ITU-T Trust in ICT 2017 Foreword Trust is highly dynamic. Decision-making behaviour is affected by past experience and associated predictions for the future. The degree of trust in ICT is the accumulated value of the degree of trust present in the vast web of relationships that forms the modern ICT ecosystem. We are connecting everything, our vehicles, homes, offices, factories and the rest of the machinery that makes up our modern lives. A ‘sword-and-shield’ approach to cyber threats will be incapable of ensuring security and privacy in this hyperconnected environment. It is clear that, beyond conventional protections to security and privacy, the time has come to integrate trust into the ICT ecosystem. ITU standardization is prioritizing its support for 5G systems, the Internet of Things (IoT) and trust. These three fields are highly interdependent. It is my firm belief that achieving the great potential of 5G and IoT will depend to a large degree on our success in building trust into the ICT ecosystem. ITU is pioneering international efforts to establish the technical foundations of a trusted ICT environment. Part of the challenge is defining and raising awareness of the concept of trust in ICT. We are both shaping the conversation around the meaning of trust in ICT and developing technical mechanisms to move from theory to implementation. Chaesub Lee This publication offers a compendium of the first Director of the ITU Telecommunication outputs of ITU’s study of trust in ICTs. The Standardization Bureau publication aims to build greater understanding of the concepts, driving forces and key features of trust in the ICT context. It details technical approaches with potential to improve trust in ICT and proposes future directions in related ITU standardization work. iii First new ITU standards on trust Based on the significant efforts made to build converged Information and Communications Technology (ICT) services and a reliable information infrastructure while taking into account social and economic considerations, ITU members have focused on trust standardization. For this, ITU newly defined that ‘trust’ is the measureable belief and/or confidence which represents accumulated value from history and the expecting value for future. ITU also recognized that, in ICT environments, trust affects the preference of an entity to consume a particular service offered by another entity and it affects the decision making of an entity to transact with another entity. Furthermore, trust is a broader concept that can cover security and privacy as trust revolves confidence that people, data and devices will function or behave in expected ways as well as it can be used to build new value-chain for future ICT infrastructure and services. Figure 1 shows trust keywords and various trustworthiness attributes that are categorized into three major factors: ability, integrity and benevolence. Many attributes can represent trustworthiness, which can be applied to ICT infrastructures and services. Figure 1 – Trust keywords and trustworthiness attributes In this regard, ITU members have firstly approved new standards on trust for ICT infrastructures and services, as follows. – Recommendation ITU-T Y.3051 “The basic principles of trusted environment in ICT infrastructure” is devoted to the issue of creating trusted environment in ICT infrastructure providing information and communication services. It provides the definition, common requirements and the basic principles of creating trusted environment. – Recommendation ITU-T Y.3052 “Overview of trust provisioning for information and communication technology infrastructures and services” provides an overview of trust provisioning in ICT infrastructures and services. From the general concept of trust, the key characteristics of trust are described. In addition, the trust relationship model and trust evaluation based on the conceptual model of trust provisioning are introduced. The work on trust was based on the preliminary studies convened by the individual experts and the correspondence group on trust. You will find corresponding technical reports in this flipbook. v With the progress of trust standardization work and successful completion of the above two standards, ITU-T members are continuously contributing to develop companion standards on trust. There are several on-going work on Y.trustworthy-media (Trustworthy smart media services), Y.trustnet-fw (Trustworthy networking), etc. From the perspectives of standardization, trust should be quantitatively and/or qualitatively calculated and measured, which is used to evaluate the values of physical components, value-chains among multiple stakeholders, and human behaviors including decision making. Accordingly, a new work on trust index to evaluate and quantify trustworthiness has been started. With the help of trust standardization, future ICT infrastructures will require more reliable techniques to cope with the risks of knowledge sharing towards a knowledge society. Building and validating trusted relationships will be contingent on trust-related information and its processing for supporting trustworthy services and applications. Ideas from members are welcome to stimulate trust standardization activities in the future, taking into account key technical, policy and governance issues through global collaboration with related standardization bodies. Dr Gyu Myoung Lee, Co-chairman of the ITU-T Study Group 13 Working Party 3/13 “Network Evolution and Trust” vi Table of contents Page Foreword iii 1. ITU-T Technical Report “Standardization of Trust Provisioning Study” (2015) 1 2. ITU-T Technical Paper “Future social media and knowledge society” (2015) 95 3. ITU-T Technical Report “Trust Provisioning for future ICT infrastructures and services” (2016) 165 4. Recommendation Y.3051 (2017), The basic principles of trusted environment in ICT infrastructure 225 5. Recommendation Y.3052 (2017), Overview of trust provisioning for information and communication technology infrastructures and services 237 6. Presentation slides: ITU Workshop on "Future Trust and Knowledge Infrastructure", Phase 1 (Geneva, Switzerland, 24 April 2015) 273 7. Presentation slides: ITU Workshop on "Future Trust and Knowledge Infrastructure", Phase 2 (Geneva, Switzerland, 1 July 2016) 277 vii 1. Standardization of Trust Provisioning Study Trust in ICT 1 ITU-T Technical Report “Standardization of Trust Provisioning Study” (2015) Foreword This Technical Paper was developed by Mr. Gyu Myoung Lee. Summary Moving towards an interconnected knowledge society from an information society requires a trusted Information and Communication Technology (ICT) infrastructure for sharing information and creating knowledge. To advance the efforts to build converged ICT services and reliable information infrastructures, ITU-T has recently started a work item on future trusted ICT infrastructures. This technical report introduces basic concepts of trust and present various use cases for trust provisioning. And then it provides a strategy for trust provisioning in the ICT infrastructure, services and applications based on trust taxonomy in different domains, and architectural framework for trusted social cyber physical infrastructures and for trust decision making for trustworthy ICT eco-system along with technical details for trust provisioning. Finally this report identifies roadmap and working priority for future standardization in ITU-T based on related standardization activities. 3 1 Trust in ICT Table of contents 1 Scope 2 Abbreviations and acronyms 3 Introduction 4 Understanding of Trust 4.1 Definition of Trust 4.2 General Aspects of Trust 4.3 Key features of Trust 4.4 Trust in ICT Environment 5 Use cases and explanation of trust provisioning 5.1 Trust Use Cases in Networking Aspects 5.2 Use Case of Services and Applications in IoT 5.3 Summary of User Cases 6 A strategy for trust provisioning of ICT infrastructure, services and applications 6.1 Understanding of Trust Taxonomy 6.2 Trust Provisioning Processes 6.3 Trust Provisioning in Networking Domain 6.4 Trust Provisioning in Architecture Domain 6.5 Trust Provisioning in System Domain 6.6 Trust Provisioning for Services and Applications 7 Architecture framework for trusted social cyber physical infrastructure 7.1 Social-Cyber-Physical Infrastructure 7.2 Social-Cyber-Physical Trust Relationships 7.3 Trust Components and Platform Architecture 7.4 Develop a framework for decision making in the trust analysis system of trustworthy ICT Eco-system 7.5 Specify key functionalities and standard interfaces for autonomic decision making 8 Trust modeling and policy/rule-based decision making 8.1 Information context of a trust model 8.2 Trust modeling based on key features of trust 8.3 Development of a static policy/rule-based trust-level decision making mechanism 8.4 A reputation and knowledge based trust model and decision making mechanism 8.5 Autonomic trust management 8.6 Using Blockchain as Tool 9 Roadmap and working priority for standardization 9.1 Related standardization activities in ITU-T 9.2 Related standardization activities in other SDOs 9.3 Important work items for trust provisioning in ICT infrastructure 9.4 Next step for future standardization 10 Conclusions and future work 11 References 4 Trust in ICT 1 1 Scope Moving towards an interconnected knowledge society from an information society requires a trusted Information and Communication Technology (ICT) infrastructure for sharing information and creating knowledge. To advance the efforts to build