Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
On Inter-RealmAuthentication in Large Distributed Systems
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Seven cardinal properties of sensor network broadcast authentication
Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks
Rapid Trust Establishment for Pervasive Personal Computing
IEEE Pervasive Computing
Perspectives: improving SSH-style host authentication with multi-path probing
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
GAnGS: gather, authenticate 'n group securely
Proceedings of the 14th ACM international conference on Mobile computing and networking
SPATE: small-group PKI-less authenticated trust establishment
Proceedings of the 7th international conference on Mobile systems, applications, and services
Privacy and security: Usable security: how to get it
Communications of the ACM - Scratch Programming for All
Proceedings of the 17th ACM conference on Computer and communications security
Understanding scam victims: seven principles for systems security
Communications of the ACM
SPATE: Small-Group PKI-Less Authenticated Trust Establishment
IEEE Transactions on Mobile Computing
IEEE Transactions on Software Engineering
Flooding-resilient broadcast authentication for VANETs
MobiCom '11 Proceedings of the 17th annual international conference on Mobile computing and networking
On the foundations of trust in networks of humans and computers
Proceedings of the 2012 ACM conference on Computer and communications security
Street-Level trust semantics for attribute authentication (transcript of discussion)
SP'12 Proceedings of the 20th international conference on Security Protocols
Hi-index | 0.00 |
We argue that a general theory of trust in networks of humans and computers must be build on both a theory of behavioraltrust and a theory of computationaltrust. This argument is motivated by increased participation of people in social networking, crowdsourcing, human computation, and socio-economic protocols, e.g., protocols modeled by trust and gift-exchange games [3,10,11], norms-establishing contracts [1], and scams [6,35,33]. User participation in these protocols relies primarily on trust, since on-line verification of protocol compliance is often impractical; e.g., verification can lead to undecidable problems, co-NP complete test procedures, and user inconvenience. Trust is captured by participant preferences (i.e., risk and betrayal aversion) and beliefs in the trustworthiness of other protocol participants [11,10]. Both preferences and beliefs can be enhanced whenever protocol noncompliance leads to punishment of untrustworthy participants [11,23]; i.e., it seems natural that betrayal aversion can be decreased and belief in trustworthiness increased by properly defined punishment [1]. We argue that a general theory of trust should focus on the establishment of new trust relations where none were possible before. This focus would help create new economic opportunities by increasing the pool of usable services, removing cooperation barriers among users, and at the very least, taking advantage of "network effects." Hence a new theory of trust would also help focus security research in areas that promote trust-enhancement infrastructures in human and computer networks. Finally, we argue that a general theory of trust should mirror, to the largest possible extent, human expectations and mental models of trust without relying on false methaphors and analogies with the physical world.