5G-ENSURE - D2.2 Trust model (draft)

Trust is a response to risk. A decision to trust someone (or something) is a decision to accept the risk that they will not perform as expected. To manage risk in a socio-technical system such as a mobile network we need to understand what trust decisions are being made, the consequences of those trust decisions and we need information on the trustworthiness of other parties in order to make better decisions.New business models and new domains of operation in 5G networks facilitated by network function virtualisation and software defined networking bring increased dynamicity compared to 4G and an increase in the number of stakeholders and associated trust relationships. New relationships bring new risks that must be understood and controlled and in a system as complex as 5G this implies the need for a trust model which can model the system, highlight potential risks and demonstrate the effect of adding controls or changing the design.This document takes the first steps towards such a trust model. Firstly we discuss and define terminology. This is essential, as in common speech terminology can be quite muddled but in trust modelling we must be precise. We then review the state of the art in trust modelling, firstly looking at human trust factors (as humans are essential components of 5G network scenarios), understanding how humans make decisions on whether to trust or not when dealing with other humans and when dealing with machines. Secondly we review work on machine trust: machines of course only follow the instructions given to them through their software code by humans, but we review what the options are and the indicators for trustworthiness of other entities, whether they are humans or machines. Finally we look at trust and trustworthiness by design techniques which we recommend for use both during the design of 5G and when changing the design of a 5G deployment by adding or removing elements.To understand 5G networks we must first understand 4G networks, and this is what is covered in the next chapter, looking first at the actors and business models of 4G (including where they touch on satellite services) and then extracting the trust aspects of the 4G network. Following this we review how the actors and business models are expected to change as we move to 5G, bringing in new domains and new opportunities for operators (both terrestrial and satellite). Here we also review the majority of the 5G use cases identified by 5G-ENSURE in an earlier document, identifying the entities involved and the trust issues in each one.The final chapter brings all this information together to firstly discuss privacy aspects, then analyse the relationships between 4G stakeholders (demonstrating surprising complexity even there) and finally lay out a proposed approach for the work in 5G-ENSURE which will culminate in a machine understandable trust model able to assist stakeholders in managing risk.As this document is a “draft” trust model, the next steps to be done are set out alongside the conclusions