Trust Metrics and Models
-
Upload
gauri-dhore-barve -
Category
Documents
-
view
216 -
download
0
Transcript of Trust Metrics and Models
-
8/6/2019 Trust Metrics and Models
1/44
Welcome
-
8/6/2019 Trust Metrics and Models
2/44
E-Commerce Trust
Metrics and Models
-
8/6/2019 Trust Metrics and Models
3/44
Traditional models oftrust between vendors
and buyers fall short ofrequirements for an
electronic marketplace, where anonymous
transactions cross territorial and legal
boundaries as well as traditional value-chain
structures.
Alternative quantifications oftrust may
offer better evaluations oftransaction.
-
8/6/2019 Trust Metrics and Models
4/44
As millions of customers begin to participate in
e-commerce, we can expectincreasedtran-
sactions of extremely variedquantityand value;
in addition, the goods and services transacted
will be subjectto verydifferentlegal regulation
andeconomic risk.
This emerging marketplace will require the
abilityto make distinctions thatthe credit-card
transaction model does not support.
-
8/6/2019 Trust Metrics and Models
5/44
Howdo we setmeasurement criteria to make
these distinctions?
One wayis to quantify trust.
-
8/6/2019 Trust Metrics and Models
6/44
Research on this problem in e-commerce has
focused on authentication thatis, associating apublic keywith its owner.
However, all their models are based on transi-
tive trustalong a transaction path of entities that
trust the key to different extents.
E-commerce, on the other hand, requires mutual
trustamong avendor, acustomer, andall transac-
tion intermediaries.
-
8/6/2019 Trust Metrics and Models
7/44
This article introduces a notion ofquantifiable trust
andthen develops models that can use these
metrics to verify e-commerce transactions in waysthat mightbe able to satisfythe requirements of
mutual trust.
-
8/6/2019 Trust Metrics and Models
8/44
RISK EVALUATION WITH TRUST METRICS
Although no single unit of measure is adequate to
the definition oftrust, several dependentvariables,
such as cost, can be usedto describe it.
-
8/6/2019 Trust Metrics and Models
9/44
Trust Variables
Transaction cost
First, riskis a function ofthe cost of goods and services: a careful
buyer gives more thoughtto expensive purchases. Similarly, a
vendor might notworryabout losing revenue on asingle micro-
transaction ofnegligible costvalue, butthe riskincreases with the
cost ofa single transaction orthe number of microtransactions, and
so does the vendors attention to revenues and expenses.
-
8/6/2019 Trust Metrics and Models
10/44
Transaction history
Transaction historyis similarto apersons credit history.In Internet commerce, transaction history couldinclude acustomers
profile oftransactions with several vendors andavendors profile of
transactions with several customers.
Indemnity
The trust level ofatransaction is increased when atrustedinterme-
diary guarantees against loss.
This is especiallytrue fornew customers or vendors without transac-
tion histories: they cannotperform expensive transactions unless
guaranteedbyatrustedintermediary.
-
8/6/2019 Trust Metrics and Models
11/44
Other trust variables
Spending patterns
Ifacustomers hostcomputer were compromised orthe customers
smart cardorcurrency were stolen, it mightbe possible to detect
suspicious activityby observing changes in spending patterns.
System usage
Increasing the number oftransactions increases the tax on systemresources.
-
8/6/2019 Trust Metrics and Models
12/44
Variable trust parameters
Time
The number oftransactions conductedduring a certain period of
time, in which the transaction frequency couldreflectachange of
trust state.
Location
The transactions routed through intermediaries that have perhapsbeen compromised in some waywould likelylowertrust.
-
8/6/2019 Trust Metrics and Models
13/44
Trust Actions
Once variables for quantifying trustare defined, a
transaction can be actedupon according to the
value oftrustso determined.The most common actions are
Verification - of eitherthe customers or vendors
Credentials.
Authorization.
-
8/6/2019 Trust Metrics and Models
14/44
Trust Metric Terms and Definitions
Transacting entityAnyentity thatengages itselfin an electronic commerce transaction
is atransacting entity. This entity couldbe acustomer, avendor, a
broker, an intelligentagent, apaymentserver, oranyintermediary.
Trustauthority
Trustmatrices are usedto evaluate the trust on a certain transaction
or on the next set oftransactions. Unless these trust matrices areprotected againstmanipulation andare maintained by certain
authorities, transacting entities cannottrustthem. These authorities
are calledtrustauthorities (TA).
-
8/6/2019 Trust Metrics and Models
15/44
Agreement Framework
A relationship binding all the transacting entities involvedin asingleset oftransactions. The relationshipusuallyincludes various policies
forconducting transactions andis usuallyplaced ataTA. Each set of
transactions is interpreted based on the policy, andthe results
are usedto update trustmatrices.
-
8/6/2019 Trust Metrics and Models
16/44
RISK ANALYSIS
USING TRUST MODELS
Trustvariables andactions are the basis forthe
Four differenttypes oftrustmodels.
Boolean Relationships
Fuzzy Logic
Transaction Processes
Transaction Automaton
-
8/6/2019 Trust Metrics and Models
17/44
Models Based on Boolean Relationships
Two or more trustvariables andparameters can be usedto
describe the level oftrust on aparticulartransaction.
These variables shouldbe meaningfullyrelatedto each
otherto provide asemantic definition ofthe model.
The relationship can be capturedbyatrust matrix, where
matrix actionsentitiesrelate to the rowand column
labels.
-
8/6/2019 Trust Metrics and Models
18/44
-
8/6/2019 Trust Metrics and Models
19/44
The above figure describes atrust matrix with a
single matrix action, V, which signifies thata
particulartransaction shouldbe verified.
Actions that need notbe verifiedare grouped
into atrust zone, the boundary of which zone is
atrust contour.
-
8/6/2019 Trust Metrics and Models
20/44
Models Based on Fuzzy Logic
Linguistic terms such as microcosttransaction or excellent transac-
tion history lettransacting entities such as vendors easilydescribe
their measurementunits.
The actions mayalso have to be weighted to distinguish the various
degrees of measurement.
For example, it makes little sense to verify atransaction for someone
with agood historyto the same extentas for someone who has apoor
history, even when making the same high-costtransaction.
-
8/6/2019 Trust Metrics and Models
21/44
-
8/6/2019 Trust Metrics and Models
22/44
Referring to the above figure, a customer with an excellent transac
tion history has one in 50 transactions verified (V/50), whereas the
customer with the worst transaction history has every transaction
verified through a variety of methods, including thorough consulta
tions with other vendors, trusted intermediaries, and reviews of
previous transactions. This might be represented in the matrix by
something like 20V.
The numbers in this trust matrix are difficult to determine, however,
anditis unclear how20V compares to, say, 10V.
-
8/6/2019 Trust Metrics and Models
23/44
One offuzzy logics benefits is thatusing linguistic terms (such as
normal, excessive, and worst) allows foreasier interpretation ofthe matrix entities bytrustintermediaries andauthorities.
These linguistic terms coverarange of values ratherthan asingle
discrete value, which enables theiruse in aknowledge processingsystem, such as a fuzzy logic expert system.
A fuzzy logic-based expert system allows these linguistic values to be
represented bymathematical functions called membership
functions.
-
8/6/2019 Trust Metrics and Models
24/44
-
8/6/2019 Trust Metrics and Models
25/44
Models Based on Transaction Processes
-
8/6/2019 Trust Metrics and Models
26/44
E-commerce transaction protocols in generalandsecurity protocols
in particularfollowa handshake procedure before delivering goods
ofanykindto the customer.This handshake procedure usually follows the authenticate-first, then
authorize, pay, anddelivertrust model (calledthe AAP model).
The AAP model does notsuitall e-commerce transactions forreasons
of efficiencyandredundancy.
-
8/6/2019 Trust Metrics and Models
27/44
When suspicious activityis noticed, the server orvendor shouldinsist
on properauthentication. Suspicious activities wouldinclude a spurt
in transaction activity oran unanticipated request foraccess to confi-
dential information. This is calledthe authorize-first, then pay and
deliver, orauthenticate-if-trust-violated (ATV) model.
A thirdtrust model is the pay-first (PF) model, which is useful for
customers interestedin anonymity or new customers who have no
trust relationship. Anonymous customers who wantto remain that
waypreferto payusing electronic currency(for example, Digicash) to
paybefore receiving goods.
-
8/6/2019 Trust Metrics and Models
28/44
Model Based on a Transaction Automaton
This trust model describes e-commerce trust on the basis ofthe
transactions state: fail, success, in-progress, attack.
A transaction is successfully completedwhen the trustauthority (TA)receives a complete acknowledgment from all entities involvedin the
transaction.
A transaction is in-progress ifthe TA has notreceiveda complete
acknowledgment from any ofthe transacting entities.
-
8/6/2019 Trust Metrics and Models
29/44
A transaction fails ifthe TA has notreceiveda complete message
during the time allocatedforthe transaction, as definedin the
agreement frameworkor contractto complete.
Ifthe failure results from acomplaint orsuspicion, however, the
transaction state changes from in-progress (or failure) to attack.
-
8/6/2019 Trust Metrics and Models
30/44
COMMERCE-RELATED ATTACKS
Byapplying trust models to examine e-commerce relatedattacks, we
can betterunderstand howto detect, prevent, correctandrecover
fromthem.
Stolen Token
Contour Discovery
-
8/6/2019 Trust Metrics and Models
31/44
Stolen Token
The thief can use the stolen password ortoken to impersonate the
genuine legitimate customerand make transactions overthe
Internet.
The impersonating customer can pay for goods, butthesepayments are not genuine since theywere stolen.
The following methods couldbe employedto detect :
Detection byanalyzing spending pattern
Prevention by timer-delay key recovery
Correction and transaction recovery
-
8/6/2019 Trust Metrics and Models
32/44
Detection byanalyzing spending pattern
Byobserving the purchase patterns, the trustedintermediaries or
authorities mightdetect such fraud before the genuine customer
realizes the theftandreports it. Forthe trustauthorities to detect
such activities, the basic Boolean Trust Model described earlier canbe enhanced byadding atrustparameter: time.
-
8/6/2019 Trust Metrics and Models
33/44
-
8/6/2019 Trust Metrics and Models
34/44
Prevention by timer-delay key recovery
Afterdetection ofa suspicious spending pattern, delaying the delivery
ofadecrypting keyto the impersonating customer can prevent
further loss.
This keyis usuallydeliveredafterthe customerpays the vendor, butthis step can be delayeduntil the customer (here, the Impersonator)
provides more secret or sensitive information such as biometrics
not containedin the stolen smart card or computer.
-
8/6/2019 Trust Metrics and Models
35/44
Correction and transaction recovery
Once identityis reestablished, the trustauthority issues the customer
anewtoken.
Losses to the customerand vendorare covered underan agreement
framework thatis similarto an insurance policy, though informationorservices confiscated bythe impersonator cannotbe easilyreco-
vered.
-
8/6/2019 Trust Metrics and Models
36/44
Contour Discovery
Contourdiscoverymeans thatthe boundary ofatrustzone has been
discovered byan impersonator, for example.
An impersonating customer mightpenetrate the trustzone by
watching several transactions between atrustedcustomer andthe
transacting vendor (thus exposing the persons privacy).
The impersonator needknow onlythe price, the customers name,
andthe transactions success orfailure. This information is available
outside the secured (confidential) portion ofthe transaction.
Combinedwith astolen token, the impersonator couldpretend to be
honestbyapplying techniques such as indemnity, prepayment, or
overpayment.
-
8/6/2019 Trust Metrics and Models
37/44
One technique forpreventing contourdiscoveryattacks is random
perturbation, using an auditedtrustzone; thatis, we can randomly
verify transactions within the trustzone instead of committing the
transaction withoutperforming adequate security checks forauthen-
tication, authorization, ortrust.
-
8/6/2019 Trust Metrics and Models
38/44
PROPAGATIONOF TRUST
Electronic commerce generallyrequires acustomer to interact with
several trustedintermediaries before actuallycontacting the vendor.
Some ofthese intermediaries may nothave hadatrustedrelationship
among themselves, in which case adefault relation is setbetweenthem. Otherwise, the existing relations are invokedto participate in
the commerce exchange.
-
8/6/2019 Trust Metrics and Models
39/44
-
8/6/2019 Trust Metrics and Models
40/44
Differing trustrelationships existamong the customers, interme-
diaries, andvendors. To calculate asingle trustvalue between the
customerand vendorrequires forming an overall trustrelationshipthat governs the transactions between them.
-
8/6/2019 Trust Metrics and Models
41/44
-
8/6/2019 Trust Metrics and Models
42/44
The variables in the left-hand matrix are transaction history and
number ofmicrotransactions. Variables in the right-hand matrix arethe number ofmicrotransactions andasatisfaction index.
Satisfaction index couldindicate the average transaction history of
the customers in a category, ora quantitythatthe trustedinterme-
diarydetermines based on the satisfaction reportit has from itscustomers.
A merge operatorin this case couldbe one thatuses the matrix on
the right-hand side to lessen the verification riskusedbythe matrix
on the left-hand side.
-
8/6/2019 Trust Metrics and Models
43/44
-
8/6/2019 Trust Metrics and Models
44/44
CONCLUSION
The alternative approach presented here offers awayto verify
transactions, while avoiding the unnecessary computation costs
of verifying every transaction.
Possibilities forfuture workalong these lines include the study of
attacks made viaanonymous operation andthe study ofcorrec-
tive andpreventive methods forrecovery andsurvival.