Trust me, I'm a machine
Using the cost-benefit function at the heart of risk analysis, the IST programme-funded SECURE project developed software to integrate the very subjective, human concept of trust into computers, PDAs, mobile 'phones and other network devices. Pervasive computing is a steadily emerging reality. Mobile phones and PDAs are becoming powerful computers in their own right, cars now routinely include telematics, which allows them to know where they are, for example. Now vending machines that accept payment from your mobile phone or PDA are in deployment. All of these devices will periodically connect to the network to perform transactions, whether it's information, services or purchases. But as the network spreads and the devices that can access it multipy it is very difficult to maintain security. How do you know the person, or the machine, will not steal your personal information or that they will supply the goods, services or information you purchase? "We've developed software that allows judgement based on establishing a value of trust and balancing that against the risk of abuse. We've mostly work on developing a system to stop spam, so the software would ask establish if the email is trustworthy. We also looked at using the service for an e-purse, an electronic purse for small transactions," says Vinny Cahill, coordinator of the SECURE project at Trinity College, Dublin. The concept works like this: your PDA or mobile phone receives a query about your current location. First it establishes the identity of the request. Then your PDA or e-purse asks its trust calculator how trustworthy you are. The calculator bases this on previous experiences. If this is the first time, it will base it on your reputation or rating with others or, in the SECURE system, it can even delegate authority to another party. Meanwhile the risk evaluator is calculating the cost of the transaction if your trust is abused. If the trust is greater than the risk, you PDA reveals your location. If it is unsure, it asks the user. This could be very helpful if you're near a store that's offering a discount on something you need. The group says their software scheme can even work offline, the based on experience in similar situations. SECURE developed their software in Java, which means it can work on almost any device.The project finished in December 2004, when it completed development of a software framework that can incoporated to various applications. "Trust is emerging as a viable method for creating and using ad hoc networks and we'd like to take it further, but it will be another two or three years before it could be deployed in a commercial application," says Prof. Cahill. Contact: ,Professor Vinny Cahill,O'Reilly Institute,Department of Computer Science,Trinity College,,Dublin 2,Ireland,Tel: +353-1-608-1795,Email: Vinny.Cahill@cs.tcd.iePublished by the IST Results service which brings you online ICT news and analysis on the emerging results from the European Commission's Information Society Technologies research initiative. The service reports on prototype products and services ready for commercialisation as well as work in progress and interim results with significant potential for exploitation.
Countries
Ireland