In general, these are domain-specific and are derived from an analysis conducted over the application involved. In the next step, a trust computation is performed on the evidence to produce trust values, that means the estimation of the trustworthiness of entities in that particular domain. The selection of evidence and the subsequent trust computation are informed by a notion of trust defined in the trust model. Finally, the trust decision is taken by considering the computed values and exogenous factors, like disposition or risk assessments. These concepts have heightened relevance in the last decade in computer science, particularly in the area of distributed artificial intelligence. The multi-agent system paradigm and the growth of e-commerce have increased interest in trust and reputation. In fact, trust and reputation systems have been recognized as the key factors for electronic commerce. These systems are used by intelligent software agents as an incentive in decision-making, when deciding whether or not to honor contracts, and as a mechanism to search trustworthy exchange partners. In particular, reputation is used in electronic markets as a trust-enforcing mechanism or as a method to avoid cheaters and frauds. Another area of application of these concepts in agent technology, is teamwork and cooperation.Several definitions of the human notion of trust have been proposed during the last years in different domains from sociology, psychology to political and business science. These definitions may even change in accordance with the application domain. For example, Romano's recent definition tries to encompass the previous work in all these domains: Trust and reputation both have a social value. When someone is trustworthy, that person may be expected to perform in a beneficial or at least not in a suspicious way that assure others, with high probability, good collaborations with him. On the contrary, when someone appears not to be trustworthy, others refrain from collaborating since there is a lower level of probability that these collaborations will be successful. Trust is strongly connected to confidence and it implies some degrees of uncertainty, hopefulness or optimism. Eventually, Marsh addressed the issue of formalizing trust as a computational concept in his PhD thesis. His trust model is based on social and psychological factors. A lot of proposals have appeared in the literature and here a selection of computational trust and reputation models, that represent a good sample of the current research, is presented.