Abstract
The underlying belief and knowledge models assumed by various kinds of authentication protocols have been studied for well over 10 years now. On the other hand, the related question of the generic trust assumptions, which underlie the settings where the protocols are run, has received less attention. Furthermore, the notion of trust, as it is typically defined, has more been based on the formal model used than the real user requirements posed by the application context and the actual people using the system.
In this paper, we approach that problem from the users’ point of view. We briefly describe what are the psychological bases on which typical people build their trust assumptions on, and consider how these are reflected in a typical e-commerce setting today. Given this background, we proceed to contemplate how the systems could be made more trustworthy by explicitly representing the trust assumptions and requirements, and how these digital expressions of trust could be instrumented to and integrated with actual authentication protocols. Thus, our aim is to broaden the view from a protocol centric approach towards considering the actual users, and to provide some initial requirements for future operating systems and user interface design.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kristiina Karvonen, “Creating Trust”, in Proceedings of the Fourth Nordic Workshop on Secure IT Systems (Nordsec’ 99), November 1–2, 1999, Kista, Sweden, pp. 21–36
Anne Adams and M. Angela Sasse, “Users are not the Enemy”, Communications of the ACM, Vol. 42, No. 12, December 1999, pp. 41–46
Martin Abadi, Mark R. Tutle, “A Semantics for a logic of authentication”, in Proceedings of the 10th ACM Symposium on Principles of Distributed Computing, pp. 201–216, ACM Press, Aug. 1991.
Michael Burrows, Martin Abadi, and Roger Needham, “A logic of authentication”, ACM Transactions on Computer Systems, 8:1, pp 18–36, Feb. 1990.
Paul Syverson and Paul C. van Oorschot, “On unifying some cryptographic protocol logics”, in Proc. 1994 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 14–28, May 1994.
Pekka Nikander, Modelling of Cryptographic Protocols, Licenciate’s Thesis, Helsinki University of Technology, December 1997.
Thomas Beth, Malte Borcherding, and Birgit Klein, “Valuation of trust in open networks”, in Proceedings of Computer Security-ESORICS’94, Brighton, UK, 2–9 Nov. 1994.
A. Jøsang, Modelling Trust in Information Society, Ph.D. Thesis, Department of Telematics, Norwegian University of Science and Technology, Trondheim, Norway, 1998.
Raphael Yahalom, Birgit Klein, Thomas Beth, “Trust relationships in secure systems: a distributed authentication perspective”, in Proc. 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 150–164, IEEE Computer Society Press, May 1993.
Raphael Yahalom, Birgit Klein, Thomas Beth, “Trust-based navigation in distributed systems”, Computing Systems, 7:1, pp. 45–73, Winter 1994.
Matt Blaze, Joan Feigmenbaum, and Jack Lacy, “Decentralized trust management”, in Proc. 1996 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, May 1996.
Ilari Lehti, and Pekka Nikander, “Certifying trust,” in Proceedings of the Practice and Theory in Public Key Cryptography (PKC)’ 98, Yokohama, Japan, Springer-Verlag, February 1998.
Pekka Nikander, An Architecture for Authorization and Delegation in Distributed Object-Oriented Agent Systems, Ph. D. Thesis, Helsinki University of Technology, March 1999.
G. U. Wilhelm, S. Staamann, L. Buttyán, “On the Problem of Trust in Mobile Agent Systems”, in Proceedings of the 1998 Network And Distributed System Security Symposium, March 11–13, 1998, San Diego, California, Internet Society, 1998.
ECommerce Trust Study, Cheskin Research and Studio Arhetype/Sapient, January 1999, http://www.studioarchetype.com/cheskin/
Donna L. Hoffman, Thomas P. Novak, and Marcos Peralta, “Building Consumer Trust On-line”, Communications of the ACM, April 1999, Vol. 42, No. 4, pp. 80–85
Lucas Cardholm, “Building Trust in an Electronic Environment”, in Proceedings of the Fourth Nordic Workshop on Secure IT Systems (Nordsec’ 99), November 1–2, 1999, Kista, Sweden, pp. 5–20
A. Jøsang, “Trust-based decision making for electronic transactions,” in L. Yngström and T. Svensson (Eds.) Proceedings of the Fourth Nordic Workshop on Secure IT Systems (NORDSEC’99), Stockholm, Sweden, Stockholm University Report 99-005, 1999.
M. Mühlfelder, U. Klein, S. Simon and H. Luczak, “Teams without Trust? Investigations in the Influence of Video-Mediated Communication on the Origin of Trust among Cooperating Persons”, in Behaviour & Information Technology, Vol. 18, No. 5, 1999, pp. 349–360
Ronald Fagin and Joseph Y. Halpern, “I’m ok if you’re ok: on the notion of trusting communication”, Journal of Philosophical Logic, 17:4, pp. 329–354, Nov. 1988.
Gustavus J. Simmons and Catherine A. Meadows, “The role of trust in information integrity protocols”, Journal of Computer Security, 3:2, 1994.
Eric Ketelaar, “Can We Trust Information?”, in International Information & Library Review, Academic Press Limited, 1997, 29, pp. 333–338
A. B. Seligman, The Problem of Trust, Princeton University Press, New Jersey, 1997.
Jacob Nielsen, “Trust or Bust: Communicating Trustworthiness in Web Design”, Alertbox, March 7, 1999, at http://www.useit.com /alertbox/990307.htm
Steven Bellman, Gerald L. Lohse, and Eric J. Johnson, “Predictors of On-line Buying Behaviour”, Communications of the ACM, Vol. 42, No. 12, December 1999, pp. 32–38
Roger Clarke, “Internet Privacy Concerns Confirm the Case for Intervention”, Communications of the ACM, Vol. 42, No. 2, February 1999, pp. 60–67
Kristiina Karvonen, “Enhancing Trust On-line”, in Proceedings of the Second International Workshop on Philosophy of Design and Information Technology (PhDIT’ 99), December 15–17, 1999, St.Ferréol, Toulouse, France, pp. 57–64
Jean-Jacques Rousseau, Maurice Cranston (Translator), The Social Contract, Reprint edition (September 1987), Penguin Books, USA.
Paola Benassi, “TRUSTe: An On-line Privacy Seal Program”, Communications of the ACM, Vol. 42, No. 2, February 1999, pp. 56–59
Elena Rocco, “Trust Breaks Down in Electronic Contexts but Can Be Repaired by Some Initial Face-to-Face Contact”, in Proceedings of CHI’ 98, April 18–23, 1998, Los Angeles, CA.
Tessa Lau, Oren Etzioni, and Daniel S. Weld, “Privacy Interfaces for Information Management”, Communications of the ACM, Vol. 42, No. 10, October 1999, pp. 89–94
Surfer Beware III: Privacy Policies without Privacy Protection, Electronic Privacy Information Center (www.epic.org), December 1999, http://www.epic.org/reports/surfer-beware3.htm
Alma Whitten and J.D. Tygar, “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0,” in Proceedings of the 8th USENIX Security Symposium, August 1999.
Juha Pääjärvi, “XML Encoding of SPKI Certificates”, work in progress, Internet draft draft-paajarvi-xml-spki-cert-00.txt, March 2000.
Pasi Eronen, Johannes Lehtinen, Jukka Zitting, and Pekka Nikander, “Extending Jini with Decentralized Trust Management”, to appear in the Proceedings of OpenArch’2000, Tel Aviv, Israel.
Anne Adams and M. Angela Sasse, “Privacy Issues in Ubiquitous Multimedia Environments: Wake Sleeping Dogs, or Let Them Lie?”, Proceedings of Interact’ 99, IFIP TC.13 International Conference on Human-Computer Interaction, 30th August–3rd September, 1999, Edinburgh, UK, pp. 214–221
I. F. Cranor, J. Reagle and M. S. Ackerman, “Beyond Concern: Understanding Net Users’ Attitudes about On-line Privacy”, AT&T Labs-Research Technical Report TR 99.4.3, http://www.research.att.com/library/trs/TRs/99/99.4/
Ross J. Anderson, “Liability, trust and security standards”, in Proceedings of the 1994 Cambridge Workshop on Security Protocols, University of Cambridge, UK, Springer-Verlag 1994.
Gustavus J. Simmons, “An introduction to the mathematics of trust in security protocols”, in Proc. Computer Security Foundations Workshop IV, pp. 121–127, Franconia, N.H., 15–17 June, EEE Computer Society Press, Los Alamitos, CA, 1993.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nikander, P., Karvonen, K. (2001). Users and Trust in Cyberspace. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2000. Lecture Notes in Computer Science, vol 2133. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44810-1_5
Download citation
DOI: https://doi.org/10.1007/3-540-44810-1_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42566-3
Online ISBN: 978-3-540-44810-5
eBook Packages: Springer Book Archive