Advertisement

Blog

Can We Trust the Future?

The Oxford Dictionary defines trust primarily as the “firm belief in the reliability, truth, ability, or strength of someone or something.”

Brief history of trust
When you really think about it, society could not function or expand without trust. Every day before you get into your car for your daily commute, you effectively trust it to start and deliver you safely to your office.

At the office, for the most part, you trust that no marauding tribe of bandits or vandals will come thrashing through the building with swords drawn severing your co-workers heads from their bodies. Yet, within written history, this was indeed a real concern for many (just ask your local feudal lord). In those times, being delivered safely to one's destination and being safe from bandits and vandals was not a normal reality.

Most people reading this article were taught early on that evolution for them was school, good grades, engineering college (again good grades), stable and rewarding career, peaceful and happy retirement. We trusted in that scenario and most of us are living it. Two hundred years ago, there was no such thing as an Engineering Degree from college. Two thousand years ago, there were very few stable careers. And 20,000 years ago, peaceful and happy retirement was almost non-existent for all humans on the planet — just surviving to age 30 was a major achievement!

So, what has changed and why do we have more trust in our daily lives versus what written history tells us of our ancestors? Only through society’s evolution, both socially and technologically, have we been able to rely or trust in our future. The societal part literally took thousands of years of evolution to achieve the trust we have today. At the core are laws and ethics, which humans collectively developed. Concepts of natural rights and economic theories targeted towards abundance have helped us significantly in this quest. Technologically, we have advanced at an unprecedented rate in the last 100 years. This is the second half of the trust story. And, it shows the seeds of even more promise. But, there are also hints of trouble brewing on the other side of the technological horizon.

Trust but Verify

Humans have trust-identification mechanisms for each other, but how does this  work with our increasingly ubiquitous and complex network of smart electronics?

Humans have trust-identification mechanisms for each other, but how does this
work with our increasingly ubiquitous and complex network of smart electronics?

Rise of the machines
The first signs of trouble come in the form of overwhelming numbers. In 2008, a quite un-celebrated moment occurred — there were as many interconnected devices on the planet as humans. It is predicted that by 2020 (less than 10 years from now), humans will be outnumbered 6 to 1 by “smart” interconnected devices.

The next noteworthy prediction is a piece of Kurzweil’s Singularity Theory… namely, the exponential growth of computational power fueled by Moore’s Law. Whether you subscribe to the full theory of computational power exceeding that of a human brain or not, it's hard arguing with the dramatic growth of computing capabilities.

The logical conclusion is that at a minimum, humans are going to become even more reliant on these devices. And, at the maximum, they will be relied upon to actually “think” and plan for us. This is the essence of the critical meaning of “Trusted Device.” Given today’s world of malware, viruses, trojans, botnets, cyberattacks, piracy, and counterfeiting, imagine a future where the devices can self-replicate and improve on all these maligned capabilities.

The Reality of today: Untrusted devices
Part of what attracts us as engineers is designing tomorrow devices. Imagining the future is something all engineers and technologist enjoy doing to some degree. But, we are becoming more and more reliant on devices and technology to actually engineer tomorrow’s products. And many of these are simply untrusted. In terms of defining an untrusted device, suffice it to say the device has not been authenticated effectively. Just looking at the BYOD (Bring Your Own Device) scenario for most major enterprises today can highlight the alarm bells that are ringing. Quoting Bruce Schneier from RSA this year:

More and more companies now have to get used to the fact that people are going to come in with the technologies they want and that is what they are going to use. So we are going to see a lot more security around connecting random untrusted devices into a trusted network.

Given the current state of today's untrusted electronic world, what's to be done to improve this situation? Some of the answers to this question include new technologies that are showing promise in the quest for a more trusted future.

Eric Sivertson is president of QuantumTrace, LLC, San Jose, Calif., which focuses on providing innovative Trusted solutions to meet the development needs of the new generation of computing, communications, and embedded systems.

Related posts:

34 comments on “Can We Trust the Future?

  1. Daniel
    April 23, 2013

    Eric, thanks for the details about trust. For any business or dealings trust is an important factor and relations are building up on trust. Trust matters a lot and if its lost means everything is lost.

  2. mfbertozzi
    April 23, 2013

    @Jacob: well, I agree; the next piece of the puzzle is to evaluate the effort needed for trusting products or services; it is needed, no doubts, but are vendors or people available to support that additional cost to take in consideration?

  3. prabhakar_deosthali
    April 23, 2013

    In my opinion,  as we have started depending on machines more and more, our trust in the systems has increased. This is because the machines are more trustworthy than human in a sense that they faithfully do whatever they are programmed to do and if protected well by their designers against malware they can offer the most dependable service to humans.

    The machines never use arbitrary discretion in decision making, cannot be bribed .

     

    So more machine dependence means a more trustworthy society

  4. Eldredge
    April 23, 2013

    By this definition, HAL, from 2001: A Space Odyssey would be defined as a trusted device.

  5. Wale Bakare
    April 23, 2013

    We have pushed a “Push to become Shove, thereby creating a borderline in everything we do”. That's gradually eroding the human trust in us and transferring to machines instead.

    Meanwhile, a popular area long been in saga over trust amongst the match officiating personnel, football sport. This is a typical example to buttress your assertion. The Federation of International Football Association ( FIFA) few weeks ago approved technology to correct any incorrect decisions or bias officiating by football match officials  – a goal-line technology. The technology employs 3 dimensional cameras operating in a real time mode, each goal post would have 7 cameras, making total of 14 cameras directing to goal posts.  

  6. Eric Sivertson
    April 23, 2013

    Maybe.  But HAL is of course fictional.  But, the question I would ask with regards to HAL and Trust is what gives us Trust in HAL?  How did HAL's creator implant what is needed within him for Trust?  Can you fingerprint HAL? How do you know if you are dealing directly with HAL or one of millions of HAL clones?  How do you establish unquestionable identity of HAL?  

    In terms of today's REAL technologies, there is no clear method employed to ensure unique identity of a device.  Most of today's devices are clones of one another and easily hijacked via viruses, malware and the like.  This is the heart of the Trust issue that I'm trying to address.

  7. Eldredge
    April 23, 2013

    One method that is used is digital certificates, issued to authorized parties. Rather than identify a specific device, the digital certificate authenticates the user. Of course, as device become smarter, user interfacing may become less necessary. However, it still seems like it may be one way to authentiicate autorized devices for certain transactions.

  8. Houngbo_Hospice
    April 23, 2013

    I am really sure whether the certainty in our future will be determined by the minor part of the technolgy that is prone to errors and flaws or the major part of it that is actually flawless and beneficial to mankind. As they say the benefits of technology exceed its drawbacks.

  9. Eric Sivertson
    April 23, 2013

    Correct, it does authenticate the user, but not the device.  If you swapped out the device with a clone, the user would not know.  Nor would the certificate authority.  The issue that has not been fully addressed is how do you “certify,” “authenticate,” hence Trust the device itself?  What mechanism exists today to truly give you unclonable device level authentication?

  10. Eric Sivertson
    April 23, 2013

    Agreed that technological progress is evolution and that technology overall benefits mankind.  But, along those same lines look at how much money we spend today on combating Viruses, Malware, Botnets, and the like.  Wouldn't it be nice to see a technological improvement to reduce the cost burden of these ills that take advantage of the errors and flaws ?

  11. Houngbo_Hospice
    April 23, 2013

    I get your point. I was just saying that it might be unrealistic to even think about all the flaws a device may have before it is actually used. But it is good to try to fix as many loopholes as possible before deployment.

  12. William K.
    April 23, 2013

    The future does not look that good, mostly for exactly the same reasons that some are saying that it ill be so wonderful. The real problem is that there is way to much trust being placed on technology, and that technology is not really very trustworthy. Most logic syatems just don't handle exceptions very well, and so the folks who depend on them to do the thinking will be totally helpless when an exception occurrs. And, of course, exceptions based on hardware failures will always happen, although not very often. That is why they are exceptions. The problem is becoming one of reliance on the various technologies to the point that they have become not only a crutch, but a masterful and enslaving crutch. Way too many people are letting their technological devices be the master, while they neither focus attention nor think ahead to the consequences of actions. And just exactly like the person who constantly relies on the crutch long after it should have been set aside, many people will find that they have become weakened and are not able to think or make decisions. Sort of like the slaves that we read about i our history books.

  13. HM
    April 23, 2013

    well its difficult to trust future but with careful planning you can avoid certain circumstances or well prepared for the risks. In electronics industry with so many variables especially supply chain being the most important and tricky its difficult to trust the future. all you can do is better prepare for the risks.

  14. syedzunair
    April 24, 2013

    Hospice_Houngbo:

    I think the skeptical public will always look at the flaws in the technology while the ones who are willing to take certain amount of risk will be happy to try new technology that comes their way. I have no doubt that the technology will change (even more) the way live in the future. 

  15. syedzunair
    April 24, 2013

    Eric: 

    So much money is being spent on combating viruses, malware etc because certain elements of our society are actively creating new ones to harm others. It poses a classical case of the good & the bad. Just like we have thieves & police each trying to do their job. Similarly, the hacker community is busy in trying to find out ways to infiltrate into computer software while the anti-virus companies are trying to prevent them. 

  16. syedzunair
    April 24, 2013

    What mechanism exists today to truly give you unclonable device level authentication?

    I don' think we have any today. Since, most software trust the device & only authenticate the user. Hopefully, in the days to come the device level authentication will also be available to the general public. 

  17. syedzunair
    April 24, 2013

    HM:

    Evaluating risk & find ways to mitigate them is an essential part of planning for most organizations. Since, the overall conditions are so volatile each company needs to do some sort of planning for the future. You may not be able to address all the variables but making a sound strategy always helps in times of uncertainity. 

  18. Eric Sivertson
    April 24, 2013

    Syedzunair

    You are very accurate in your analysis.  Its a very circular process right now.  Part of the reason is becuase there is really no effective way to authenticate actual hardware itself.  All the devices that can be hacked are effectively clones.  So once the bad guys crack one, it is very easy for the hack/crack to be replicated quickly.  My hope is that we start to see more discussion with regards to Machine Level Trust (MLT) that looks at ways to really authenticate the hardware itself and dramatically increase the cost for the hacking/cracking.  It won't solve everything, but would be a step in the right direction to instill more hardware or MLT.  Thanks for your comments to the other posts, too.

  19. syedzunair
    April 25, 2013

    Eric: 

    It does seem to be a good idea to be talking about Machine Level Trust but in reality it seems pretty fsar fetched. Over the years the emphasis in the industry is on the software development side. See, the development of Android as a platform and Windows Mobile. I agree with you that a step has to be taken in the right direction I am not sure if that is the priority for the vendors out there. 

    And, you are most welcome. I learnt a few valuable things from your comments earlier. 

  20. Houngbo_Hospice
    April 25, 2013

    “My hope is that we start to see more discussion with regards to Machine Level Trust (MLT)”

    That would be interesting. I am eager to know how this will work as most devices are manufactured in large quantities with the same specifications. But I agree that there may be a way to come introduce a “minimum” MLT authentification mechanism in the devices of the future.

  21. Houngbo_Hospice
    April 25, 2013

    Syedzumair,

    ” I agree with you that a step has to be taken in the right direction I am not sure if that is the priority for the vendors out there. “

    Vendors and manufacturers are not interested in a hardware layer authentification because it is difficut to achieve and the “trust” enforcement will (always) have a software component in it- that can (easily) be cracked by hackers.

  22. Eric Sivertson
    April 25, 2013

    Syedzunair,

    Yes, emphasis within the industry is software and software level security solutions.  Software can be easily changed and updated, something that is almost impossible with hardware (unless it is FPGA based).  So, I agree that hardware level Trust in a predominantly software security world is a hard discussion.  

    We are proponents of a new technology called a Physically Unclonable Function (PUF).  It is a way to get very clear hardware level identification, at a very reasonable cost.  As this type of technology is adopted, APIs and other extensions can be easily added to allow software to use this technology in security software solutions.  Think of it as a hardware-software binding mechanism that will enable software to be bound to a device that cannot be cloned.  I'm trying to stimulate more discussion along these lines.  I think this is a technology that can be adopted at low cost with high benefit and without major disruption to existing software systems.  We're seeing trends toward hardware level trust (MLT) as a foundation for next generation of sofware level security.  

    I always like to say that security without trust is very ineffective.

    Again, thank you much for all the feedback and discussion.

  23. Eric Sivertson
    April 25, 2013

    hospice_houngbo,

    Please take a look at my recent post for S yedzumair,there is a new technology called a Physically Unclonable Function (PUF) that has some promise with regards to MLT. I have submitted an extension article to this first one and I think that it will be  published next week. I put some more discussion with regards to this technology  and its application to MLT. It is a technology that can be applied on a mass scale at the chip-level.  

    Think of it as a silicon fingerprint.  We believe this has strong potential to provide a hardware level trust foundation that software security can build upon.

    Thanks for all your comments.

     

  24. Daniel
    April 25, 2013

    “I agree; the next piece of the puzzle is to evaluate the effort needed for trusting products or services; it is needed, no doubts, but are vendors or people available to support that additional cost to take in consideration?”

    Mfbertozzi, what can make a person trustable is a tough question. It dependents up on person to person and we cannot set any parameters for that.

  25. syedzunair
    April 26, 2013

    Hospice_Houngbo: 

    I would go with your analysis on the intention of the vendors but will have to disagree with the later part where you say that it is difficult to achieve… 

    Even if hardware level authentication is difficult it is possible. What Eric said earlier about PUF seems to be an effective solution. 

  26. syedzunair
    April 26, 2013

    Eric: 

    Thanks for another informative post. 

    The idea of PUF hardware-software binding that will enable software to be bound to a device that cannot be cloned appeals to me greatly. I remember watching a TV show called 'Person of Interest' where these 2 guys use force cloning to pair up with people they are tracking. They just get hooked onto another smartphone through WiFi or Bluetooth which ever is accesible at the time of pairing. Later, they are able to access everything the smartphone owner has on it or any calls made from that phone. 

    Coming back to the serious discussion. I would say that it does pose a good use case for the future. The next generation security has to incorporate something on similar lines to provide the much needed prevention from threats. 

  27. syedzunair
    April 26, 2013

    I always like to say that security without trust is very ineffective.

    That is absolutely true, Eric. With security there is an inherent belief that one should be able to trust the provider or the system. If you cannot trust the system you may never get the optimal level of security. It is not only true for machines but also for the general day to day affairs in life. 

  28. mfbertozzi
    April 26, 2013

    @Jacob: maybe is exactly like your vision, there aren't parameters valid everywhere to set up and it depends from person to person.

  29. Mr. Roques
    April 27, 2013

    Which is harder? Trusting a machine or a human? With machines you normally know what you are getting, and plan accordingly. With humans, the factors that could change their minds are far too many.

  30. Susan Fourtané
    April 27, 2013

    Mr.R, 

    Let me put it this way: you can rely on machines knowing what to expect. You can't do the same with humans. In general, humans are too emotionally unstable, and that affects any logical process. 

    -Susan

  31. Susan Fourtané
    April 27, 2013

    Eric, 

    “Given today's world of malware, viruses, trojans, botnets, cyberattacks, piracy, and counterfeiting, imagine a future where the devices can self-replicate and improve on all these maligned capabilities.”

    Malware, viruses, trojans, botnets, cyberattacks, piracy, and counterfeiting are all human inventions, not machines'.

    Machines should not be blamed for what humans do.

    Humans created machines and now it seems machines are treated like the worst enemy. What did it happen? Machines resulted to be more capable and intelligent than humans and humans' ego feels thretened? 

    -Susan

  32. itguyphil
    April 28, 2013

    The old syaing goes “Garbage in, garbage out”

  33. Eric Sivertson
    April 28, 2013

    Susan,

    I completely agree with your analysis, especially the “Machines should not be blamed for what humans do.”  This is a human problem and the word Trust orginates more with human to human interaction than machine based. But, humans are now becoming more dependent on machines for critical functions.  

    My argument centers around the ease at which machines enable bad human behavoir.  The way machines are designed today, whereby at a fundatmental hardware level they are all clones, enables humans to rapidly spread (e.g. “computer virus”) ill if so inclined.  

    My goal is to get a discussion started with regards to this “design flaw” in current systems.  I want to see more dialogue with regards to Machine Level Trust, by addressing this design flaw to make it more difficult for bad actors to easily manipulate machines to do their ill.

    Thanks for your feedback.

    Best,

    Eric 

     

  34. Susan Fourtané
    May 3, 2013

    Thanks, Eric. 

    “This is a human problem and the word Trust orginates more with human to human interaction than machine based.”

    Exactly. I especially liked your mentioning the word Trust in your article. I would also consider Trust in all what it refers to roboethics. When designing, building, programming a robot one has to be conscious of the trust and ethics that will be put in such creations. There is responsibility involved, and it always falls on the shoulders of the human, not on the machines'. 

    “My argument centers around the ease at which machines enable bad human behavoir.”

    What would be the solution to this? Maybe machines with more individual characteristics instead of cloned? Something that would make machines more difficult to manipulate? It would be great. I only wonder if the ones on the design process would argue that the final product would become more expensive then. And again the ball falls on the side of responsibility. :/ What is the right thing to do? 

    Bad human behavior will exist as long as time and humankind exist. Unless someone in the future would find an effective way of detecting and correcting the deffective behavior, and consequently humankind would finally advance in the evolutionary ladder.

    “My goal is to get a discussion started with regards to this “design flaw” in current systems.  I want to see more dialogue with regards to Machine Level Trust, by addressing this design flaw to make it more difficult for bad actors to easily manipulate machines to do their ill.”

    How interesting. I agree, and appreaciate your initiative. I am interested in roboethics, and believe there is nothing bad in the Singularity when and if those bad actors you have mentioned were put out of the play. 

    -Susan

Leave a Reply