Skip to main content

Home

 

Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

Sal Stolfo

Salvatore J. Stolfo Columbia University
A Brief History of Symbiote DefenseTuesday, October 31st
Rockefeller 003
5:00 PM

 Fright Night Imge

Wanna See Something REALLY Scary?
ISTS Looks at the Dark Web on Halloween Night
Tuesday, October 31st
Sudikoff  045 Trust Lab (dungeon)
7:30 PM - RSVP
Space is Limited 

   

Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan

 

 

 

Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George

 

Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

ISTS Information Pamphlet


2012BrochureCover

 

Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
info.ists@dartmouth.edu

Technology for Trust (T4T)

Project Summary

People and organizations increasingly rely on pervasively networked computer-based systems as the medium for accessing information, conducting transactions and exchanges, and communicating private information. Consumers, businesses, government officials and technologists demand “trusted” systems to ensure the safe, reliable and successful use of these systems.

Sociologists recognize that trust in these systems depends on more than simply the technology enabling them, but also on: the characteristics and abilities of the actors using the systems, the context and nature of the interaction, and the (non-technical) assurance mechanisms that facilitate confidence in these systems of exchange and communication.

This interdisciplinary project will address fundamental questions about the role of different types and sources of information for establishing trust in exchange. Exploring different sources of trust, as well as different types of signals of those sources, are important for advancing our understanding of trust as an important social mechanism facilitating interaction and exchange.

This study of trust also has important real-world implications for e-commerce and exchange of information over the Internet, including if and how government policy should regulate Internet transactions, and how technology can be designed or implemented in ways that are both secure and usable.

Subprojects

Project 1 Understanding the Role of Trust in Internet Exchange
Project 2 Enhancing Trust Through Information Sharing in the Extended Enterprise (EnTISE)
Project 3 Extensions to Automated Trust Negotiation
Project 4 Tiny Trusted Third Parties (T3P)
Project 5 Usable High-Assurance Operating Systems
Project 6 Communicating Trust Assertions (Greenpass)

Project 1: Understanding the Role of Trust in Internet Exchange

Project Summary

People and organizations increasingly rely on pervasively networked computer-based systems as the medium for accessing information, conducting transactions and exchanges, and communicating private information. Consumers, businesses, government officials and technologists demand "trusted" systems to ensure the safe, reliable and successful use of these systems. Sociologists recognize that trust in systems depends on more than simply the technology enabling them, but also on non-technical mechanisms, such as third-party assurance mechanisms and reputation.

This project uses experimental methods to examine how both technical and non-technical "trust" mechanisms influence user behavior in online exchange. Exploring different sources of trust, as well as how to accurately and appropriately signal information about those sources, are important for advancing our understanding of trust in facilitating secure online interaction and exchange.

Project 2: Enhancing Trust Through Information Sharing in the Extended Enterprise (EnTISE)

Project Summary

Sharing information throughout the extended enterprise is often thought to enhance trust. Even the simplest applications, like parcel tracking information, can boost the trust between customers and suppliers. In some cases, the increased trust can have far-reaching implications. For example, information sharing in the home video rental industry provided the trust required to transform the industry through revenue-sharing contracts.

This research examines how types and forms of information shared between firms impact trust. The project studies how information accessibility (e.g., wireless data collection), form (e.g., dynamic graphics or real-time video), and presentation (e.g., graphical content or animation) create trust in business relationships. Trust in business relationships is critical for extended enterprises to function competitively. Understanding how to increase trust through shared information is equally important for the commercial and public sectors. Both civilian and military relationships depend on such trust and can directly benefit from the results of this research.

Project 3: Extensions to Automated Trust Negotiation

Project Summary

In typical ad-hoc networks, nodes range from laptops to small units such as sensors. The mobility and changing availability of nodes fundamentally alter the requirements for trust establishment in these environments. Automated trust negotiation (ATN) is a method that lets two strangers safely conduct interactions in order to create a level of mutual trust. In this method, credentials signed by certificate authorities are exchanged through an iterative disclosure process that allows each credential to have a disclosure policy. Previous two-party trust negotiation schemes haven't given satisfactory solutions for some practical situations, such as cyclic interdependencies in credential disclosure policies and the inefficiency of applying a one-to-one approach with multiple parties. In mobile ad-hoc networks, trust relationships (such as those defining ad-hoc groups) may also need to be updated dynamically in the face of connectivity limitations introduced by mobile or intermittently active nodes.

This project addresses these limitations and extends two party trust negotiation to include third parties using two different schemes. In addition to being analyzed and tested, these schemes have been used to study three different application areas: (1) streaming content distribution, (2) content search, and (3) mobile computing. In each application, there is a potential for widespread practical applications on the Internet. All three applications have been analyzed and integrated under a uniform trust management platform. This work is particularly important in peer-to-peer (P2P) environments, where collaborations take place among parties who do not know each other, and in sensor networks.

Outcome

We have now completed the core features planned for our prototype and have extended the original project goals to add a recommendation module and an encryption module, and have tested our tool in a file sharing application in a P2P network setting. We will continue developing additional applications, starting with coordination and control of robotic systems, and will also be refining our prototype for distribution.

We have begun a collaboration with the Automation and Robotics Research Institute (ARRI), a research center located at the University of Texas at Arlington, to extend the ideas developed under this project by developing a derivative data exchange, coordination, and control system for robotic and sensor applications.

  • Principal Investigators: Jamie Ford and Fillia Makedon

Project 4: Tiny Trusted Third Parties (T3P)

Project Summary

Many security protocols hypothesize the existence of a trusted third party (TTP) to ease handling of computation and data too sensitive for the other parties involved. Subsequent discussion usually dismisses these protocols as hypothetical or impractical, since “trusted” third parties that are actually trusted by all stakeholders clearly cannot exist. However, this assumption is arguably fallacious: the last decade has seen the emergence of hardware-based devices that, to high assurance, can carry out computation unmolested; emerging research promises more. Unfortunately, perhaps as an inevitable consequence of cost-effective physical security, these devices have small memory and limited computational power.

Project 5: Usable High-Assurance Operating Systems

Project Summary

The information infrastructure depends on computing systems; however, computing systems depend on software environments for trustworthy behavior. In recent years, the field has seen a re-emergence of older software security ideas (in terms of basing software security in the OS)—with the NSA’s Security-Enhanced Linux (SELinux) considered by many to be the de facto best-of-breed solution for those wanting a high assurance but contemporary OS. Unfortunately, SELinux is essentially unusable: its monolithic and awkward policy structure makes it difficult for programmers to configure and maintain it for real-world applications—and difficult for stakeholders to trust that the resulting policy actually confines system behavior to “secure” operation only.

This project explores policy and verification tools to make it easier to use these high-assurance operating systems for secure applications in the real world.

Project 6: Communicating Trust Assertions (Greenpass)

Project Summary

The Greenpass project explores the practical problem of secure decentralized authentication and access control in wireless networks—both WLANs and MANETs. Many organizations are interested in securing connection access to their wireless (and wired) networks but the problem of accommodating guests continues to impede real deployments. This project will transform a working prototype solving this problem into ready-to-use technology that can be added to an 802.1x authenticated network.

This project also explores a deeper problem: if the trust flow expressed by an infrastructure’s clever PKI does not match the trust flow the human organization requires, then the human users will find a way to achieve their goals that breaks the infrastructure. This project’s approach marries the security of standard X.509 PKI tools with the flexibility of delegation.

Last Updated: 9/9/15