The Oxford Dictionary defines trust primarily as the “firm belief in the reliability, truth, ability, or strength of someone or something.”
When you really think about it, society could not function or expand without trust. Everyday before you get into your car for your daily commute you effectively trust it to start and deliver you safely to your office. At the office, for the most part, you trust that no marauding tribe of bandits or vandals will come thrashing through the building with swords drawn severing your co-workers heads from their bodies. Yet, within written history, this was indeed a real concern for many (just ask your local feudal lord). In those times, being delivered safely to ones destination and being safe from bandits and vandals was not a normal reality.
Most people reading this article were taught early on that evolution for them was school, good grades, engineering college (again good grades), stable and rewarding career, peaceful and happy retirement. We trusted in that scenario and most of us are living it. 200 years ago, there was no such thing as an Engineering Degree from college. 2,000 years ago there were very few stable careers. 20,000 years ago, peaceful and happy retirement was almost non-existent for all humans on the planet – just surviving to age 30 was a major achievement!
So, what has changed and why do we have more trust in our daily lives versus what written history tells us of our ancestors? Only through society’s evolution, both socially and technologically, have we been able to rely or trust in our future. The societal part, literally took thousands of years of evolution to achieve the trust we have today. At the core are laws and ethics which humans collectively developed. Concepts of natural rights and economic theories targeted towards abundance have helped us significantly in this quest. Technologically, we have advanced at an unprecedented rate in the last 100 years. This is the second half of the trust story. And, it shows the seeds of even more promise. But, there are also hints of trouble brewing on the other side of the technological horizon.
Rise of machines
The first signs of trouble come in the form of over-whelming numbers. In 2008, a quite un-celebrated moment occurred – there were as many interconnected devices on the planet as humans. It is predicted that by 2020 (less than 10 years from now), humans will be outnumbered 6 to 1 by “smart” interconnected devices. The next noteworthy prediction is a piece of Kurzweil’s Singularity Theory...namely, the exponential growth of computational power fueled by Moore’s Law. Whether you subscribe to the full theory of computational power exceeding that of a human brain or not, it’s hard arguing with the dramatic growth of computing capabilities.
The logical conclusion is that at a minimum, humans are going to become even more reliant on these devices. And, at the maximum, they will be relied upon to actually “think” and plan for us. This is the essence of the critical meaning of “Trusted Device.” Given today’s world of malware, viruses, trojans, botnets, cyber-attacks, piracy and counterfeiting, imagine a future where the devices can self-replicate and improve on all these maligned capabilities.
The Reality: Untrusted Devices
Part of what attracts us as engineers is designing tomorrow devices. Imagining the future is something all engineers and technologists enjoy doing to some degree. But, we are becoming more and more reliant on devices and technology to actually engineer tomorrow’s products. And many of these are simply untrusted. In terms of defining an untrusted device, suffice it to say the device has not been authenticated effectively. Just looking at the BYOD (Bring Your Own Device) scenario for most major enterprises today, can highlight the alarm bells that are ringing. Quoting Bruce Schneier from RSA this year:
"More and more companies now have to get used to the fact that people are going to come in with the technologies they want and that is what they are going to use. So we are going to see a lot more security around connecting random untrusted devices into a trusted network."
Given the current state of today's untrusted electronic world, what's to be done to improve this situation? Some of the answers to this question include new technologies that are showing promise in the quest for a more trusted future. Machine Level Trust
When you think about, it is very similar to human trust. Machine-level trust distills down to clear identity. For humans we have developed our clear identity in our signatures, fingerprints, and visual memory imprints with each other (i.e. the gray matter video recorder we all hold within our craniums). We authenticate each other predominantly through some variation or combination of all of these. Now ask yourself what mechanisms do machines posses to do the same thing?
You will find amazingly that there are very few foundational mechanisms available to machines today to authenticate themselves in similar ways. Today’s Untrusted Devices – A Hacker’s Clone Army
One of the key reasons that such a myriad of cyber miscreants wander cyberspace with abandon is because they can easily propagate their ills from machine to machine without any fear of an identity-based authentication trust mechanism. This makes each machine effectively a clone that can easily replicate its ills to all others. The very term “computer virus” fits so well because it’s so similar to a human virus that attaches itself to a common (i.e. cloned) cellular structure within humans.
The same can be said of bot nets, malware, and so many of today’s cyber-ills. Imagine now if such a virus could no longer find a common structure upon which to attach and replicate it.
So, your smartphone, tablet, and many other devices are considered by most organizations as “untrusted devices” unless of course, they have authenticated them. But really, what does that mean? In light of a foundational mechanism to unquestionably identify the device, how can an organization truly authenticate it?
It would be similar to authenticating a driver at the DMV when later you find out that the applicant was one of say 10,000,000 cloned humans that were identical in every-way (including DNA and fingerprints). Now, which of those clones was the applicant that you authenticated?
Makes a tough authentication problem doesn’t it? Well that’s the world we live in today. I would say that all devices, under 24/7 surveillance, have the potential to violate their authentication and are hence, all untrusted. Current State of Machine Level Trust
There are plenty of solutions offered in the marketplace to “authenticate” users via these “unauthenticated” devices. Examples are fingerprint readers and even the basic username and password are all authentication mechanisms that authenticate the human using the device. This leaves us with a false sense of security. All we are really doing is attempting to substitute human level authentication through a machine proxy. This works in many situations but as discussed above, it does not really solve a machine level authentication problem.
Now, as more and more machines become critical to our daily lives and they rely more and more upon communications with each other without a human in the loop, then we do have a potential problem regarding to how they will trust
Using the coming electronic revolution in automobiles, which will include everything from the current fully-electric powered vehicle to completely networked, moving, autonomous vehicle trains, is a good place to think about machine level trust. Picture riding in your shinning new electric car that will automatically drive itself down the highway in sync with all the other cars in its lane. What happens if the machine level trust is violated by one of these vehicles?
Hope it’s not your car! Future Technologies Showing Promise
So, what's needed to help in our continued evolution of trust extended to machines is a mechanism for machines to have clear, unquestionable identity just like we do as humans. A technology that is showing great promise in this regard is based on physically unclonable functions (PUFs).
PUFs use the random parametric variations in electrical properties of integrated circuits to differentiate one chip from another, and are designed to be impervious to duplication or prediction, even by the manufacturer. While these random parametric variations are normal and maintained within process control limits and are impossible to effectively manipulate or eliminate, they can be measured.
PUFs are effectively an electronic fingerprint of a silicon die that cannot be cloned, spoofed, or easily exploited. PUFs show promise in providing the foundation of machine level trust upon which true device level authentication can take place. About the Author
Eric Sivertson is president, of QuantumTrace, LLC
, San Jose, CA, focusing on providing innovative Trusted solutions to meet the development needs of the new generation of computing, communications and embedded systems.