From ed@gerck.com Fri Jan 23 08:14:49 1998
Date: Fri, 23 Jan 1998 08:14:49 -0200 (EDT)
From: Ed Gerck
Reply-To: Ed Gerck
To: MCG
Subject: Towards a real-world model of trust
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO
X-Status:
**************************************************************************
NOTE:
PLEASE try the updated HTML version at http://nma.com/mcg-mirror/trustdef.htm
**************************************************************************
List:
This msg discusses a subject which summarizes and references some of the
points mentioned by myself in this and in other forums, being also a
result of discussions with several colleagues which either had the
opportunity to come here for a visit or that I had the opportunity to
visit during my last trips. After all, December is a good month for that!
This msg also answers the last request in this forum, with a season's
delay ;-).
This msg's first subject is on "modelling of trust" and not on "trust
modelling" -- the second being derived from the first. What I am saying,
and this is at the heart of the Meta-Certificate motivation, is that we
must first define and understand what trust is (and, possibly, isn't) in
the context of Internet communication before we go into cryptographic
algorithms and message protocols -- which can serve well either to be a
means of conveying said understanding or, of obfuscating said ignorance!
Today's protocols such as X.509, PGP and others, take a leap of ignorance
on what trust is and start by defining means to convey it. Such attitude
is not even empirical, it is indeed arbitrary. To justify this leap of
ignorance, standards such as X.509 have statements to the effect that "...
such will be defined in the CPS, which is not a part of this document." --
as if assumptions could be defined after the theorems that use them.
When faced with the same problem 50 years ago, Shannon took a different
approach. Let's follow his steps because it is not a coincidence that his
ground-breaking Information Theory [1] was also the basis for his
thought-breaking paper on Cryptography [2], which changed cryptography
from (not even) black art to science (before, he also saw that an obscure
Boolean Algebra could very well represent electric circuits, so circuitry
could be built according to Boolean principles, allowing circuits to
binary-test propositions as well as calculate problems -- the dawn of
modern computers and Digital Electronics).
As in [3], I cite:
"In Information Theory, information has nothing to do with knowledge or
meaning. In the context of Information Theory, information is simply that
which is transferred from a source to a destination, using a communication
channel. If, before transmission, the information is available at the
destination then the transfer is zero. Information received by a party is
that what the party does not expect -- as measured by the uncertainty of
the party as to what the message will be."
Shannon's contribution here goes far beyond the definition (and derived
mathematical consequences) that "information is what you do not know". His
zeroth-contribution (so to say, in my counting) was to actually recognize
that unless he would arrive at a real-word model of information as used in
the electronic world, no logically useful information model could be set
forth!
Now, in the Internet world, we have come to a stand off: either we develop
a real-world model of trust or we cannot continue to deal with limited and
faulty-ridden trust models, as the Internet expands from a parochial to a
planetary network for e-commerce, EDI, communication, etc.
And, what would be this "real-world model of trust" for the Internet
world? Here, akin to Information Theory, trust has nothing to do with
friendship, acquaintaces, employee-employer relationships, loyalship,
betrayal and other hard to define concepts. In the concept of Generalized
Certification Theory as set forth in [3] and [4], trust is simply "that
which is essential to a communication channel but which cannot be
transferred from a source to a destination using that channel".
Thus, **loosely speaking**, information is what you do not expect and trust is
what you know.
This has several consequences, to be pursued elsewhere, but the ones we
need now are:
1. "trust depends on the observer" -- or, "there is no absolute trust".
What you may know can differ from what I may know.
2. "trust only exists as self-trust". This means that only self-trust has
zero information content, so trust on others always have information
content (surprises or, unexpected behavior, either good or bad).
3. 'two different observers cannot equally trust any received
information". Direct consequence of (1) and (2).
If we accept the "real-world model of trust" for the Internet world as
defined by:
trust: "trust is that which is essential to a communication channel but
which cannot be transferred from a source to a destination using that
channel" ,
then these three consequences are as mathematically unavoidable as
Shannon's Theorems and leave us in a severe predicament. How then and to
what measure can I acquire and transfer trust?
To answer this question, we must now look at the mathematical properties
of trust. This is also similar to Shannon's approach -- when the
logarithmic function was found very useful to represent information
content and allowed new insights. As in [5], trust has the following
main mathematical properties:
- not transitive
- not distributive
- not symmetric
where the reader can see the first two properties exemplified on-line in
[5]. The last property is straightforward: the fact that a lion trusts
a lamb does not mean that the lamb trusts the lion.
So, using the definition of trust just given and moving towards an
understanding of the definition by using examples, when the lion
communicates with the lamb, the lion does not need to receive any transfer
from the lamb besides that which is communicated in the channel itself,
whereas the lamb needs to *know* whether the lion is hungry -- which is
not information and which cannot be transferred in the same channel. If
such data were information, then it would be new to the lamb (sorry,
ex-lamb, now food). If such data would be transferred in the same channel
how would the lamb know that the lion was not lying?
What is then the solution? How then and to what measure can I acquire and
transfer trust?
Contrary to information, trust cannot come in by a type of add-on -- such
as modulation on a carrier. Why? Because when you modulate a carrier you
are encoding information into that carrier and you suppose that the
carrier is pre-existent -- so the carrier has a very low information
content while the modulating signal has a very high information content.
Ideally, 0% and 100%. On the other hand, according to our definition,
trust must have zero information content (trust is what you know).
So, trust cannot be thought of as a modulating wave -- it is the carrier!
This is the paradigm shift that MCs was based upon in the first place.
First acquisition, then recognition.
Neither can trust be thought of as a type of authorization loop, where
trust flows from the source to the destination and back to the source,
similar to a battery and electric current. [6]
The solution is to mathematically model our definition of trust (ie, this
is not a play on words but we have to model our real-world model of
trust) as a mathematical operator on information, which is parametrized by
(t,d,s,...) where t=transitive, d=distributive, s=symmetric, ... + other
properties such as time (see [6]).
Such a trust model now allows us to answer the question, as a function of
cost and risk [7].
When (t=0, d=0, s=0, T=0, ...) we have "hard-trust" -- ie, zero
information content (no surprises) and no risk. But, also, as isolated as
an island -- trust cannot be acquired or transferred.
When we allow the parameters (t,d,s,T, ...) to take non-zero values, then
we have "soft-trust" -- ie, non-zero information content (bad and good
surprises) and ... risk. Here, trust can be acquired and transferred but
always tainted with information. Thus, trust must be properly gauged [8]
also as a function of risk/cost if it is to be properly used in the
soft-trust regime.
The above arguments show already several things:
- it points out the basic inconsistencies of PGP [9], e.g. where PGP
enforces a model of "hard-trust" with "trust is intransitive" to setup
entries in the web-of-trust but uses "soft-trust" to upkeep entries,
without discussing its validity/gauge nor allowing for time factors such
as lack of synch.
- the basic inconsistencies of X.509 [9], e.g. which uses "soft-trust" to
impose a CA chain without discussing its validity/gauge (ie, either you
accept to trust a CA you don't trust because that CA *was* trusted by a CA
you *once* trusted or you are out).
Taking such model of trust further, as it will be presented in the
Meta-certificate Standard, leads to what is called "archetypical trust
model" as presented in [3] and in the MCG-FAQ. The concept of "critical
radius of trust" is also derived from space and time considerations of
differently interacting agents, where the critical radius is the reach of
soft-trust where risk and cost are equal.
Cheers,
Ed
References:
[1] Shannon, C. A Mathematical Theory of Communication, Bell Syst.
Tech. J., vol. 27, pp. 379-423, July 1948.
[2] Shannon, C. Communication Theory of Secrecy Systems. Bell System
Technical Journal. 28: 656-715. 1949.
[3] Gerck, E., Certification: Intrinsic, Extrinsic and Combined, MCG,
http://mcwg.org/mcg-mirror/cie.htm . 1997.
[4] Gerck, E., Generalized Certification Theory, to be published. 1998.
[5] Gerck, E., Trust Properties, MCG http://mcwg.org/mcg-mirror/trustprop.txt. 1997.
[6] Gerck, E. Re: On the Nature of Trust, MCG
http://mcwg.org/mcg-mirror/cgi-bin/lwg-mcg/MCG-TALK/archives/mcg/date/article-334.html
1997.
[7] Bohm, N. Authentication, Reliability and Risks, MCG,
http://mcwg.org/mcg-mirror/auth_b1.htm. 1997.
[8] 111229 Checking Validity, MCG http://mcwg.org/mcg-mirror/pub9x.txt . 1997.
[9] Gerck, E. Overview of Certification Systems: X.509, CA, PGP and SKIP.
MCG, http://www/org.br/cert.htm. 1997.
______________________________________________________________________
Dr.rer.nat. E. Gerck