Hiroyuki Sato is an associate professor at the University of Tokyo. His interests include digital identity technologies, information security, and programming language design and implementation. Sato is accredited as a Level of Assurance 1 (LoA 1) assessor by the Kantara initiative (kantarainitiative.org), established to accelerate the adoption of digital identity relationship solutions to support and simplify our connected world. He received B.Sc, M.Sc and PhD from the University of Tokyo in 1985, 1987, 1990, respectively. He is in the editorial board of IEEE IT Professionals, and a member of ACM, IEEE, IPSJ and JSSST. He is also involved in some international conferences including IEEE COMPSAC and IEEE Mobile Cloud.
Internet Trust: Design and Deployment
As the Internet has become pervasive, the cyber-physical world has obtained its ground in human lives. A problem in the Internet is that all entities in the Internet can be hypothetical, meaning that we do not need any “real” entity in the interactions in the Internet. This kind of anonymity sometimes causes crimes including theft, fraud and spoofing in worse forms than those in our physical society. For about thirty years, computer science has provided technologies of encryption that have enabled us to communicate in secure ways, and to authenticate the counterparts in the Internet. This was the first lodgment for establishing trustworthy communications. Particularly, we can say that we owe the success of e-commerce to SSL.
Meanwhile, it has gradually become clear that we need anchors to stably, safely, and securely operate the above mentioned technologies in this global world. PKI was thus established as the first “trust” anchor of global SSL communications. The idea of “trust” is now spread over every field of Internet transactions. Trust of digital certificates is a basis of PKI, which is maintained by CAs and browser vendors. Trust of identities provides assurance of identities of the communicators, which is a basis of trustworthy transactions among participants of given academic/research/commercial federations. Its trust framework is maintained by the federation itself. Furthermore, Trust in behaviour of IoT devices is a basis of building trustworthy IoT networks. Trust of privacy is now essential for cross-border data processing. Once trust is established within a given circle, one can process transactions stably, safely, securely and economically. Trust is thus considered as infrastructure of Internet lives.
In order to establish trust in the Internet, we must consider how we design assurance levels, which is a challenge of technologies including risk analysis, and how we deploy the framework of trust, which is rather a challenge of social systems. Various talents for security, audit, privacy and legislation have been and are being collected to establish a framework of trust. That is, we are witnessing the emergence of modern trust engineering for the Internet. We review the Internet trust for various fields in view of technologies and social systems, and discuss its future directions.