Trust Propagation in Small Worlds Elizabeth Gray 1 , Jean-Marc Seigneur 1 , Yong Chen 1 , and Christian Jensen 2 1 Distributed Systems Group, Department of Computer Science Trinity College, Dublin 2, Ireland {grayl, seigneuj, cheny}@tcd.ie 2 Informatics and Mathematical Modelling, Technical University of Denmark Richard Petersens Plads, Building 322, DK-2800 Kgs. Lyngby, Denmark cdj@imm.dtu.dk Abstract. The possibility of a massive, networked infrastructure of di- verse entities partaking in collaborative applications with each other in- creases more and more with the proliferation of mobile devices and the development of ad hoc networking technologies. In this context, tradi- tional security measures do not scale well. We aim to develop trust-based security mechanisms using small world concepts to optimise formation and propagation of trust amongst entities in these vast networks. In this regard, we surmise that in a very large mobile ad hoc network, trust, risk, and recommendations can be propagated through relatively short paths connecting entities. Our work describes the design of trust-formation and risk-assessment systems, as well as that of an entity recognition scheme, within the context of the small world network topology. 1 Introduction The proliferation of mobile devices and development of vast ad hoc networks introduces the possibility of an environment where multitudes of diverse enti- ties will partake in collaborative applications with each other. A mobile ad hoc network is an autonomous system of mobile entities connected by wireless links. All entities are free to move randomly, and the network is self-organising, which makes it highly dynamic and subject to rapid and unpredictable changes. As in traditional networks, access to collaborative resources in mobile ad hoc net- works requires varying levels of control. Also, some way of authenticating an entity is needed, as well as a way of determining what access that entity may have to shared resources. Traditional authentication and access control meth- ods fail when applied in a decentralised collaborative ad hoc environment. For example, in traditional groupware applications, access to a group is controlled by an administrator with a predefined list of names and access permissions of group members. The administrator grants access rights based on whether the requesting entity is authenticated and identified as meeting the appropriate cri- teria. However, in a network that is constantly changing both size and topology, this approach does not scale. This is best illustrated by the following example. Suppose that while on the 8am commuter train every weekday, Alice joins an ad hoc wireless network to see