Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Users and Trust in Cyberspace

  • Conference paper
  • First Online:
Security Protocols (Security Protocols 2000)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2133))

Included in the following conference series:

Abstract

The underlying belief and knowledge models assumed by various kinds of authentication protocols have been studied for well over 10 years now. On the other hand, the related question of the generic trust assumptions, which underlie the settings where the protocols are run, has received less attention. Furthermore, the notion of trust, as it is typically defined, has more been based on the formal model used than the real user requirements posed by the application context and the actual people using the system.

In this paper, we approach that problem from the users’ point of view. We briefly describe what are the psychological bases on which typical people build their trust assumptions on, and consider how these are reflected in a typical e-commerce setting today. Given this background, we proceed to contemplate how the systems could be made more trustworthy by explicitly representing the trust assumptions and requirements, and how these digital expressions of trust could be instrumented to and integrated with actual authentication protocols. Thus, our aim is to broaden the view from a protocol centric approach towards considering the actual users, and to provide some initial requirements for future operating systems and user interface design.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kristiina Karvonen, “Creating Trust”, in Proceedings of the Fourth Nordic Workshop on Secure IT Systems (Nordsec’ 99), November 1–2, 1999, Kista, Sweden, pp. 21–36

    Google Scholar 

  2. Anne Adams and M. Angela Sasse, “Users are not the Enemy”, Communications of the ACM, Vol. 42, No. 12, December 1999, pp. 41–46

    Article  Google Scholar 

  3. Martin Abadi, Mark R. Tutle, “A Semantics for a logic of authentication”, in Proceedings of the 10th ACM Symposium on Principles of Distributed Computing, pp. 201–216, ACM Press, Aug. 1991.

    Google Scholar 

  4. Michael Burrows, Martin Abadi, and Roger Needham, “A logic of authentication”, ACM Transactions on Computer Systems, 8:1, pp 18–36, Feb. 1990.

    Google Scholar 

  5. Paul Syverson and Paul C. van Oorschot, “On unifying some cryptographic protocol logics”, in Proc. 1994 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 14–28, May 1994.

    Google Scholar 

  6. Pekka Nikander, Modelling of Cryptographic Protocols, Licenciate’s Thesis, Helsinki University of Technology, December 1997.

    Google Scholar 

  7. Thomas Beth, Malte Borcherding, and Birgit Klein, “Valuation of trust in open networks”, in Proceedings of Computer Security-ESORICS’94, Brighton, UK, 2–9 Nov. 1994.

    Google Scholar 

  8. A. Jøsang, Modelling Trust in Information Society, Ph.D. Thesis, Department of Telematics, Norwegian University of Science and Technology, Trondheim, Norway, 1998.

    Google Scholar 

  9. Raphael Yahalom, Birgit Klein, Thomas Beth, “Trust relationships in secure systems: a distributed authentication perspective”, in Proc. 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 150–164, IEEE Computer Society Press, May 1993.

    Google Scholar 

  10. Raphael Yahalom, Birgit Klein, Thomas Beth, “Trust-based navigation in distributed systems”, Computing Systems, 7:1, pp. 45–73, Winter 1994.

    Google Scholar 

  11. Matt Blaze, Joan Feigmenbaum, and Jack Lacy, “Decentralized trust management”, in Proc. 1996 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, May 1996.

    Google Scholar 

  12. Ilari Lehti, and Pekka Nikander, “Certifying trust,” in Proceedings of the Practice and Theory in Public Key Cryptography (PKC)’ 98, Yokohama, Japan, Springer-Verlag, February 1998.

    Google Scholar 

  13. Pekka Nikander, An Architecture for Authorization and Delegation in Distributed Object-Oriented Agent Systems, Ph. D. Thesis, Helsinki University of Technology, March 1999.

    Google Scholar 

  14. G. U. Wilhelm, S. Staamann, L. Buttyán, “On the Problem of Trust in Mobile Agent Systems”, in Proceedings of the 1998 Network And Distributed System Security Symposium, March 11–13, 1998, San Diego, California, Internet Society, 1998.

    Google Scholar 

  15. ECommerce Trust Study, Cheskin Research and Studio Arhetype/Sapient, January 1999, http://www.studioarchetype.com/cheskin/

  16. Donna L. Hoffman, Thomas P. Novak, and Marcos Peralta, “Building Consumer Trust On-line”, Communications of the ACM, April 1999, Vol. 42, No. 4, pp. 80–85

    Article  Google Scholar 

  17. Lucas Cardholm, “Building Trust in an Electronic Environment”, in Proceedings of the Fourth Nordic Workshop on Secure IT Systems (Nordsec’ 99), November 1–2, 1999, Kista, Sweden, pp. 5–20

    Google Scholar 

  18. A. Jøsang, “Trust-based decision making for electronic transactions,” in L. Yngström and T. Svensson (Eds.) Proceedings of the Fourth Nordic Workshop on Secure IT Systems (NORDSEC’99), Stockholm, Sweden, Stockholm University Report 99-005, 1999.

    Google Scholar 

  19. M. Mühlfelder, U. Klein, S. Simon and H. Luczak, “Teams without Trust? Investigations in the Influence of Video-Mediated Communication on the Origin of Trust among Cooperating Persons”, in Behaviour & Information Technology, Vol. 18, No. 5, 1999, pp. 349–360

    Article  Google Scholar 

  20. Ronald Fagin and Joseph Y. Halpern, “I’m ok if you’re ok: on the notion of trusting communication”, Journal of Philosophical Logic, 17:4, pp. 329–354, Nov. 1988.

    Google Scholar 

  21. Gustavus J. Simmons and Catherine A. Meadows, “The role of trust in information integrity protocols”, Journal of Computer Security, 3:2, 1994.

    Google Scholar 

  22. Eric Ketelaar, “Can We Trust Information?”, in International Information & Library Review, Academic Press Limited, 1997, 29, pp. 333–338

    Google Scholar 

  23. A. B. Seligman, The Problem of Trust, Princeton University Press, New Jersey, 1997.

    Google Scholar 

  24. Jacob Nielsen, “Trust or Bust: Communicating Trustworthiness in Web Design”, Alertbox, March 7, 1999, at http://www.useit.com /alertbox/990307.htm

  25. Steven Bellman, Gerald L. Lohse, and Eric J. Johnson, “Predictors of On-line Buying Behaviour”, Communications of the ACM, Vol. 42, No. 12, December 1999, pp. 32–38

    Article  Google Scholar 

  26. Roger Clarke, “Internet Privacy Concerns Confirm the Case for Intervention”, Communications of the ACM, Vol. 42, No. 2, February 1999, pp. 60–67

    Article  Google Scholar 

  27. Kristiina Karvonen, “Enhancing Trust On-line”, in Proceedings of the Second International Workshop on Philosophy of Design and Information Technology (PhDIT’ 99), December 15–17, 1999, St.Ferréol, Toulouse, France, pp. 57–64

    Google Scholar 

  28. Jean-Jacques Rousseau, Maurice Cranston (Translator), The Social Contract, Reprint edition (September 1987), Penguin Books, USA.

    Google Scholar 

  29. Paola Benassi, “TRUSTe: An On-line Privacy Seal Program”, Communications of the ACM, Vol. 42, No. 2, February 1999, pp. 56–59

    Article  Google Scholar 

  30. Elena Rocco, “Trust Breaks Down in Electronic Contexts but Can Be Repaired by Some Initial Face-to-Face Contact”, in Proceedings of CHI’ 98, April 18–23, 1998, Los Angeles, CA.

    Google Scholar 

  31. Tessa Lau, Oren Etzioni, and Daniel S. Weld, “Privacy Interfaces for Information Management”, Communications of the ACM, Vol. 42, No. 10, October 1999, pp. 89–94

    Article  Google Scholar 

  32. Surfer Beware III: Privacy Policies without Privacy Protection, Electronic Privacy Information Center (www.epic.org), December 1999, http://www.epic.org/reports/surfer-beware3.htm

  33. Alma Whitten and J.D. Tygar, “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0,” in Proceedings of the 8th USENIX Security Symposium, August 1999.

    Google Scholar 

  34. Juha Pääjärvi, “XML Encoding of SPKI Certificates”, work in progress, Internet draft draft-paajarvi-xml-spki-cert-00.txt, March 2000.

    Google Scholar 

  35. Pasi Eronen, Johannes Lehtinen, Jukka Zitting, and Pekka Nikander, “Extending Jini with Decentralized Trust Management”, to appear in the Proceedings of OpenArch’2000, Tel Aviv, Israel.

    Google Scholar 

  36. Anne Adams and M. Angela Sasse, “Privacy Issues in Ubiquitous Multimedia Environments: Wake Sleeping Dogs, or Let Them Lie?”, Proceedings of Interact’ 99, IFIP TC.13 International Conference on Human-Computer Interaction, 30th August–3rd September, 1999, Edinburgh, UK, pp. 214–221

    Google Scholar 

  37. I. F. Cranor, J. Reagle and M. S. Ackerman, “Beyond Concern: Understanding Net Users’ Attitudes about On-line Privacy”, AT&T Labs-Research Technical Report TR 99.4.3, http://www.research.att.com/library/trs/TRs/99/99.4/

  38. Ross J. Anderson, “Liability, trust and security standards”, in Proceedings of the 1994 Cambridge Workshop on Security Protocols, University of Cambridge, UK, Springer-Verlag 1994.

    Google Scholar 

  39. Gustavus J. Simmons, “An introduction to the mathematics of trust in security protocols”, in Proc. Computer Security Foundations Workshop IV, pp. 121–127, Franconia, N.H., 15–17 June, EEE Computer Society Press, Los Alamitos, CA, 1993.

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Helsinki University of Technology, USA

    Pekka Nikander & Kristiina Karvonen

Authors
  1. Pekka Nikander
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kristiina Karvonen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Hertfordshire, Hatfield, AL10 9AB, UK

    Bruce Christianson  & James A. Malcolm  & 

  2. Cryptomathic, Corso Svizzera 185, 10149, Torino, Italy

    Bruno Crispo

  3. Microsoft Research Ltd., St. George House, 1 Guildhall Street, Cambridge, CB2 3NH, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nikander, P., Karvonen, K. (2001). Users and Trust in Cyberspace. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2000. Lecture Notes in Computer Science, vol 2133. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44810-1_5

Download citation

  • DOI: https://doi.org/10.1007/3-540-44810-1_5

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42566-3

  • Online ISBN: 978-3-540-44810-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation