2. Why are we all here?
Social Capital
(value of economic, social networks)
Metcalfe’s Law
(value of telecom, internet)
StructuralValue is N2
Relational
*assumes each node is
of equal benefit
Cognitive
*assumes each potential
connection actually connects
Internet
(connectivity)
CPS/IIoT
(trust, cooperation)
Semantic Web
(context)
3. Trustees: Transaction Support
Trustor B
Problem of Trust: Party A and B have too little
reliability in a transaction and a high level of risk.
Solution: Party C acts according to a trust agreement
that spells out the rules both want followed
Trustee C
(Root of Trust)
Trustor A
Low Trust
Identity lifecycle
(authentication, reset, etc.)
4. Trust Transacting on the Road
Trustor B
Trustee C
(Root of Trust)
Trustor A
Low Trust
Identity lifecycle and
transaction support
(rules, records, etc.)
5. Industrial AgeTrustee C
(Root of Trust)
Trustor A
Low Trust
Way Back
Industrial Age
Size & Strength: Banks, Insurance, Nation States, etc.
Currency Event Compensation Identity
6. Information AgeTrustee C
(Root of Trust)
Trustor A
Low Trust
Way Back
Industrial Age
Cryptosystems: PKI, Symmetric, PGP
Currency Event Compensation Identity
SSL/HTTPS ConsumerEnterprise
Information Age
7. A Different Kind of Strength
Strength of a cipher can be measured in terms of information
entropy which has a unit of measure of bits.
Bob Laptop
2112 2128
280
9. Case Study: SDN
IETF ACTN
Control of networks will
reside with the admin of a
particular network.
If abstracted networks are
to be formed from various
trust domains, then sharing
of this control must be
coordinated somehow
between these controllers
to enable holistic control of
all network resources.
14. Trustees: A New Model
Characteristics (Oxford): Reliability, Strength, Ability, Truthfulness
New Trustee:
Computerized (Bitcoin, ENT)
Reliability: Distribution, up-time
Strength: Quantifiable, easily upgraded
Ability: Efficient, easier implementation
Truthfulness: Unbiased
Easily Measured
Classic Trustee:
Institutional (PKI)
Reliability: Age, resources, geography
Strength: Processes, physical security
Ability: Widely accepted, cost, training
Truthfulness: Reputation, motivations
Not Easily Measured
15. Case Study: Bitcoin and Currency
Vendor Trustee User-owned Trustee
Problem: Fear of currency manipulation Solution: No manipulation possible
vs.
$4.8B in BTC
in circulation
(coindesk.com)
16. Bitcoin: Fatally Flawed
TRANSACTIONS
155,000/day
UNIQUE ADDRESSES
147,000
TRANSACTION TIME
15 min
PROCESSING
1.1 Exahashes/sec
STORAGE
16 GB
EXISTENTIAL RISK
>50% power
BRITTLE
Loss permanent
PRIVACY
Public only
ANARCHIC
No private control
EXPENSIVE
Requires currency
17. Trust in the Zeitgeist
• 76 million accounts breached in 2014
• Breach was discovered by luck
• $1.1 billion set aside for legal costs
Case Study: Chase doubles cyber security
spend to $250M/yr (wsj.com)
Case Study: GM hires first ever
cyber security chief (fortune.com)
• GM announces autonomous vehicles by 2017
• "We have to look at [car technology] on a critical
systems level. We see [security] as a competitive
advantage.“ (M. Reuss, VP Global Prod Dev)
• 69% of US executive are worried that cyber threats will impact growth and
59% are more worried this year than last. (PwC 17th annual global CEO survey)
• 17.8% more publicly traded firms listed cyber security as a major business
risk in SEC filings in 2014 following a 46.5% increase in 2013. (wsj.com)
18. Business Justification
Target (2013)
Average cost: $78/customer
$214/credit card
Aite Group, 2014, Ponemon Institute, 2013
General Motors (imagining 2016)
Average cost: $1.41 million/fatality
$78,900/injury
$8,900/propery damage
National Safety Counsel (nsc.org), 2014
Liability
• Paying cloud hosting costs to sell dishwasher data,
forever, is not viable
• Sensors are getting cheaper and more widely
available… raw data value is dropping
• Data as a product for non-IT companies is not
sustainable without value added activities like
analytics or aggregation
• Storage and processing power as commodities
• Ultra-low margin services (computing costs are
born by the customer)
IBM VP, Paul Brody
Costs & New
Business
Models
New Markets
• Process companies (eg. Walmart) threatened by lack of privacy & security
• Traditional infrastructure has inherent distrust of digital IT systems (eg. Energy)
Parker Hannifin Chief IoT Strategist, Scott Darnell
19. History Lessons
• Ebay refusing to use service puts “final
nail” in the Passport coffin” (zdnet.com)
• “…never happened, primarily because of
fears that Microsoft would end up
controlling the Internet, in addition to
our desktops.” (pcmag.com)
Proprietary: Microsoft Passport (2000)
• “…no uniform user experience… confuses the
majority of people…” (webmonkey.com)
• “…complex solution to a problem most
consumers don’t really have....” (Microsoft blogger)
Wrong Market: OpenID (2005)