Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Related Work
Analysis Framework
Conclusions
References
All Topics
Computer Science
Information Systems

A survey of attack and defense techniques for reputation systems

Profile image of David ZageDavid Zage

2009, ACM Computing Surveys

Abstract

Reputation systems provide mechanisms to produce a metric encapsulating reputation for a given domain for each identity within the system. These systems seek to generate an accurate assessment in the face of various factors including but not limited to unprecedented community size and potentially adversarial environments. We focus on attacks and defense mechanisms in reputation systems. We present an analysis framework that allows for general decomposition of existing reputation systems. We classify attacks against reputation systems by identifying which system components and design choices are the target of attacks. We survey defense mechanisms employed by existing reputation systems. Finally, we analyze several landmark systems in the peer-to-peer domain, characterizing their individual strengths and weaknesses. Our work contributes to understanding 1) which design components of reputation systems are most vulnerable, 2) what are the most appropriate defense mechanisms and 3) how these defense mechanisms can be integrated into existing or future reputation systems to make them resilient to attacks.

Related papers

ReDS: A Framework for Reputation-Enhanced
Zahid Rahman

2016

Abstract—Distributed Hash Tables (DHTs), such as Chord and Kademlia, offer an efficient means to locate resources in peer-to-peer networks. Unfortunately, malicious nodes on a lookup path can easily subvert such queries. Several systems, including Halo (based on Chord) and Kad (based on Kademlia), mitigate such attacks by using redundant lookup queries. Much greater assurance can be provided; we present Reputation for Directory Services (ReDS), a framework for enhancing lookups in redundant DHTs by tracking how well other nodes service lookup requests. We describe how the ReDS technique can be applied to virtually any redundant DHT including Halo and Kad. We also study the collaborative identification and removal of bad lookup paths in a way that does not rely on the sharing of reputation scores, and we show that such sharing is vulnerable to attacks that make it unsuitable for most applications of ReDS. Through extensive simulations, we demonstrate that ReDS improves lookup success...

View PDFchevron_right
Globally decoupled reputations for large distributed networks
Sanggar Seni Gayatri

2007

Reputation systems help establish social control in peer-to-peer networks. To be truly effective, however, a reputation system should counter attacks that compromise the reliability of user ratings. Existing reputation approaches either average a peer's lifetime ratings or account for rating credibility by weighing each piece of feedback by the reputation of its source. While these systems improve cooperation in a P2P network, they are extremely vulnerable to unfair ratings attacks. In this paper, we recommend that reputation systems decouple a peer's service provider reputation from its service recommender reputation, thereby, making reputations more resistant to tampering. We propose a scalable approach to system-wide decoupled service and feedback reputations and demonstrate the effectiveness of our model against previous nondecoupled reputation approaches. Our results indicate that decoupled approache significantly improves reputation accuracy, resulting in more successful transactions. Furthermore, we demonstrate the effectiveness and scalability of our decoupled approach as compared to PeerTrust, an alternative mechanism proposed for decoupled reputations. Our results are compiled from comprehensive logs collected from Maze, a large file-sharing system with over 1.4 million users supporting searches on 226TB of data.

View PDFchevron_right
Reputation Systems: A framework for attacks and frauds classification
Rui Pereira

Journal of Information Systems Engineering and Management

Reputation and recommending systems have been widely used in e-commerce, as well as online collaborative networks, P2P networks and many other contexts, in order to provide trust to the participants involved in the online interaction. Based on a reputation score, the e-commerce user feels a sense of security, leading the person to trust or not when buying or selling. However, these systems may give the user a false sense of security due to their gaps. This article discusses the limitations of the current reputation systems in terms of models to determine the reputation score of the users. We intend to contribute to the knowledge in this field by providing a systematic overview of the main types of attack and fraud found in those systems, proposing a novel framework of classification based on a matrix of attributes. We believe such a framework could help analyse new types of attacks and fraud. Our work was based on a systematic literature review methodology.

View PDFchevron_right
A Reference Model for Reputation Systems
Sokratis Vavilis, Nicola Zannone

A Reference Model for Reputation Systems, 2014

Recent advances in ICT have led to a vast and expeditious development of e-services and technology. Trust is a fundamental aspect for the acceptance and adoption of these new services. Reputation is commonly employed as the measure of the trustworthiness of users in on-line communities. However, to facilitate their acceptance, reputation systems should be able to deal with the trust challenges and needs of those services. The aim of this survey is to propose a framework for the analysis of reputation systems. We elicit the requirements for reputations metrics along with the features necessary to achieve such requirements. The identified requirements and features form a reference framework which allows an objective evaluation and comparison of reputation systems. We demonstrate its applicability by analyzing and classifying a number of existing reputation systems. Our framework can serve as a reference model for the analysis of reputation systems. It is also helpful for the design of new reputation systems as it provides an analysis of the implications of design choices.

View PDFchevron_right
Robust content-driven reputation
Luca de Alfaro

Proceedings of the 1st ACM workshop on Workshop on AISec, 2008

In content-driven reputation systems for collaborative content, users gain or lose reputation according to how their contributions fare: authors of long-lived contributions gain reputation, while authors of reverted contributions lose reputation. Existing content-driven systems are prone to Sybil attacks, in which multiple identities, controlled by the same person, perform coordinated actions to increase their reputation. We show that content-driven reputation systems can be made resistent to such attacks by taking advantage of the fact that the reputation increments and decrements depend on content modifications, which are visible to all. We present an algorithm for content-driven reputation that prevents a set of identities from increasing their maximum reputation without doing any useful work. Here, work is considered useful if it causes content to evolve in a direction that is consistent with the actions of high-reputation users. We argue that the content modifications that require no effort, such as the insertion or deletion of arbitrary text, are invariably non-useful. We prove a truthfullness result for the resulting system, stating that users who wish to perform a contribution do not gain by employing complex contribution schemes, compared to simply performing the contribution at once. In particular, splitting the contribution in multiple portions, or employing the coordinated actions of multiple identities, do not yield additional reputation. Taken together, these results indicate that content-driven systems can be made robust with respect to Sybil attacks.

View PDFchevron_right
Transactional Security for a Distributed Reputation Management System
Winfried H Lamersdorf

Lecture Notes in Computer Science, 2002

Today, reputation systems such as ebay's prominent "Feedback Forum" are becoming more widespread. In such a system, reputations are formed by aggregating ratings participants give and receive. These reputations, however, are bound to a specific platform preventing participants from taking and showing their hard-earned reputations elsewhere. That makes the reputations less valuable and leaves them vulnerable to manipulation and total loss. In this paper, we propose a viable solution to these issues in which current P2P and PKI technologies are employed to shift ownership and responsibility back to the participants. Our envisioned Reputation Management System, therefore, uses contextdependent feedback gathered in questionnaires and provides security for peer transactions to ensure integrity, confidentiality and privacy.

View PDFchevron_right
Identifying vulnerabilities in trust and reputation systems
Taha Güneş

2019

Online communities use trust and reputation systems to assist their users in evaluating other parties. Due to the preponderance of these systems, malicious entities have a strong incentive to attempt to influence them, and strategies employed are increasingly sophisticated. Current practice is to evaluate trust and reputation systems against known attacks, and hence are heavily reliant on expert analysts. We present a novel method for automatically identifying vulnerabilities in such systems by formulating the problem as a derivative-free optimisation problem and applying efficient sampling methods. We illustrate the application of this method for attacks that involve the injection of false evidence, and identify vulnerabilities in existing trust models. In this way, we provide reliable and objective means to assess how robust trust and reputation systems are to different kinds of attacks.

View PDFchevron_right
A framework for building reputation systems
Phillip Windley

This paper introduces a set of principles for governing the design and operation of online reputation systems. We also introduce the design, architecture, and implementation of a flexible, general-purpose framework, called Pythia, for building reputation systems. We give a sample application of our framework to illustrate its use.

View PDFchevron_right
Reputation systems: A survey and taxonomy
Kris Bubendorfer, Ferry Hendrikx

Journal of Parallel and Distributed Computing, 2015

h i g h l i g h t s

View PDFchevron_right
Towards a Comprehensive Testbed to Evaluate the Robustness of Reputation Systems against Unfair Rating Attacks
Athirai Aravazhi Irissappane

trust.sce.ntu.edu.sg

Evaluation of the effectiveness and robustness of reputation systems is important for the trust research community. However, existing testbeds are mainly simulation based and not flexible to perform robustness evaluation, and none of them is specifically designed to evaluate the robustness of reputation systems against unfair rating attacks. In this paper, we propose a novel comprehensive testbed by simulating three types of environments (simulated environments, real environments with simulated unfair rating attacks, and real environments with detected unfair ratings). The testbed incorporates sophisticated deception models and unfair rating attack models, and introduces several performance metrics to fully test and compare the effectiveness and robustness of different reputation systems. We also provide two case studies to demonstrate the usage of partial features of our proposed testbed.

View PDFchevron_right

References (70)

  1. Aberer, K. and Despotovic, Z. 2001. Managing trust in a peer-2-peer information system. In CIKM '01: Proceedings of the tenth international conference on Information and knowledge management. ACM Press, New York, NY, USA, 310-317.
  2. Adar, E. and Huberman, B. 2000. Free riding on Gnutella. First Monday 5, 10, 2.
  3. Adler, B. and de Alfaro, L. 2007. A content-driven reputation system for the Wikipedia. In Proceedings of the 16th international conference on World Wide Web (WWW). ACM Press, New York, NY, USA, 261-270.
  4. Akerlof, G. 1970. The market for "lemons": Quality uncertainty and the market mechanism. The Quarterly Journal of Economics 84, 3, 488-500.
  5. Altman, A. and Tennenholtz, M. 2005a. On the axiomatic foundations of ranking systems. In Proc. 19th International Joint Conference on Artificial Intelligence. 917-922.
  6. Altman, A. and Tennenholtz, M. 2005b. Ranking systems: the PageRank axioms. In Proceed- ings of the 6th ACM conference on Electronic commerce. ACM Press New York, NY, USA, 1-8.
  7. Altman, A. and Tennenholtz, M. 2006. An axiomatic approach to personalized ranking systems. In Proceedings of the 20th International Joint Conference on Artificial Intelligence.
  8. Aringhieri, R., Damiani, E., Vimercati, S. D. C. D., Paraboschi, S., and Samarati, P. 2006. Fuzzy techniques for trust and reputation management in anonymous peer-to-peer systems. J. Am. Soc. Inf. Sci. Technol. 57, 4 (February), 528-537.
  9. Ba, S. and Pavlou, P. 2002. Evidence of the effect of trust building technology in electronic markets: Price premiums and buyer behavior. MIS Quarterly 26, 3, 243-268.
  10. Bazzi, R. A. and Konjevod, G. 2005. On the establishment of distinct identities in overlay net- works. In PODC '05: Proceedings of the twenty-fourth annual ACM symposium on Principles of distributed computing. ACM Press, New York, NY, USA, 312-320.
  11. Beth, T., Borcherding, M., and Klein, B. 1994. Valuation of trust in open networks. In Computer Security-Esorics 94: Third European Symposium on Research in Computer Security. Springer, Brighton, United Kingdom.
  12. Buchegger, S. and Le Boudec, J. Y. 2004. A robust reputation system for P2P and mobile ad-hoc networks. In Proceedings of the Second Workshop on the Economics of Peer-to-Peer Systems.
  13. Castro, M., Druschel, P., Ganesh, A., Rowstron, A., and Wallach, D. S. 2002. Secure routing for structured peer-to-peer overlay networks. SIGOPS Oper. Syst. Rev. 36, SI, 299- 314.
  14. Cheng, A. and Friedman, E. 2005. Sybilproof reputation mechanisms. In Applications, Tech- nologies, Architectures, and Protocols for Computer Communication. ACM Press New York, NY, USA, 128-132.
  15. Cheng, A. and Friedman, E. 2006. Manipulability of PageRank under Sybil strategies. In First Workshop on the Economics of Networked Systems (NetEcon06).
  16. Cormen, T., Leiserson, C., Rivest, R., and Stein, C. 2001. Introduction to Algorithms. MIT Press.
  17. Dahan, S. and Sato, M. 2007. Survey of six myths and oversights about distributed hash tables' security. In Distributed Computing Systems Workshops. ICDCSW '07. 27th International Conference on. IEEE Computer Society, Washington, DC, USA.
  18. Damiani, E., De Capitani Di Vimercati, S., Paraboschi, S., and Samarati, P. 2003. Managing and sharing servants' reputations in p2p systems. IEEE Transactions on Knowledge and Data Engineering 15, 4 (July-Aug.), 840-854.
  19. Damiani, E., di Vimercati, D. C., Paraboschi, S., Samarati, P., and Violante, F. 2002. A reputation-based approach for choosing reliable resources in peer-to-peer networks. In CCS '02: Proceedings of the 9th ACM conference on Computer and communications security. ACM Press, New York, NY, USA, 207-216.
  20. Dellarocas, C. 2003. The digitization of word-of-mouth: Promise and challenges of online feedback mechanisms. Management Science 49, 10 (October), 1407-1424.
  21. Dimitriou, T., Karame, G., and Christou, I. 2007. SuperTrust: A secure and efficient framework for handling trust in super peer networks. In Proceedings of ACM PODC 2007.
  22. Douceur, J. R. 2002. The Sybil attack. In Proceedings for the 1st International Workshop on Peer-to-Peer Systems (IPTPS). Springer Berlin / Heidelberg, 251-260.
  23. Eugster, P., Handurukande, S., Guerraoui, R., Kermarrec, A.-M., and Kouznetsov, P. 2001. Lightweight probabilistic broadcast. In The International Conference on Dependable Systems and Networks (DSN 2001).
  24. Feldman, M., Lai, K., Stoica, I., and Chuang, J. 2004. Robust incentive techniques for peer-to- peer networks. In Proceedings of the 5th ACM conference on Electronic commerce. Proceedings of the 5th ACM conference on Electronic commerce 1, 1, 102-111.
  25. Flocchini, P., Nayak, A., and Xie, M. 2007. Enhancing peer-to-peer systems through redun- dancy. Selected Areas in Communications, IEEE Journal on 25, 1 (January), 15-24.
  26. Friedman, E., Resnick, P., and Sami, R. 2007. Algorithmic Game Theory. Cambridge University Press.
  27. Friedman, E. J. and Resnick, P. 2001. The social cost of cheap pseudonyms. Economics and Management Strategy 10(2), 173-199.
  28. Guha, R., Kumar, R., Raghavan, P., and Tomkins, A. 2004. Propagation of trust and distrust. In WWW '04: Proceedings of the 13th international conference on World Wide Web. ACM Press, New York, NY, USA, 403-412.
  29. Ham, M. and Agha, G. 2005. ARA: a robust audit to prevent free-riding in P2P networks. In Peer-to-Peer Computing, 2005. P2P 2005. Fifth IEEE International Conference on. 125-132.
  30. Houser, D. and Wooders, J. 2006. Reputation in auctions: Theory, and evidence from eBay. Journal of Economics and Management Strategy 15, 2 (June), 353-369.
  31. Jøsang, A., Ismail, R., and Boyd, C. 2007. A survey of trust and reputation systems for online service provision. Decision Support Systems 43, 2 (March), 618-644.
  32. Kamvar, S. D., Schlosser, M. T., and Garcia-Molina, H. 2003. The EigenTrust algorithm for reputation management in P2P networks. In WWW '03: Proceedings of the 12th international conference on World Wide Web. ACM Press, New York, NY, USA, 640-651.
  33. Khopkar, T., Li, X., and Resnick, P. 2005. Self-selection, slipping, salvaging, slacking, and stoning: the impacts of negative feedback at eBay. In EC '05: Proceedings of the 6th ACM conference on Electronic commerce. ACM Press, New York, NY, USA, 223-231.
  34. Lai, K., Feldman, M., Stoica, I., and Chuang, J. 2003. Incentives for cooperation in peer-to- peer networks. In Workshop on Economics of Peer-to-Peer Systems.
  35. Lee, S., Sherwood, R., and Bhattacharjee, B. 2003. Cooperative peer groups in nice. In IEEE Infocom.
  36. Levien, R. 2003. Attack Resistant Trust Metrics. Ph.D. thesis, University of California at Berkeley. Draft available at http://www.levien.com/thesis/compact.pdf.
  37. Li, F. and Wu, J. 2007. Mobility reduces uncertainty in MANETs. In Proceedings of IEEE INFOCOM.
  38. Lian, Q., Zhang, Z., Yang, M., Zhao, B., Dai, Y., and Li, X. 2007. An empirical study of collusion behavior in the Maze P2P file-sharing system. In Distributed Computing Systems. ICDCS '07. 27th International Conference on. IEEE Computer Society, Washington, DC, USA.
  39. Lin, K., Lu, H., Yu, T., and Tai, C. 2005. A reputation and trust management broker frame- work for web applications. In Proceedings of the 2005 IEEE International Conference on e- Technology, e-Commerce and e-Service (EEE'05). IEEE Computer Society Washington, DC, USA, 262-269.
  40. Marti, S. and Garcia-Molina, H. 2004. Limited reputation sharing in P2P systems. In EC '04: Proceedings of the 5th ACM conference on Electronic commerce. ACM Press, New York, NY, USA, 91-101.
  41. Marti, S. and Garcia-Molina, H. 2006. Taxonomy of trust: Categorizing P2P reputation systems. Computer Networks: The International Journal of Computer and Telecommunications Networking 50, 472 -484.
  42. Matei, R., Iamnitchi, A., and Foster, P. 2002. Mapping the Gnutella network. Internet Computing, IEEE 6, 1 (Jan.-Feb.), 50-57.
  43. Michiardi, P. and Molva, R. 2002. CORE: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks. In Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security. Kluwer, B.V., Deventer, The Netherlands, The Netherlands, 107-121.
  44. Morselli, R., Katz, J., and Bhattacharjee, B. 2004. A game-theoretic framework for analyzing trust-inference protocols. In Second Workshop on the Economics of Peer-to-Peer Systems.
  45. Nandi, A., Ngan, T.-W., Singh, A., Druschel, P., and Wallach, D. S. 2005. Scrivener: Providing incentives in cooperative content distribution systems. In ACM/IFIP/USENIX 6th International Middleware Conference. Middleware 2005 1, 1 (November), 270-291.
  46. Page, L., Brin, S., Motwani, R., and Winograd, T. 1998. The PageRank citation ranking: Bringing order to the web. Tech. rep., Stanford Digital Library Technologies Project.
  47. Piatek, M., Isdal, T., Anderson, T., Krishnamurthy, A., and Venkataramani, A. 2007. Do incentives build robustness in BitTorrent? In Proceedings of the Fourth USENIX Symposium on Networked Systems Design and Implementation (NSDI).
  48. Ratnasamy, S., Francis, P., Handley, M., Karp, R., and Shenker, S. 2000. A scalable content addressable network. Tech. Rep. TR-00-010, UC Berkeley.
  49. Reed, I. S. and Solomon, G. 1960. Polynomial codes over certain finite fields. Journal of the Society for Industrial and Applied Mathematics 8, 2 (June), 300-304.
  50. Resnick, P., Kuwabara, K., Zeckhauser, R., and Friedman, E. 2000. Reputation systems. Communications of the ACM 43, 12, 45-48.
  51. Resnick, P., Zeckhauser, R., Swanson, J., and Lockwood, K. 2006. The value of reputation on eBay: A controlled experiment. Experimental Economics 9, 2 (June), 79-101.
  52. Rowstron, A. and Druschel, P. 2001. Pastry: scalable, distributed object location and rout- ing for large-scale peer-to-peer systems. IFIP/ACM International Conference on Distributed Systems Platforms (Middleware) 11, 329-350.
  53. Singh, A. and Liu, L. 2003. TrustMe: anonymous management of trust relationships in decen- tralized P2P systems. In Third International Conference on Peer-to-Peer Computing, 2003. (P2P 2003). 142-149.
  54. Song, S., Hwang, K., Zhou, R., and Kwok, Y.-K. 2005. Trusted P2P transactions with fuzzy reputation aggregation. Internet Computing, IEEE 9, 6 (Nov.-Dec.), 24-34.
  55. Srivatsa, M., Xiong, L., and Liu, L. 2005. TrustGuard: countering vulnerabilities in reputa- tion management for decentralized overlay networks. In WWW '05: Proceedings of the 14th international conference on World Wide Web. ACM Press, New York, NY, USA, 422-431.
  56. Stoica, I., Morris, R., Karger, D., Kaashoek, F., and Balakrishnan, H. 2001. Chord: A scalable peer-to-peer lookup service for internet applications. In Proceedings of the 2001 ACM SIGCOMM Conference. 149-160.
  57. Survey. 2005. E-crime watch survey. http://www.cert.org/archive/pdf/ecrimesurvey05.pdf.
  58. Suryanarayana, G. and Taylor, R. N. 2004. A survey of trust management and resource discovery technologies in peer-to-peer applications. Tech. Rep. UCI-ISR-04-6, UC Irvine. July.
  59. Walsh, K. and Sirer, E. G. 2006. Experience with an object reputation system for peer-to-peer filesharing. In Symposium on Networked System Design and Implementation (NSDI).
  60. Xiong, L. and Liu, L. 2002. Building trust in decentralized peer-to-peer electronic communities. In International Conference on Electronic Commerce Research (ICECR-5).
  61. Xiong, L. and Liu, L. 2003. A reputation-based trust model for peer-to-peer e-commerce com- munities. In IEEE Conference on Electronic Commerce.
  62. Xiong, L., Liu, L., and Ahamad, M. 2005. Countering sparsity and vulnerabilities in reputation systems. Tech. Rep. TR-2005-017-A, Emory University.
  63. Yu, B. and Singh, M. P. 2000. A social mechanism of reputation management in electronic com- munities. In Proceedings of the 4th International Workshop on Cooperative Information Agents IV, The Future of Information Agents in Cyberspace. Cooperative Information Agents 1, 1, 154-165.
  64. Yu, H., Gibbons, P., Kaminsky, M., and Xiao, F. 2008. A near-optimal social network defense against sybil attacks. In Proceedings of the 2008 IEEE Symposium on Security and Privacy.
  65. Yu, H., Kaminsky, M., Gibbons, P. B., and Flaxman, A. 2006. SybilGuard: defending against Sybil attacks via social networks. In SIGCOMM '06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications. ACM Press, New York, NY, USA, 267-278.
  66. Zage, D. J. and Nita-Rotaru, C. 2007. On the accuracy of decentralized network coordinates in adversarial networks. In CCS '07: Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM Press, New York, NY, USA.
  67. Zhao, B. Y., Kubiatowicz, J. D., and Joseph, A. D. 2001. Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Tech. Rep. UCB/CSD-01-1141, UC Berkeley. April.
  68. Zhou, R. and Hwang, K. 2006. Trust overlay networks for global reputation aggregation in P2P grid computing. In Parallel and Distributed Processing Symposium, 2006. IPDPS 2006. 20th International. 10pp.
  69. Zhou, R. and Hwang, K. 2007. PowerTrust: A robust and scalable reputation system for trusted peer-to-peer computing. Parallel and Distributed Systems, IEEE Transactions on 18, 4, 460- 473.
  70. Zimmermann, P. 1995. The official PGP user's guide. MIT Press Cambridge, MA, USA. Received September 2007; revised March 2008; accepted Month Year

Related papers

A Survey of attacks on Reputation Systems
David Zage

2007

Reputation systems provide mechanisms through which multiple parties can quantify the trust between one another. These systems seek to generate an accurate assessment in the face of unprecedented community size, while providing anonymity and resilience to malicious attacks.

View PDFchevron_right
Security of reputation systems
roslan ismail

2004

Reputation systems have the potential of improving the quality of on-line markets by identifying fraudulent users and subsequently dealing with these users can be prevented. The behaviour of participants involved in e-commerce can be recorded and then this information made available to potential transaction partners to make decisions to choose a suitable counterpart. Unfortunately current reputation systems suffer from various vulnerabilities. Solutions for many of these problems will be discussed. One of the major threats is that of unfair feedback. A large number of negative or positive feedbacks could be submitted to a particular user with the aim to either downgrade or upgrade the user's reputation. As a result the produced reputation does not reflect the user's true trustworthiness. To overcome this threat a variation of Bayesian Reputation system is proposed. The proposed scheme is based on the subjective logic framework proposed Josang et al. [65]. The impact of unfair feedback is countered through some systematic approaches proposed in the scheme. Lack of anonymity for participants leads to reluctance to provide negative feedback. A novel solution for anonymity of feedback providers is proposed to allow participants to provide negative feedback when appropriate without fear of retaliation. The solution is based on several primitive cryptographic mechanisms; e-cash, designated verifier proof and knowledge proof. In some settings it is desirable for the reputation owner to control the distribution of its own reputation and to disclose this at its discretion to the intended parties. To realize this, a solution based on a certificate mechanism is proposed. This solution allows the reputation owner to keep the certificate and to distribute its reputation while not being able to alter that information without detection. The proposed solutions cater for two modes of reputation systems: centralised and decentralised. The provision of an off-line reputation system is discussed by proposing a new solution using certificates. This is achieved through the delegation concept and a variant of digital signature schemes known as proxy signatures. v The thesis presents a security architecture of reputation systems which consists of different elements to safeguard reputation systems from malicious activities. Elements incorporated into this architecture include privacy, verifiability and availability. The architecture also introduces Bayesian approach to counter security threat posed by reputation systems. This means the proposed security architecture in the thesis is a combination of two prominent approaches, namely, Bayesian and cryptographic, to provide security for reputation systems. The proposed security architecture can be used as a basic framework for further development in identifying and incorporating required elements so that a total security solution for reputation systems can be achieved. vi Declaration The work contained in this thesis has not been previously submitted for a degree or diploma at any higher education institution. To the best of my knowledge and belief, the thesis contains no material previously published or written by another person except where due reference is made.

View PDFchevron_right
P2P Reputation Systems Credibility Analysis: Tradeoffs and Design Decisions
A. Tsalgatidou

2008 Panhellenic Conference on Informatics, 2008

Peer-to-Peer (P2P) systems are distributed selforganized systems without a controlling entity where peers need to make trust decisions regarding who they will transact with. P2P reputation systems exploit past transactional information to provide members of P2P networks with measures which will help them make such trust decisions. However, these systems are vulnerable themselves to various types of attacks which can distort their functionality and credibility. A number of defense mechanisms have been proposed to counteract specific attacks, but research lacks an exploration of how these mechanisms can be used together so as to provide the highest degree of credibility. In this paper, after presenting the basic attacks and defense mechanisms concerning P2P reputation systems, we analyze the tradeoffs between different credibility enhancing mechanisms and ways to achieve the right balances. Our aim is to help reputation systems designers to incorporate in their systems the right mechanisms or the right combinations of mechanisms against the threats of the specific reputation systems.

View PDFchevron_right
TrustDavis: A Non-Exploitable Online Reputation System
Earl Barr

2005

We present TrustDavis, an online reputation system that provides insurance against trade fraud by leveraging existing relationships between players, such as the ones present in social networks. Using TrustDavis and a simple strategy, an honest player can set an upper bound on the losses caused by any malicious collusion of players. In addition, TrustDavis incents participants to accurately rate each other, resists participants' pseudonym changes, and is inherently distributed.

View PDFchevron_right
A survey on Security Issues of Reputation Management Systems for Peer-to-Peer Networks
Chithra Selvaraj

Computer Science Review, 2012

The objective of this paper is to present a comprehensive survey of security issues in Reputation based Trust Management system (RTMS) also known in short as Reputation Management Systems for P2P networks. The wide adoption of P2P computing has enhanced content publishing, pervasive information collection, streaming of real-time sensed data and information sharing on an enormous global scale. At the same time, the open and anonymous nature of P2P makes it vulnerable to malicious attacks and the spread of malware. In this paper, we discuss in detail the different security attacks on P2P systems and have categorized them as network-related and peer-related attacks. RTMS helps to establish and evaluate Trust, which is the degree of belief that is established to prove that the right user is accessing the right resource. We have explained the different Trust Management schemes used in P2P networks and have compared them on the basis of trust establishment, security features, trust evaluation and weakness. We have surveyed the RTMSs currently in use and have compared them on the basis of reputation collection, aggregation, computation, storage and degree of centralization of reputation computation and management. We also present a comparison of protection provided by RTMs against the various security attacks discussed. Open research issues and challenges that have yet to be addressed in the design of current RTMs have been presented in detail. This survey can be used as a reference guide to understand Trust Management and RTMS for P2P networks and to further research in RTMSs to make them efficient, reliable and scalable to enable and promote the utilization of P2P systems for large communities and applications. c

View PDFchevron_right

Related topics

  • Computer Science
  • Design
  • Computer Security
  • Reputation System
  • Adversarial System
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved