How to Build Trust on the Internet

Christian Damsgaard Jensen
TrackTrack 1 -- Lecture Hall X on the First Floor
DescriptionTraditional security abstractions rely on the authenticated identity of subjects in the system. These abstractions have been extended for use on the Internet through trusted computing platforms and trusted third parties, in particular Public Key Infrastructures (PKI). Such abstractions, however, are only appropriate in contexts where verification of identity has some restricting behaviour on subjects, e.g. where malicious subjects may be ostracised or where legal frameworks can enforce good behaviour. In a global context, such as the Internet, most subjects will be virtually anonymous and identity only has limited effect on the behaviour of subjects. This problem is exacerbated by the availability of multiple cheap identities on the Internet.
This talk will examine alternatives to identity based security abstractions. In particular, abstractions that may provide some form of security in the absence of a global authority to enforce good behaviour, resolve conflicts and punish misbehaviour. Such abstractions are useful when strangers need to collaborate across national or organisational boundaries and when users need to build sufficient trust in a service provider to rely on their service.

All talks