Data-centric trust in ephemeral networks

New network types require new security concepts. Surprisingly, trust – the ultimate goal of security – has not evolved as much as other concepts. In particular, the traditional notion of building trust in entities seems inadequate in an ephemeral environment where contacts among nodes are often short-lived and non-recurrent. It is actually the trustworthiness of the data that entities generate that matters most in these ephemeral networks. And what makes things more interesting is the continuous "humanization" of devices, by making them reflect more closely their owners' preferences, including the human sense of costs. Hence, in this thesis we study the notion of data-centric trust in an ephemeral network of rational nodes. The definition of a new notion requires specifying the corresponding basis, measures, and raison d'être. In the following chapters, we address these issues. We begin by defining the system and security models of an example ephemeral network, namely a vehicular network. Next, we delve into the subject of revocation in vehicular networks, before creating and analyzing a game-theoretic model of revocation, where the notion of cost-aware devices makes its first appearance in this thesis. This model not only makes possible the comparison of different revocation mechanisms in the literature, but also leads to the design of an optimal solution, the RevoGame protocol. With the security architecture in place, we formally define data-centric trust and compare several mechanisms for evaluating it. Notably, we apply the Dempster-Shafer Theory to cases of high uncertainty. Last but not least, we show that data-centric trust can reduce the privacy loss resulting from the need to establish trust. We first create a model of the trust-privacy tradeoff and then analyze it with game theory, in an environment of privacy-preserving entities. Our analysis shows that proper incentives can achieve this elusive tradeoff.

Related material