A Distributed Trust Model


Alfarez Abdul-Rahman and Stephen Hailes
Affiliation: University College, London
Abstract: The internet is gradually becoming a highly unpredictable system, with properties that may be highly dynamic, complex and intractable. This problem will be accentuated when the proliferation of ad hoc service providers, software agents and mobile hosts become commonplace. In such a network unknown entities, sometimes seeking a particular service from a server, will be frequently encountered. Therefore an effective method for individually ascertaining their trustworthiness in such a complex environment is essential. Here, we propose a trust model for such a system.

The environment which forms the basis of our model is one which consists of communities of trust. Each community consists of 'strongly' connected components where the mean trust chain length between any two entities are low compared to the mean chain length of two components which lie in different communities. Each individual entity may have its own trust policies and makes its own decision on which entity, algorithm or protocol it trusts.

The proposed model is independent from any specific cryptographic algorithm. This allows the model to be separated from the underlying implementation specific details, and allows entities to choose the algorithm or protocol it trusts most. It is also distributed in nature, i.e. no central certifying authority is imposed upon any entity. Understandably, an 'anarchical' trust model may rank poor in terms of trust management, but this is a problem which the proposed model seeks to provide a solution to.

Firstly, in order to clarify the notion of trust in our model, we provide a trust taxonomy which parameterises each trust relationship. Two basic components were incorporated, trust categories and trust levels. The former specifies what aspect of trust the trust relationship pertains to, eg. "trust with respect to generating good keys". The latter specifies how much trust an entity places in the target trusted entity, with respect to a trust category. Categories and levels allows each trust relationship to be more precisely defined and provides a step towards effectively reasoning about an entity's trustworthiness.

Next we propose a recommendation protocol for the exchange of trust related information. The recommendations exchanged between entities will form the information upon which trust towards the recommended entity will be evaluated if it is a previously unknown entity. This protocol will not be dependent on any predefined trust hierarchy or path, but more towards one entity asking another for recommendations about the entity whose trustworthiness is in question.

A trust language is created to allow trust related information like trust categories, policies and levels to be effectively communicated. Due to the potential ambiguity of a notion in trust depending on the entity doing the translation of a piece of trust information, a hierarchical language structure is defined. This is essential to allow entities within different domains to exchange trust related information which may potentially contain notions which might exist in one domain but not the other. As the hierarchy is traversed downwards, further specialisation of each concept can be made.

Specific methods for evaluating trust are not covered, but possible approaches are discussed.

Further work in this research will consist of simulating an environment implementing this trust model, and its behavior will be analysed under different circumstances. Further possible extensions to the trust model may include provisions and protocols for trust monitoring and trust revision.

For more information, contact {F.AbdulRahman,S.Hailes@cs.ucl.ac.uk}.