Teatro Sándor Tomcsa, Székelyudvarhely (2009)

Trust is a primary factor for securing future communications and it should be adopted as a standard. There is no unique definition of trust. Commonly, the word trust is associated with the Internet-based authentication method used to access secure servers. This method is based mainly on trust certificates provided by trusted CAs worldwide. Nevertheless, the fact that someone uses the correct trusted certificate does not actually mean that it is reliable a priori. In fact, an attacker can use the correct certificate, but at the same time can misbehave, perpetrating attacks against the system.

According to dictionary.com, “trust” is defined as the “reliance on the integrity, strength, ability, surety, etc., of a person or thing” [172]. The Merriam-Webster Dic- tionary defines trust as “assured reliance on the character, ability, strength, or truth of someone or something” [173]. This thesis adopts the definition of trust presented in [99]: “the belief that another party will behave according to a set of well-established rules and thus meet one’s expectations”. Trust can be also represented as a triad of three opinions belief, disbelief and uncertainty, which indicate the probability of trusting or distrusting an entity and the probability of doubt about whether to trust an entity [174]. Figure 2.7 shows the corresponding triads for information security and trust.

Information Security Con fiden tiality Integrity Availability Disclosur e Alteration Denial Trust Belief Disbelief Uncertainty

Figure 2.7: Summary of information security and trust triads, showing CIA and DAD triads for information security on the right and trust opinions triad on the left.

The definition of trust derives from the Human-to-Human (H2H) trust definition and is then applied to M2M communications. As in human societies, in a network there are several ways to create trusted relationships among entities. A trust relationship can be viewed as a set of characteristics about the relationship which is used to define how to trust another party. In a trust relationship there is an entity, called trustor or agent, which can create trust by providing a service to another entity, called the trustee. A trustee that is perceived as highly reliable by the trustor is called a trustworthy entity [175].

There are four ways to create trust relationships [175]: i one-to-one: a relationship between two nodes,

ii one-to-many,

iii many-to-one: relationship between one node and a group of nodes and viceversa and

iv many-to-many: relationship between one group and another group of nodes.

There are also certain properties that a trust relationship has, such as reflexivity, subjectivity, asymmetry, transitivity, context relativity, measurability, uncertainty, dy- namism and time-ageing [176–180]. Trust is primarily reflexive, as each entity trusts itself. Subjectivity refers to the fact that different parties can have different trust opin- ions about the same context. Asymmetry describes the scenario in which a node A trusts another node B, but this does not mean that B automatically trusts A. Transitivity is

when a node A trusts B and B trusts another node C, but because trust typically is not transitive, this does not necessarily mean that A trusts C. Typically a node A trusts another node B within a specific context or related to a specific environment; this is called context relativity. Measurability refers to the ability to specify the degree of trust one node has in another based on its assessment of the honesty, competence and depend- ability of the other node. When a node is not sure whether to trust another node, there is an uncertainty area that prevents the trustor from trusting or distrusting the trustee. Trust is dynamic and strictly dependent on the timing factor. In fact, a node A can trust another node B to a certain degree at a specific time, but this degree can change to uncertainty or distrust at another specific time. Finally, the trust is time-ageing, as its value decreases with the passage of time.

Trust relationships can also be defined using mathematical notations [181–183]. A relationship between an entity A and an entity B (A → B) can be defined as TA,B with

T ∈ [0, 1]. The properties of trust relationships can therefore be defined as follows:

• Reflexivity: ∀A|G(TA,A= 1) where Gx means always x;

• Subjectivity: ∃Tα

A, TBα| (∃TAα ; ∃TBα) where α is the context in which parties are

creating their trust opinions;

• Asymmetry: ∃A, B| (∃TA,B ; ∃TB,A);

• Transitivity: ∃TA,B, TB,C ∧ @TA,C ∪ ∃P (A, B, C) where P (A, B, C) is the trust

path defined by the trust relationship between A and C through B. TA,C = RB·

TA,B if there is only one B, otherwise TA,C = _n1 Pni=1RBi· TA,Bi, where RB is B

recommendation trust value of C. These are valid only if B has some knowledge about C (TB,C 6= 0) and A has some knowledge about B (RB6= 0);

• Context relativity: ∃Tci

A,B ; ∃T cj

A,B where ci is the context i, cj is the context j

and i 6= j;

• Dynamic: (TA,B)_newQ (TA,B)_old, µ Q (TA,B)_old where µ is the latest trust level;

• Time-ageing: ∀ci   Tci A,B  t>  Tci A,B  t+∆t 

where ci is the context i and i =

1, ..., k.