Stratumn.com

From Security to Trust

Security is about protecting the data from attacks that are external to the accepted participants in a network. Honesty is about ensuring the integrity of information provided by the participants. Security and honesty are the fundamental factors in establishing trust in a digital system.

The Hitchhiker's Guide to Trust

The question of trust is meaningful only in the context of dishonesty or doubt. Between two parties in a network exchanging messages, if each needs to prove that the other is trustworthy, they have to ensure that their respective message is what it claims to be, that it has not been manipulated, and that all the promises made were fulfilled in the delivery and content of the message.

For example, when a bank is on-boarding a new customer, the bank needs to be able to trust that the customer is honest in presenting his identity documents for verification and background check. And regulatory authorities must be able to trust the the bank is submitting truthful reports documenting its adherence to regulations.

The question of security is meaningful in the context of hacking as well; nobody outside the list of authorized personnel should be able to access a bank’s private data. Typically, banks protect their data using firewalls and access control lists. However, even if a hacker is unable to access or manipulate the data, this does not stop someone within the bank, who has the proper access rights from modifying the data. Even if a system is secure from external hackers, there is still no guarantee that it is trustworthy.

On the other hand, the customer might be honest, with a long relationship history with a bank, but her private documents might be modified by an actor who has hacked her personal computer. This means that while honesty is present, there is no guarantee of security.

Security is about protecting the data from attacks that are external to the accepted participants in a network. Honesty is about ensuring the integrity of information provided by the participants. Security and honesty are the fundamental factors in establishing trust in a digital system.

As an example, Google has been caught manipulating the usage data of Youtube videos. However, they are widely reputed to have one of the highest standards of security in the world. This example illustrates the problem of trust; not even one of the most reputably secure enterprises can be completely trusted with its data and its promise to its customers to publish honest reports.

However, if we take a process perspective, we can see the interconnections of various pieces of data. We see data in a step by step fashion going from one participant to another as and when it is accessed. With processes, we start seeing patterns in the system which can used to prove the integrity of the system.

By recording the following five pieces of information for each step of a system process, we begin to develop a full picture of the system through which we can see meaningful patterns:

  • Who made the change?
  • What data was changed?
  • When was the change made?
  • In what context was the change made?
  • Why is this change relevant in this particular instance?

If we ensure that this process tracking data is recorded in an objectively non-manipulatable way, then we can use it to verify the complete integrity of all processes in the system. With verifiable integrity, a system’s honesty and security become subject to proof. We call this Proof of Process.

Proof of Process is a scalable protocol that allows multiple partners to trust a common process.