In Part 1 of this two-part series (Can We Trust the Future?), we discussed the definition and brief history of trust and how it enabled societal evolution. We then postulated the “Rise of the Machines,” whereby our future societal evolution will heavily rely upon devices that will inevitably need to trust each other, just as we have done as humans. This all leads to the question of what is machine-level trust.
When you think about, it is very similar to human trust. It distills down to clear identity. For humans we have developed our clear identity in our signatures, fingerprints, and visual memory imprints with each other (i.e., the gray matter video recorder we all hold within our craniums). We authenticate each other predominantly through some variation and/or combination of all of these. Now ask yourself what mechanisms do machines posses to do the same thing. You will find, amazingly, that there are very few foundational mechanisms available to machines today to authenticate themselves in a similar fashion.
Today’s untrusted devices: a hacker’s clone army
One of the key reasons such a myriad of cyber miscreants wander cyberspace with abandon is because they can easily propagate their ills from machine to machine without any fear of an identity-based authentication trust mechanism. This makes each machine effectively a clone that can easily replicate its ills to all other clones. The very term "computer virus" fits so well because it so similar to a human virus that attaches itself to a common (i.e., cloned) cellular structure within a human. The same can be said of botnets, malware, and so many of today’s cyber-ills. Imagine now if such a virus could no longer find a common structure upon which to attach and replicate itself.
So, your smartphone, tablet, and many other devices are considered by most organizations as “untrusted devices” unless of course they have “authenticated” them. But really, what does that mean? In light of a foundational mechanism to unquestionably identify the device, how can an organization truly authenticate it? It would be similar to authenticating a driver at the DMV when later you find out that the applicant was one of, say, 10 million cloned humans who were identical in every way (including DNA and fingerprints). Now, which one of those 10 million clones was the applicant that you authenticated? Makes for a tough authentication problem now, doesn’t it? Well, that’s the world we live in today. I will go so far as to say that all devices, unless under 24/7 surveillance, have the potential to violate their authentication and are, hence, all untrusted.
Current state of machine-level trust
So, with that said, there are plenty of solutions offered in the marketplace to authenticate users via these unauthenticated devices. Examples of this are fingerprint readers and even the basic username and password -- all authentication mechanisms that authenticate the human using the device.
This leaves us with a false sense of security. All we are really doing is attempting to substitute human-level authentication through a machine proxy. For the most part, this works in many situations, but, as discussed above, it does not really solve a machine-level authentication problem. Now, as more and more machines become critical to our daily lives, and they rely more and more upon communications with each other without a human in the loop, then we do have a potential problem brewing with regard to how they will trust each other.
Using the coming electronic revolution in automobiles -- which will include everything from the current fully electric motor-powered to completely networked autonomous vehicle trains -- is a good place to think about machine-level trust. Picture riding in your shining new electric car that will automatically drive itself down the highway in sync with all the other cars in its lane. What happens if the machine-level trust is violated by one of these vehicles? Hope it’s not your car.
Future technologies showing promise
So, what is needed to help in our continued evolution of trust extended to machines is a mechanism for machines to have clear, unquestionable identity just as humans do. A technology that is showing great promise in this regard is based on physically unclonable functions (PUFs).
PUFs use the random parametric variations in electrical properties of integrated circuits to differentiate one chip from another, and are designed to be impervious to duplication or prediction, even by the manufacturer. While these random parametric variations are normal and maintained within process control limits and are impossible to effectively manipulate or eliminate, they can be measured. PUFs are effectively an electronic fingerprint of a silicon die that cannot be cloned, spoofed, or easily exploited. PUFs show the promise of providing a machine-level trust foundation upon which true device-level authentication can take place.