Building and Management of Trust in Networked Information Systems

Building and Management of Trust in Networked Information Systems

István Mezgár (Hungarian Academy of Sciences, Hungary)
DOI: 10.4018/978-1-60566-026-4.ch067
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Thanks to rapidly developing information and communication technologies, the complexity of networked organizations has become very high, so the representation of their structure and the description of their operation and their control need new technologies, new approaches. The availability of individuals independently from location and time means mobility, and that is an important attribute of today’s society. This mobility can be achieved by using different types of mobile wireless networks as wireless wide area networks (WWANs, e.g., GSM, GPRS, and UMTS), wireless local area networks (WLANs, e.g., WiFi 802.11a-g), and wireless personal area (or pico) network (WPAN, e.g., Bluetooth, IrDA2). In spite of the application of high-tech approaches, tools, and methodologies, there is a common point in all of the organizations: human beings make most of the important decisions, and they operate and use systems. Experience shows that improper application of this human factor can make operation very inefficient even in the case of the technically most advanced systems. The lowest level of connection among systems is made through protocols; the highest contact level is among decision makers, users namely among human beings. A very important element of this human contact is trust. In a networked organization, trust is the atmosphere, the medium in which actors are moving (Castelfranchi & Tan, 2001). Only trust can bridge cultural, geographical, and organizational distances of team members (and even of firms) from turning to unmanageable psychological distances. Trust is the base of cooperation, the normal behavior of the human being in the society. The ability of enterprises to form networked systems depends on the existing level of trust in the society and on the capital of society (Fukuyama, 1995). As the rate of cooperation is increasing in all fields of life, the importance of trust is evolving even faster. Lack of trustworthy security services is a major obstacle to the use of information systems in private, in business (B2B), as well as in public services. Trust is intimately linked to consumers’ rights, like security, identification, authentication, privacy, and confidentiality. Secure identification, authentication of the users, and communication security are main problems in networked systems. Information management (IM) is a fuzzy term covering the various stages of information processing from production to storage and retrieval to dissemination towards the better working of an organization, where information can be from internal and external sources and in any format. The role of trust in these processes is definitive as human-to-human and human-to-system communication forms the base of information management.
Chapter Preview
Top

Introduction

Thanks to rapidly developing information and communication technologies, the complexity of networked organizations has become very high, so the representation of their structure and the description of their operation and their control need new technologies, new approaches. The availability of individuals independently from location and time means mobility, and that is an important attribute of today’s society. This mobility can be achieved by using different types of mobile wireless networks as wireless wide area networks (WWANs, e.g., GSM, GPRS, and UMTS), wireless local area networks (WLANs, e.g., WiFi 802.11a-g), and wireless personal area (or pico) network (WPAN, e.g., Bluetooth, IrDA2).

In spite of the application of high-tech approaches, tools, and methodologies, there is a common point in all of the organizations: human beings make most of the important decisions, and they operate and use systems. Experience shows that improper application of this human factor can make operation very inefficient even in the case of the technically most advanced systems. The lowest level of connection among systems is made through protocols; the highest contact level is among decision makers, users namely among human beings. A very important element of this human contact is trust. In a networked organization, trust is the atmosphere, the medium in which actors are moving (Castelfranchi & Tan, 2001). Only trust can bridge cultural, geographical, and organizational distances of team members (and even of firms) from turning to unmanageable psychological distances. Trust is the base of cooperation, the normal behavior of the human being in the society. The ability of enterprises to form networked systems depends on the existing level of trust in the society and on the capital of society (Fukuyama, 1995). As the rate of cooperation is increasing in all fields of life, the importance of trust is evolving even faster.

Lack of trustworthy security services is a major obstacle to the use of information systems in private, in business (B2B), as well as in public services. Trust is intimately linked to consumers’ rights, like security, identification, authentication, privacy, and confidentiality. Secure identification, authentication of the users, and communication security are main problems in networked systems.

Information management (IM) is a fuzzy term covering the various stages of information processing from production to storage and retrieval to dissemination towards the better working of an organization, where information can be from internal and external sources and in any format. The role of trust in these processes is definitive as human-to-human and human-to-system communication forms the base of information management.

Key Terms in this Chapter

Personal Trusted Device: People like smart, little, handheld tools they can carry with them permanently, so they can control them both physically and in time. According to the concept of the personal trusted device, it must be personal, always carried by user, small, cheap, accumulator powered, have a common user interface, and be as secure as a smart card. Mobile phones can fulfill the role of personal trusted devices, as mobile phones are well placed as identity tokens, they have dynamic authentication already proven in GSM, and have mass market and secure communications. Mobile phones are the only mass-market smart card readers, and they are highly personal. Users are usually very attached to their phones, and they can be made more personal by use of a PIN or (later) biometrics.

Biometry/Biometrics: Generally, biometrics refers to the study of measurable biological characteristics. In computer security, biometric technologies are defined as automated methods of identifying or authenticating the identity of a living person based on his or her physiological (e.g., fingerprint, hand, ear, face, eye — iris/retina) or behavioral (e.g., signature, voice, keystroke) characteristic. This method of identification is preferred over current methods involving passwords and pin numbers, as the person to be identified is required to be physically present at the point of identification, so the person or user is identified, not the device, as in case of a PIN and password.

Trust Management: A unified approach to specifying and interpreting security policies, credentials, and relationships; it allows direct authorization of security-critical actions. A trust-management system provides standard, general-purpose mechanisms for specifying application security policies and credentials. Trust-management credentials describe a specific delegation of trust and subsume the role of public key certificates; unlike traditional certificates, which bind keys to names, credentials can bind keys directly to the authorization to perform specific tasks.

Trust: Can be viewed as a cognitive and social device able to reduce complexity, enabling people to cope with the different levels of uncertainty and sometimes the risks that, at different degrees, permeate our life. Without trust, an individual would freeze in uncertainty and indecision when faced with the impossibility of calculating all possible outcomes of a situation. From a social perspective, trust permits the necessary knowledge sharing of delegation and cooperative actions (Luhmann, 1979).

Encryption: The transformation of plaintext into an apparently less readable form (called cipher text) through a mathematical process. The cipher text may be read by anyone who has the key that decrypts (undoes the encryption of) the cipher text.

Trustworthiness: The ability to attain and maintain a “trusted state,” which is definable, measurable, validatable, and demonstrable over time. Digital trustworthiness means a verifiable level of electronic process integrity, security, control, authenticity, and reliability that captures, preserves, retrieves, verifies, renders, and makes available in human-readable form — the essential transaction content, context, notice, intent, and consent — to meet the electronic forensic evidence requirements necessary for legal admissibility and regulatory compliance.

Complete Chapter List

Search this Book:
Reset