Trust. Prakash Kolan Srikanth Palla. Trust. Trust is a social good to be protected just as much as the air we breathe or the water we drink. When it is damaged, the community as a whole suffers; and when it is destroyed, societies falter and collapse“ - Sissela Bok,
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Trust is a social good to be protected just as much as the air we breathe or the water we drink. When it is damaged, the community as a whole suffers; and when it is destroyed, societies falter and collapse“
- Sissela Bok,
"Lying: Moral Choice in Public and Private Life", 1978
The Internet of the past is one of limited services and a fixed set of users, mainly academics and scientists
From this, it has developed into a pervasive utility, playing host to a vast range of services
High volume transactions and online activity everyday.
With all this comes greater uncertainty and risk arising from the intentional hostility or carelessness of on-line entities.
Existing examples of the risks include viruses and Trojan horses, applets and macros embedded in documents, subverted databases of sensitive financial information, etc
The open and pervasive nature of Internet
No central authority for monitoring system activity
Improper maintenance of host and network security coupled with end host vulnerabilities in context of huge volume host interactions
The level of expertise and experience required to recognize potential risk in every on-line interaction is currently beyond the ability and resources of the average user
To help with this situation, users must be given the ability to assess the trustworthiness of entities it encounters.
Current security technology provides us with some capability to build in a certain level of trust into our communication.
cryptographic algorithms for privacy and digital signatures
signatures, authentication protocols for proving authenticity
access control methods for managing authorization.
These methods cannot manage the more general concept of ‘trustworthiness’.
Cryptographic algorithms, for instance, cannot say if a piece of digitally signed code has been authored by competent programmers and a signed public-key certificate does not tell you if the owner is an industrial spy
Trust may be regarded as a judgment made by the user, based on general experience learned from being a consumer and from the perception of a particular merchant
Trust – an agent’s belief in another agent’s capabilities, honesty and reliability based on its own direct experiences
Assured reliance on the character, ability, strength, or truth of someone or some thing” 
As “confidence in or reliance on some quality or attribute of a person or thing, or the truth or a statement
Trust indicates a positive belief about the perceived reliability of, dependability of, and confidence in a person, object, or process”
In order for trust to be relevant in a particular situation, two conditions must be present.
Principle 1: Trust depends on identity.
Trust accrues over time between individuals and companies that build a shared history of positive interactions.
Trust depends on identity, the condition of being distinguishable from others, for without identity there is no way to group together separate interactions into a history.
Principle 2: Trust is based on information
To trust someone or some organization one must first “get to know them”.
The information required to “know” another party has many dimensions as it must capture knowledge about complex behaviors surrounding issues such as privacy, reliability and past performance.
Principle 3: Trust is a function of the perception of risk.
Trust is a belief or expectation that the word or promise by other agent can be relied upon and will not take advantage of the his vulnerability
Risk is the core of trust in that trust is the degree to which a truster holds a positive attitude toward the trustee’s goodwill and reliability in a risky exchange situation
Principle 4: Trust deepens over time and with increased reciprocity.
Trust is intimately associated with risk and when a trustee realizes that a truster has taken considerable risk in trusting them, they tend to be motivated to behave in a trustworthy manner.
do not blindly take unjustified risk in the hope of developing a trustful relationship but rather adopt a gradual approach in which partners start with limited incremental investment when risk and uncertainly levels are high
Principle 5: Trust is a matter of degree
There is no such thing as blanket trust
trust can be defined as the degree to which the truster holds a positive attitude toward the trustee’s goodwill and reliability in a risky exchange situation
Principle 6: Culture affects trust.
The fundamental bases of trust varies across nationalities
Agents coming from individualistic countries having a higher trusting stance in general and being more willing to base their trust in other agents on factors that are inferred from an impersonal Web site than agents from collectivist countries
Principle 7: Third party ratings are important in developing trust.
Trust is affected not only via first hand interaction, but also by the opinions of other parties.
An important source of opinions is trusted third parties. In the offline world such parties include organizations such as the Better Business Bureau, Consumer Reports, and the media in general who render “expert” opinions based on research
Principle 8:Second party opinions are important in developing trust.
Trust can also be affected by the opinions of second parties that have had experience in conducting similar transactions.
Such parties are synonymous to friends and family in offline world.
Principle 9: First party information is important in developing trust.
First party information, i.e., information that the party provides concerning themselves is critical to developing trust online.
The first party needs to clearly present information about their services (e.g., delivery methods, insurance, payment methods), policies (e.g., privacy, security, returns) and products (e.g., description, pricing, availability).
Principle 10: Formal and social controls are important in developing trust.
Formal controls employ codified rules, goals, procedures and regulations that specify desired patterns of behavior
social controls use organizational and cultural values and norms to encourage desirable behavior. Social controls in alliances often take the form of socialization, interaction and training
Interpersonal TrustTrust an agent has in other agent directly. It is agent and context specific . For example Alice may trust a specific agent Bob the Mechanic in the specific context of servicing her car but not in the context of babysitting her children.
System Trust or Impersonal TrustTrust that is not based on any property or state of the trustee but rather on the perceived properties or reliance on the system or institution within which that trust exists. E.g.; The monetary system
Dispositional TrustSometimes referred to as one’s ‘basic trust’, describes the general trusting attitude of the truster. A sense of basic trust, which is a pervasive attitude toward oneself and the world” .
Trust can be categorized into different conceptual types, such as attitudes, beliefs, behaviors, and dispositions. It could be even categorized as reflecting different referents: trust in something, in someone, or in a specific characteristic of someone (e.g., one’s honesty).
Based on above, an interdisciplinary model of trust types can be defined
Disposition to Trust
The extent to which one displays a consistent tendency to be willing to depend on general others across a broad spectrum of situations and persons.
Faith in Humanity
Refers to underlying assumptions about people
one assumes others are usually upright, well-meaning, and dependable
Trusting StanceMeans that, regardless of what one assumes about other people generally, one assumes that one will achieve better outcomes by dealing with people as though they are well-meaning and reliable.
One believes the needed conditions are in place to enable one to anticipate a successful outcome in an endeavor or aspect of one’s life
Comes from the sociology tradition that people can rely on others because of structures, situations, or roles that provide assurances that things will go well.
Structural AssuranceOne believes that success is likely because guarantees, contracts, regulations, promises, legal recourse, processes, or procedures are in place that assure success
Situational NormalityOne believes that success is likely because the situation is normal or favorable.
One believes (and feels confident in believing) that the other person has one or more traits desirable to one in a situation in which negative consequences are possible.
CompetenceOne believes the other person has the ability or power to do for one what one needs done.
BenevolenceOne believes the other person cares about one and is motivated to act in one’s interest
IntegrityOne believes the other person makes good faith agreements, tells the truth, and fulfills promises
Predictabilityone believes the other person’s actions (good or bad) are consistent enough that one can forecast them in a given situation
One is willing to depend on, or intends to depend on, the other person in a given task or situation with a feeling of relative security, even though negative consequences are possible.
Willingness to dependone is volitionally prepared to make oneself vulnerable to the other person in a situation by relying on them
Subjective probability of Dependingthe extent to which one forecasts or predicts that one will depend on the other person
Bayesian Network-Based Trust Model in Peer-to-Peer Networks
Represents a differentiated trust model as trust differs for different peers at different instances and situations
Depending on the situation, a peer may need to consider its trust in a specific aspect of another peer’s capability or in multiple aspects.
It employs Bayesian network concepts for providing flexible methods for deducing these differentiated trust values.
Collaborative Automated Trust Negotiation in Peer-to-Peer Systems
Many of the users are reluctant to do high volume transactions over the internet as the security issues posed by the P2P systems are severe and daunting
Investigates building trust by automated trust negotiations.
These trust negotiations help in proving that a peer satisfies certain trust requirements.
The peers in the peer-to-peer networks build trust relationships among each other by collaboratively negotiating their credentials
These trust negotiations can be used along with reputation systems to build efficient P2P trust systems.
"Trust" is a word that has come to have several very specific definitions on the
Semantic Web. Much research has focused on authentication of resources, including work on digital signatures and public keys. Confidence in the source or author of a document is important, but trust, in this sense, ignores many important points. Just because a person can confirm the source of documents does not have any explicit implication about trusting the content of those documents.
Here we are going to addresses “trust” as credibility or reliability in a much more human sense. It opens up the door for questions like “how much credence should I give to what this person says about a given topic,” and “based on what my friends say, how much should I trust this new person?"
we will discusses how to build a meaningful social network from the architecture of the semantic web, and how it conveys meaning about the structure of the world. We describe a sample algorithm for computing trust in a network.
Studying the structure of the hypertext web can be used to find community structure in a limited way. A set of pages clustered by hyperlinks may indicate a common topic among the pages, but it does not show more than a generic relationship among the pages. Furthermore, pages with fewer outgoing links are less likely to show up in a cluster at all because their connectance is obviously lower. These two facts make it difficult for a person to actually see any relationship among specific concepts on the web as it currently stands – classification is not specific enough, and it relies on heavy hyperlinking that may not be present.
The Semantic Web changes this. Since the semantic data is machine-understandable, there is no need to use heuristics to relate pages. Concepts in semantically marked up pages are automatically linked, relating both pages and concepts across a distributed web
The semantic web of trust requires that users describe their beliefs about others. Once a person has a file that lists who they know and how much they trust them, social information can be automatically compiled and processed.
The Internet provides an easy way to set up shops and conduct commerce at any place in the world. Vendors can thus sell goods and conduct commerce on the Internet. Most of the time customers use the Internet commerce mechanism to order goods and pay for the transaction through a credit card (extending the so called mail -order, phone order to Internet-order). In order to secure the transmission of credit card numbers customers could send it encrypted using protocols such as Secure Sockets Layer (SSL) until implementations of special payment protocols like Secure Electronic Transactions (SET) or Joint Electronic Payment Initiative (JEPI) become available.
It is important that transactions be atomic. In other words, the entire transaction should be carried out in a fault tolerant way such that no party involved in the transaction may be put at a loss after the completion of the transaction i.e., the vendor should not feel cheated by having not received payment for goods sold, nor the customer feel cheated for not having received goods for payment made. Electronic commerce protocols have been designed to provide this kind of EC-atomicity. However, these protocols have not been equipped with mechanisms to protect a vendor from a customer who makes a fraudulent payment or a customer from a vendor who supplies low quality or garbage goods. In other words, these protocols need to be equipped with suitable trust mechanisms i.e., they should be strengthened by adding a non-repudiable context to the transaction protocol.
Eventhough the quantitative measurement of trust cannot be adequately performed, several variables on which trust depends could be used to define trust. These variables in turn influence actions taken by a transacting entity. Certain parameters modify trust actions.
Cost of Transaction
Careful customers pay attention to the price and quality of goods. Expensive items are bought after careful thought and consumer report analysis. Vendors make sure that the money offered for the item is not counterfeit, that the buyer has enough funds in his bank account or on his credit card. Risk is based on cost of goods. For example, a vendor may not be concerned on losing revenue on a single micro-transaction. (A micro-transaction is one that has negligible cost value like a tenth of a cent to a cent). This is a micro-risk transaction. As the cost of the transaction increases or the number of such micro-transactions increase, vendors pay attention to revenues and income on such transactions.
Transaction history is similar to a person’s credit history. Just as a person’s credit history is checked before issuing a loan, or before increasing the credit limit on his card, a person’s transaction history measures trust and is consulted for evaluating transactions. For example, questionable customers who always complain that they receive outdated stock information, might need a non-repudiated proof of verification. This could be in the form of a time-stamped receipt of stock information.
It is a well known practice in commercial establishments that they tend to provide several benefits in the form of awards, mileage points, etc. to customers who show them loyalty. A frequent buyer will be treated with greater trust than a stranger.
If a trusted intermediary stands as a guarantee against loss, then there is an increase in trust level of the transaction.
If a customer’s host is compromised or if someone steals the customer’s smart card, or currency, one could notice a suspicious activity by observing the spending pattern.
Trust is a complex and multi-dimensional phenomenon.
The human perception of trust is a core ingredient in any online transaction, and future electronic systems must support trust services to gain loyalty at both ends.
Trust is many faceted form of human behavior. Ask people why they trust an individual or company and you will receive an enormous range of answers. In many cases you will find that people cannot even articulate the inner workings of their own trust processes.
The trust principles presented represent aspects of trust that need to be addressed when building infrastructure to support online trust.
We have discussed the conceptual level constructs which consist of Disposition to Trust (from Psychology), Institution-based Trust (from Sociology), and Trusting Beliefs and Trusting Intentions (from Social Psychology).
The typology of trust constructs helps address conceptual confusion by representing trust as a coherent set of four constructs and ten sub constructs.
Enabling peers to develop trust among themselves is important in a peer-to-peer system where resources (either computational, or files) of different quality are offered.
It will become increasingly important in systems for peer-to-peer computation, where trust can provide a way for protection of unreliable, buggy, infected or malicious peers
If we are to create online environments in which trading relationships are as easy to navigate, we will need to evolve rich and varied forms of online trust infrastructure and address numerous business, technical, social and legal issues.
Merriam-Webster. Merriam-Webster Online Merriam-Webster, Inc., 2002. URL: http://www.m-w.com
Oxford. Oxford English Dictionary. Oxford University Press, 2nd edition, 1989
Ben Shneiderman. Designing Trust into Online Experiences. Communications of the ACM, 43(12):57–59, December 2000
Derek Sisson. ecommerce. URL: http://www.philosophe.com/commerce/ecommerce.html, February 2000
Wang, Y., Vassileva J. (2003) Bayesian Network-Based Trust Model in Peer-to-Peer Networks, Proc. Workshop on "Deception, Fraud and Trust in Agent Societies" at the Autonomous Agents and Multi Agent Systems 2003 (AAMAS-03), Melbourne, Australia, July 2003 (full paper, 9pp).
L. Mui, M. Mohtashemi,Ari Halberstadt, "A Computational Model of Trust and Reputation", Proceedings of the 35th Hawaii International Conference on System Sciences – 2002
A. Abdul-Rahman and S. Hailes, "A Distributed Trust Model", in Proceedings of the New Security Paradigms Workshop, ACM, 1997.
Wang Y., Vassileva J. (2003) Bayesian Network-Based Trust Model, Proc. of IEEE International Conference on Web Intelligence (WI 2003), October 13-17, 2003, Halifax, Canada
W.Winsborough,K.Seamons,and V.Jones. Automated Trust Negotiation. In DARPA Information Survivability Conference and Exposition , Hilton
A. Abdul-Rahman and S. Hailes. Supporting trust in virtual communities. In 33rd Annual Hawaii International Conference on System Sciences (HICSS-33), 2000.
Peer Trust. http://disl.cc.gatech.edu/PeerTrust
Heckerman, D. “A Tutorial on Learning with Bayesian Networks”, Microsoft Research report MSR-TR-95-06, 1995
Song Ye; Makedon, F.; Ford, J.; Collaborative automated trust negotiation in peer-to-peer systems. Peer-to-Peer Computing, 2004. Proceedings. Proceedings. Fourth International Conference on 25-27 Aug. 2004 Page(s):108 – 115
D. W. MANCHALA, E-Commerce Trust Metrics and Models, IEEE Internet Computing, April 2000
K. Aberer, Z. Despotovic, Managing Trust in a Peer-2-Peer Information System. Proceedings of the Tenth International Conference on Information and Knowledge Management 2001
Wang Y. Vassileva J. (2003) Trust and Reputation Model in Peer-to-Peer Networks, Proc. of IEEE Conference on P2P Computing, Linkoeping, Sweden, September 2003, IEEE Press, 150-157
F. Azzedin and M. Maheswaran, Trust Modeling for Peer-to-Peer based Computing Systems, 12th IEEE Heterogeneous Computing Workshop (HCW 2003)
WEEKS, S. ,Understanding trust management systems. In Proceedings of 2001 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 94–105, 2001.
JIM, T., A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 106–115, 2001
Trust negotiation in peer-to-peer systems. Technical Report (in progress), 2004, available at http://scens.cs.dartmouth.edu.
R. Chen and W. Yeager, “Poblano: A distributed trust model for peer-to-peer networks.” ”htpp:security.jxta.org”, 2001
P. R. Zimmerman (1995) The Official PGP User's Guide, Cambridge, Massachusetts: MIT Press
R. Khare, A. Rifkin (1997) "Weaving a Web of Trust,” World Wide Web Journal, 2(3), pp. 77-112.
B. Borcherding and M. Borcherding, “Efficient and Trustworthy Key Distribution in Webs of Trust,” Computers and Security, vol. 17,no.5, 1998,pp. 447-454.
D. H. McKnight, N. L. Chervany. The Meanings of Trust. Technical Report 94-04, Carlson School of Management, University of Minnesota, 1996.
L. Rasmusson and S. Jansson. Simulated Social control for Secure Internet Commerce (position paper). In Proceedings, New Security Paradigms Workshop, Lake Arrowhead, 1996.
A. Abdul-Rahman. The PGP Trust Model. EDI-Forum, April 1997
Erikson, E. H. Identity: Youth and Crisis. W. W. Norton, New York, 1968.
Rosenberg, M. Occupations and Values. Free Press, Glencoe, IL, 1957.
Riker, W. H. “The Nature of Trust.” In J. T. Tedeschi (Ed.), Perspectives on social power, Aldine Publishing Company, Chicago, 1971, pp. 63-81.
Shapiro, S P. The social control of impersonal trust. American Journal of Sociology (93), 1987, pp. 623-658.
Urban, G.L., Sultan, F., and Qualls, W.J. Placing Trust at the Center of Your Internet Strategy. MIT Sloan Management Review. Vol. 42(1), 2000, pp. 39-48.
Geyskens, I., Steenkamp, J-B, E.M., Scheer, L.K. and Kumar, N. The effects of trust and interdependence on relationship commitment: A trans-Atlantic study. International Journal of Research in Marketing. Vol. 13(4). 1996, pp. 303- 317.
Gambetta, D. Can we trust trust? In D. Gambetta (Ed.), Trust: Making and breaking cooperative relations. Basil Blackwell. NY, 1988.
Bowman, E. H. and Hurry, D. Strategy through the Option Lens: An Integrated view of Resource Investments and the Incremental-Choice Process. Academy of Management Review. Vol.18(4)., 1993, pp. 760-782.
Das, T.K. and Bing-Sheng, T. Between Trust and Control: Developing Confidence in Partner Cooperation in Alliances. The Academy of Management Review. Vol. 23(3), 1998, pp. 491-512.
Dawar, N., Parker, P. M. and Price, L. J. A cross-cultural study of interpersonal information exchange. Journal of International Business Studies, Vol. 27(3), 1996, pp. 497-516.
eCommerce Trust Study.. Cheskin Research & Studio Archtype/Sapient. 1999. [online]. Available: http://www.cheskin.com/think/studies/ecomtrust.html [viewed July 30, 2001].