Trusted ICT Infrastructures and Services: Features, Challenges and Technical Issues Extended Abstract

Gyu Myoung Lee Liverpool John Moores University Byrom Street, Liverpool, L3 3AF UK [email protected]

Upul Jayasinghe Liverpool John Moores University Byrom Street, Liverpool, L3 3AF UK [email protected]

Nguyen B. Truong Liverpool John Moores University Byrom Street, Liverpool, L3 3AF UK [email protected]

Cheol-hye Cho ETRI 218 Gajeong-ro, Yuseong-gu, Daejeon, 34129, KOREA [email protected]

Keywords: Trust, ICT, ITU-T, IoT

The Second Bright ICT Annual Workshop on Bright ICT 2016

Trusted ICT Infrastructures and Services: Features, Challenges and Technical Issues 1. Introduction For evolving towards a knowledge society, Information and Communication Technology (ICT) will be mainly used for the creation, dissemination and utilization of knowledge in an open and collaborative manner. Although recent advances in ICT have brought changes to our everyday lives, various problems exist due to the lack of trust. If knowledge is exploited for malicious intentions, it could suffer from irreparable damage and uncertain dangers. However, it is difficult to identify and prevent the risks of knowledge sharing in complicated ICT infrastructures. Based on the significant efforts made to build a reliable information infrastructure and converged ICT services, Telecommunication Standardization Sector of the International Telecommunications Union (ITU-T) has started to work on future trusted ICT infrastructures. These infrastructures will be able to accommodate emerging trends in ICT, while taking into account social and economic considerations. ITU-T Study Group (SG) 13 established the Correspondence Group on Trust (CG-Trust) last year. As a result, the CG-Trust completed the development of a technical report on trust provisioning of ICT Infrastructures in April 2016. Thus, this paper presents the trust concept, features, key characteristics and challenges for trusted ICT infrastructures and services based on ITU-T activities. It also discusses several technical issues for trust provisioning in ICT infrastructures and services. It then outlines ideas for an effort to find viable solutions to trust related problems while developing advanced technologies from an ITU-T standards perspective along with the trust architectural framework and a case study on trust provisioning. Building and validating trusted relationships will be contingent on trust related information and it’s processing for supporting trustworthy services and applications. Therefore, this paper emphasizes the importance of trust standardization activities in the future. 2. Trust Concept and Features The trust has been investigated in many disciplines including sociology, economics, medicine, psychology and information science which is a multidimensional, multidiscipline and multifaceted concept. As a lexical-semantic, trust means reliance on the integrity, strength, ability, surety, etc., of a person or thing. Generally trust is used as a measure of confidence that an entity will behave in an expected manner, despite the lack of ability to monitor or control the environment in which it operates (Sherchan et al. 2013). Trust in computer science in general can be classified into two broad categories: “user” and “system”. The notion of “user” trust is derived from psychology and sociology, with a standard definition as “a subjective expectation an entity has about another’s future behavior”. “System” trust is “the expectation that a device or system will faithfully behave in a particular manner to fulfil its intended purpose” (Sherchan et al. 2013). Among the various definitions in the literature, formally, we define trust as “a belief of a trustor governed in a trustee that the trustee will conduct a given task as the trustor’s expectation within a specific context and in a specific time period”. In general, trust provisioning involves tasks like Data Collection, Data Access Control, Data Process, Trust Analytic, Trust Establishment, Trust Computation, Trust Management, and Decision Making. Hence, it is clear that the required number of processes for trust provisioning are different from each context and each aspect. From system viewpoint, trust is strongly related

The Second Bright ICT Annual Workshop on Bright ICT 2016

to dependability that indicates the ability of a system to deliver a trusted service by taking security, privacy and reliability schemes into consideration. Typically, these three schemes are quantified by some factors in the Physical and Cyber domains such as availability, integrity, or reliability. A key difference between trust and dependability is due to social factors (social capital) introduced by the enrolment of humans in the Social domain of the cyber-physical-social system (CPSS) infrastructure (Figure 1Figure). From sociological perspective, social capital is factors built up through interactions among individuals over time that interpret several trust aspects of both trustors and trustees in social networks.

Figure 1. Trust concept in the CPSS infrastructure. In a specific context, for instance in the Internet of Things (IoT), trust is reliance on the integrity, ability or character of an entity. Trust can be further explained in terms of confidence in the truth or worth of an entity. For example, EU uTRUSTit project defined that trust is a user’s confidence in an entity’s reliability, including user’s acceptance of vulnerability in a potentially risky situation (Döbelt et al. 2012). 3. Challenges for trustworthy ICT infrastructure As core design principles for future ICT infrastructure, telecommunications systems and ICT should consider trust as a key component taking into consideration the following aspects: 

Interactions and relationships among Social/Cyber/Physical worlds;



Trustable intelligent services based on data convergence and mining;



Trustworthy environment for correct operations;



Enhanced security and privacy.

For fulfill these considerations, this section identifies key challenges for trustworthy ICT infrastructure. (1) Trust Relationships: In the IoT, things are objects of the physical world (physical things) or of the information world (virtual things), which are capable of being identified and integrated into information and communication networks. Thus, social trust among humans and things is quite important. Trust may be human to human, thing to thing (e.g., handshake protocols negotiated), human to thing (e.g., when a consumer reviews a digital signature advisory notice) or thing to human (e.g.,

The Second Bright ICT Annual Workshop on Bright ICT 2016

when a system relies on user input and instruction without extensive verification). In addition to individual trust, community trust also needs to be considered. For social-cyber-physical relationships, trust as a cross domain relationship are needed, taking into consideration coexistence, connectivity, interactivity and spatio-temporal situations among vertical layers. (2) Trust Management: Trust has interactions with all vertical layers – users, applications, computing, networks, things. Thus similar to security, trust management technology is necessary as a separate common layer which covers all vertical layers. It basically needs identity management to assure the identity of an entity and support business and trust applications. Trust management has the following key functionalities: monitoring management, data management, analytics management, expectation management and decision management. Specifically trust information for reputation and recommendation are exchanged to support these functionalities and adaptive knowledge based control for dynamics is further considered. (3) Measure & Calculate: For measurable trust, some mechanisms or solutions of trust may be accounted by defining trust metrics or trust index. There are several attributes for trust provisioning such as security, strength, reliability, availability, and ability, etc. Depending on services and applications, the required attributes of trust may vary. The capabilities or attributes of trust can be also classified into application types, costs, technical complexity, and human credibility/reputation. Depending on applications, most of trust solutions may be clarified and mapped. Due to the diversity of applications and their inherent differences in nature, trust is hard to formalize in a general setting. However, it is important to quantify level of trust in ICT. The level of trust can be measured classified which is similar with Quality of Service (QoS) as an objective manner (e.g., measured quantitatively) or Quality of Experience (QoE) as a subjective manner (e.g., counted qualitatively). A certain level of trust should be derived from the associated services and applications of trust. Depending on services and applications, the trust level should be well identified and measured at objectively or subjectively manners. Depending on what level of trust the users need to know including sensitivity of information and associated resources, there may be a lot of Service Level Agreement (SLA) of trust. (4) Trust-based Decision Making: In the IoT, data generated by devices and existing infrastructure must be able to be shared through databases for analysis. For trusted data exchange, each process from sensing to actionable knowledge requires trust enabled mechanisms such as data perception trust, trustworthy data fusion/mining and reasoning with trust related policies and rules. The state of entities changes dynamically, including location and speed. Moreover, the number of entities can change dynamically. For supporting these characteristics, autonomics for handling trust requirements under dynamic conditions is required and recent advances like fog computing or mobile edge computing can be a possible solution for distributed/localized trust-based decision making. (5) Constraint Environment: For small-sized objects with limited power, their capabilities as communication objects are less than those of higher-end processing and computing devices. To cope with these constrained objects, performance, less energy consumption and heterogeneity should be considered. Trust solutions with lightweight mechanisms that remove unnecessary loads/messages and minimize energy consumption become a necessity. (6) New Business Models: The platform services using big data and open platforms are becoming important to be provided by the automatic capture, communication and processing of the data of things based on the rules configured by operators or customized by subscribers. Trust-

The Second Bright ICT Annual Workshop on Bright ICT 2016

based services require more reliable techniques for trust related information and its processing (e.g., data fusion and data mining). Thus trust in new business models considering sharing economy will be quite an essential element for value added services. 4. Technical Issues and Architectural Framework ITU-T established the Correspondence Group on Trust (CG-Trust) last year. Based on the technical report on trust provisioning of ICT Infrastructure developed by the CG-Trust (ITU-T CG-Trust 2015), ITU-T SG13 is currently developing a Recommendation on trust provisioning. We briefly presents technical issues and architectural overview from the ITU-T perspective. Following procedures with technical issues shall be considered to support trust provisioning processes for ICT infrastructures and services. 

Trust data collection: Trust data collection process conducts planning to collect trust data as well as collecting trust data. In planning trust data collection, it is needed to deliberate what and how many trust data should be collected. Entries of trust data shall be related to the purpose of trust provisioning and be uncorrelated with each other for usability on trust provision processes. Trust data shall be collected as least as possible because of time and cost for the collection of trust data. Moreover, excessive trust data collection may cause the privacy concern within the ICT infrastructures and services, the amount of trust data which needs to be collected shall be also considered in this process. In collecting trust data process, it is necessary to check that the process is operated well based on the planning about trust data collection.



Trust data management: In this process, collected trust data is manipulated to generate trust information. Trust data should be carefully handled with on the regard of trustworthiness, the purpose of trust provisioning and usability of collected trust data to easily create trust information. As the number of data sources and types are dramatically increased, the trustworthiness of trust data itself is regarded as important. Because false data will lead to degradation of accuracy of trust information and waste of resources of trust data collection, it is a significant issue to detect wrong or polluted trust data. In the perspective of data protection, aggregated trust data shall be protected from abnormal approaches such as hacking or data leak.



Trust information analysis: Trust information analysis process extracts the meaningful trust information from trust data and other trust information for entities in ICT infrastructures and services. Because trust is generated on the relationship between the trustor and the trustee, trust information shall explicitly reflect the trust relationship using the objective and subjective manner.



Dissemination of trust information: Trust dissemination means to distribute or broadcast trust information which is created on the previous process. There could be many ways of disseminating trust information in different domains. In case of a social domain, recommendation and visualization methods are considered as main approaches to disseminate trust information. The efficient, effective and suitable trust dissemination methods should be developed, that is, only trust information which trustor concerns shall be disseminated to trustors in ICT infrastructures and services. Trustor can determine trust of trustee with trust information with the subjective criteria.



Trust information lifecycle management: In previous processes, trust information is created and disseminated to ICT infrastructure and services. Because of the dynamic characteristic of trust, trust information shall be re-established, updated and abolished. The re-establishment phase replaces components of trust information due to the change of an object or a service.

The Second Bright ICT Annual Workshop on Bright ICT 2016

The feedback of the trustor which receives trust information of the trustee also could be related to the replacement of components in the re-establishment phase. At the update phase, the value of trust information and trust data is updated and trust information is re-evaluated. Finally, if trust information of an object or a service is dispensed with, trust information can be abolished or reset. Based on the discussion above, the trust architectural framework agreed in ITU-T for strengthening trust in the ICT infrastructure is presented in Figure 2 for stakeholders in an ICT ecosystem value chain. It consists of four major parts as follows: Trust Agent, Trust Analysis and Management Platform, Trust Service Enabler and Trust Service Broker.

Service Domain#1

Trust Agent TA Interface

Social Data

Humans

Trust Data Collecting

Trust Data Filtering and Preprocessing

Trust Analysis and Management Platform(TAMP)

Service Domain #2

Other TAMPs

Trust Modelling & Evaluation Social/Cyber/Physical Trust Models

Domain Specific Data

.. .

Trust Reasoning and Evaluation Trust Metric Extractor

S/W, Process

Cyber Data

Trust Repository & Gathering Trust Knowledge Gathering Interfaces

Trust Service Enabler

H/W, Devices

Physical Data

Trust Linking

Trust IdM

Trust Service Broker

Other TAMPs

Domain Specific Data

Trust Data Repository

Trust Computation Data Analytics

Trust-based Recommendation

Service Domain #N

Cloud Computing

Trust API

Trust Governance Open data, Knowledge Base

Figure 2. Trust architectural framework 5. A Case Study on Trust Provisioning Here we introduce a case study for used car transaction with the trust management platform among entities who participate in used vehicle market, and sharing trustful data and information (see Figure 3) (ITU-T CG-Trust 2015). When a buyer requests selling his/her car, a dealer registers that vehicle in an online market place liked to the trust service broker. Then, the trust management platform automatically collects data from various sources such as an insurance company, a public organization, social network services, and vehicle itself. If a vehicle owner attaches on-board diagnostic scanner, this device records and accumulates wide ranges of vehicle-oriented information such as driving distance, recorded fuel efficiency, accident, driving habits, and maintenance and repair history. In the next step, by transforming these fragmented data into single information, the trust management platform identifies and evaluates the level of trust of an owner of used car, a registered vehicle, and a dealer. Based on this refined and trustful information, a buyer can assure the condition of the used vehicle prior to purchasing and make a purchase decision with comparably low level of uncertainty and risk.

The Second Bright ICT Annual Workshop on Bright ICT 2016

Figure 3. Used Car Transaction Based on Trustful Data 6. Conclusion and Future Standardization From the understanding of trust considering knowledge, this paper has identified key challenges for trustworthy ICT infrastructure and showed a case study. The scope of existing standards on security and privacy needs to be expanded for trust issues in future ICT Infrastructures. As existing research and standardization activities on trust are still limited to the social trust among humans, trust relationships among humans and things as well as among cross domains of social cyber physical worlds should also be taken into account for trustworthy autonomous networking and services in IoT environments. Based on this, we need to first find various use cases considering user confidence, usability and reliability in ICT ecosystems for new business models reflecting sharing economy. Then, a framework for trust provisioning including requirements and architectures should be urgently specified in relation to the relevant standards. In addition, the global collaborations with other standardization bodies are required to stimulate trust standardization activities. Acknowledgement This research was supported by the ICT R&D program of MSIP/IITP [R0190-15-2027, Development of TII (Trusted Information Infrastructure) S/W Framework for Realizing Trustworthy IoT Eco-system] and ITU-T (Telecommunication Standardization Sector of the International Telecommunications Union). References Döbelt, S., Busch, M., and Hochleitner, C. 2012. "Defining, Understanding, Explaining Trust within the iTRUSTit Project," Trust Definition White paper. ITU-T CG-Trust. 2015. "Technical Report for Trust Provisioning of ICT Infrastructure," ITU-T. Sherchan, W., Nepal, S., and Paris, C. 2013. "A Survey of Trust in Social Networks," ACM Computing Surveys (CSUR) (45:4), p. 47.

The Second Bright ICT Annual Workshop on Bright ICT 2016