You may remember that a little while back I blog’d on SKIMS, which was a research project looking at how you trusted people in your mobile device should impact how those devices should trust each other. As I mentioned at the time, I was going to keep an eye on this. Here’s an update.

I managed to find a copy of their inaugural paper, which isn’t being a paywall: ”Can Your Phone Trust Your Friend Selection?”.

Having read it, I can see that what I thought before was incorrect.

Their work appears to centre around trust formation within a MANET, and how data flows within that MANET can be affected. How this is done is a little nebulous though.

Their basic premise is that two smartphones can extrapolate some kind of trust estimator automatically using the information contained within your phone. This trust estimator would then be used to determine whether to share any/all of the resources the phones have with each other - generally speaking this would be bandwidth.

However, are they missing a major flaw in their idea? A MANET should is self-forming, therefore there are no guarantees which nodes you will be (directly) connected to, or indeed that there will be any nodes that you have any kind of relationship with nearby. There are some exceptions to this if you consider usage in the workplace or in the home, but in general some percentage of the nodes around you will be unknown to you (and by extension, to your phone.)

What I suspect this means is that in the general case that since you don’t trust the nodes around you, you will allow only low grades of information to pass through them, it’s only when you encounter a highly trusted node that you would allow information of higher worth to flow to (or from) them.

Of course, there are some extensions to this train of thought relating to ”web of trust” networks, and other situations where you know there is a trusted node on the data path but it’s not a directly connected node. These kind of considerations widen the research considerably, but are probably the direction they will need to take in order to make a meaningful system out of the research.

Their research speaks of the trust information being formulated from the phones themselves but the central tenet of their paper talks of untrusted and malicious nodes. How then can you put any trust in a node who may or may not be malicious. Presumably there needs to be a inter-device communications protocol for setting up and establishing this level of trust, likely using zero knowledge proofs. This is unlikely to be a very quick process (in computer terms) and not likely to be useful for short bursts of data traffic.

Despite my (continued) misgivings in their outcomes, I still think that this is an interesting piece of research. One I intend to follow closely.