The right type of trust for distributed systems

Abstract

Research in information security has traditionally focused on where to place or how to propagate trust. In that sense, a cryptographic algorithm or protocol is simply a mechanism to transfer trust from where it exists to where it is needed. This paper puts the focus on trust itself and shows that it is a very complex concept with many interesting and important implications. We do not attempt to define a formal trust model, but rather examine the types of trust and trust relationships which are relevant for information security. It is shown that the existence of trust as a phenomenon depends on the existence of malicious behaviour. This observation leads to the distinction between passionate entities with human-like capabilities, and rational entities which basically are systems. Trust can then be defined as the belief that a rational entity will resist malicious manipulation or that a passionate entity will behave without malicious intent. It is also shown that trust relationships exhibit a great diversity, that they are based on knowledge and that they contain aspects in common with strategy games.