TAPESTRY: Engendering trust in cyberspace
July 31, 2017

Online fraud and scams cost the UK economy over £670m in 2014, with the majority perpetrated through false identities [1]. In cyberspace we interact through pseudonyms and addresses that can be fabricated in a moment, so how can we decide the trustworthiness of the people, businesses and digital services we encounter online?

How can you trust that the identity you are interacting online with today wasn’t created out of thinair yesterday to run a scam? How can we ensure the service we are registering our personal data with is trustworthy?

These are some of the questions tackled by the £1.06m TAPESTRY project, aiming to de-risk the UK Digital Economy by developing transformational new technologies to enable people, businesses and services to connect safely online.

Today’s security is reliant on traditional representations of online identity, taking simple pseudonyms or addresses “at face value” to interact with one another or to authenticate services.

TAPESTRY’s unique approach is to derive an online ‘credit score’ from the digital footprints left by our daily interactions with technology; in cyberspace, e.g. photos shared, comments left, posts liked, or with the Internet of Things (IoT). These digital signals weave a complex tapestry reflecting our relationships, personality and identity; our so called Digital Personhood (DP). They are amassed organically over extended periods of time and are not easily fabricated. In deed we are now entering a new era in which citizens will construct a DP from childhood, comprising rich lifelong digital trails from social media and interactions with technology.

E-commerce sites are already starting to harness the DP in crude ways to establish trust: AirBnB can verify newly registering users using a simple Facebook friend count. Consider a future where a business or forum registering users, or individuals wishing to physically meet, might ask for trust evidence of regular digital interactions over a two year period. TAPESTRY will deliver a platform for disclosing that evidence with granular control over privacy. How might that safeguard against online trolling, romance scams or card fraud–all often perpetrated by short-lived temporary or false identities? Some of the exciting technologies TAPESTRY will harness are so called zero knowledge proofs–a form of cryptography in which one may prove a property (e.g. I am over 18) without disclosing the private knowledge that property is based on (your date of birth). TAPESTRY is built upon distributed ledger technology (DLT); a form of secure de-centralised database most widely known for underpinning the multi-billion dollar BitCoin cryptocurrency. Rather than recording financial transactions, TAPESTRY will enable users to lodge aspects of their DP in an encrypted for within the DLT, and grant granular access over this trust evidence to others online. There is no central entity amassing their personal data and users have complete control over its disclosure or deletion.

TAPESTRY is more than a technology platform, it is an interdisciplinary study exploring social-digital attitudes to trust online, and the design of trusted services. One of the most exciting aspects of TAPESTRY is its engagement with a full spectrum of end-users; spanning a world-leading data privacy expert from law firm Charles Russell Speechlys, to online health for a (SDHI), to equity crowdfunding sites (CrowdCube), to local enterprise partnerships (LEPs) and constituent businesses. The project is advised by data science experts at the Home Office and Microsoft Research.

TAPESTRY is a collaborative project between the University of Surrey’s Centre for Vision Speech and Signal Processing (CVSSP, Lead) and Centre for Cyber Security, Duncan Jordanstone College of Art and Design at the University of Dundee, and the Department of Media Communication and Design at the University of Northumbria Newcastle. You can follow developments at the TAPESTRY project website: www.tapestry.ac.uk

0 Comments
Leave a comment

Your email address will not be published. Required fields are marked *