In the coming decades, we will live in a world surrounded by tens of billions of devices that inter-operate and collaborate to deliver personalized or autonomic services. Our growing reliance on machine-to-machine (M2M) systems to make decisions on our behalf has profound implications for the quality and integrity of the data that guides our actions.
Trust is the belief in the competence of a machine or sensor to act dependably, securely and reliably within a specified context. In M2M systems, trust is commonly accomplished using cryptography, digital signatures, and electronic certificates. This approach establishes and evaluates a trust chain between devices, but it does not tell us enough about the quality of information being exchanged among machines. Trust is a broader notion than information security; it includes subjective criteria and experience.
An essential part of managing trust and security in the age of an Internet of Things (IoT) is identity management for the machine (i.e., non-human) participants. The IoT introduces new challenges in identity management in "things" that have different lifetimes (ranging from years or decades down to days or minutes); in "things" that may be composed of other things, creating a system of systems; and in "things" are mobile, meaning they can take on the address once associated with another device and they can have more than one IP address. Since it is essential that we trust that we are talking to the right "thing" and that we can believe the data it communicates to us, providing trust as a service to devices in a system is an important emerging need. Research at the Institute for Information Security & Privacy looks at the idea of "trust as a service" in dynamic sensor networks. This includes traditional trust management techniques, such as reputation algorithms combined with identity access management approaches.