REPUTATION MANAGEMENT IN DECENTRALIZED NETWORKS

1
REPUTATION MANAGEMENT IN DECENTRALIZED NETWORKS

• MAJOR AREA EXAMINATION
• GAYATRI SWAMYNATHAN
• Committee Dr. Kevin Almeroth (chair), Dr. Ben
  Zhao, Dr. Rich Wolski
• March 9th, 2005

2
Electronic communities

• Growing popularity of electronic communities
• Centralized systems web marketplaces, e.g. eBay

• Decentralized systems
• P2P file sharing systems

3
Decentralized Systems

• An environment offering opportunities and threats
• System is vulnerable to attacks from greedy and
  malicious peers
• Distrust runs high!

4
Major Area Focus

• Need for trust mechanisms
• To assess trustworthiness of peers and the
  content
• To deter malicious behavior

• Use of reputation to build trust
• By content assurance and peer reliability,
  reputation systems help secure decentralized
  networks

5
Outline

• Background
• Reputation management
• Framework
• Design aspects and related research
• Future directions

6
Outline

• Background
• The role of reputation
• A reputation system
• Reputation management
• Framework
• Design aspects and related research
• Future directions

7
The Role of Reputation

• Real world transactions personal and corporate
  reputations
• Reputation is an assumption that past behavior is
  indicative of future behavior
• Higher the online reputation the more
  trustworthy the entity
• eBays Feedback Forum1

1Source eBay. ebay home page, http//www.ebay.com
, 2005.
8
A Reputation System

• Helps establish mutual trust (distrust) by
  assigning a reputation to each peer
• How? Aggregate, process and disseminate
  transaction-based feedback

• Challenges1 of a reputation system
• Provide information that allows peers to
  distinguish between trustworthy and
  non-trustworthy peers
• Encourage peers to be trustworthy
• Discourage participation from those who are not

1Source P. Resnick, K. Kuwabara, R. Zeckhauser,
and E. Friedman. Reputation systems.
Communications of the ACM, 2000.
9
Outline

• Background
• Reputation management
• Framework
• Design aspects and related research
• Future directions

10
Outline

• Background
• Reputation management
• Framework
• Design aspects and related research
• Future directions

11
Reputation Management Framework

• Generation The production of reputation
• Modeling The reputation-based trust model
• Storage The storage of reputation data
• Communication The reputation exchange protocol
• Security Safeguarding reputation from attacks

12
Reputation Management

• Generation The production of reputation
• Who generates reputation? How is it generated?
  What is the context of reputation?

13
Reputation Management

• Generation The production of reputation
• Modeling The reputation-based trust model
• What is the trust model? How are individual
  ratings converted to a reputation profile? Are
  there feedback incentives?

14
Reputation Management

• Generation The production of reputation
• Modeling The reputation-based trust model
• Storage The storage of reputation data
• How is reputation data stored? What is stored?
  Where is it stored?

15
Reputation Management

• Generation The production of reputation
• Modeling The reputation-based trust model
• Storage The storage of reputation data
• Communication The reputation exchange protocol
• How is reputation information exchanged? What
  parties are involved? What is transferred?

16
Reputation Management

• Generation The production of reputation
• Modeling The reputation-based trust model
• Storage The storage of reputation data
• Communication The reputation exchange protocol
• Security Safeguarding reputation from attacks
• What are the security threats? How to protect
  the system from unfair ratings, and colluding
  parties? Is data integrity assured?

17
Reputation Management Framework
18
Outline

• Background
• Reputation management
• Framework
• Design aspects and related research
• Future directions

19
Reputation Management Generation
20
Generation Design Aspect

• A reputation is generated by participants
  undertaking a transaction.
• Context of reputation file, peer, etc.
• Participants and roles

Reputation seeker
Reputation holder
Reputation evaluator
Service requester
Service provider
21
Generation Design Aspect

• Participants and behavior
• Honest
• Dishonest
• Dynamic personality

22
Generation Approaches

• Feedback
• Rating scales 0-10, Good, Ok, Bad
• Context of reputation
• Peer-based PeerTrust1, PRIDE, etc.
• Resource-based
• Peer and resource-based XRep2

1 Source L. Xiong and L. Liu. Peertrust
Supporting reputation-based trust for P2P
electronic communities. IEEE Trans. On KDE,
2004. 2 E. Damiani, et al. A reputation-based
approach for choosing reliable resources in P2P
networks. In Proc. of the ACM CCS, 2002.
23
Generation Approaches

• XRep1 combines peer-based and file-based
  reputations
• Advantages of file-based reputations
• Avoid cold start problem for newcomers
• Load balancing
• More persistent
• Advantages of peer-based reputations
• Blacklisting peers
• Avoid cold start for files

1 Source E. Damiani, D. C. di Vimercati, S.
Paraboschi, P. Samarati, and F. Violante. A
reputation-based approach for choosing reliable
resources in peer-to-peer networks. In Proc. of
the ACM CCS, 2002.
24
Reputation Management Modeling
25
Modeling Design Aspect

• Feedback
• Number of transactions
• Credibility of feedback
• Transaction context factor
• Size
• Time
• Incentive schemes

26
Modeling Approaches

• Modeling direct and indirect observations A - B
  - C so A-C
• Correlated trust Managing Trust, OpenPrivacy,
  EigenTrust
• Separate trust metric PeerTrust

27
Modeling Approaches

• Managing Trust1
• Complaints-based model
• Not robust to varying personalities of peers

1Source K. Aberer and Z. Despotovic. Managing
trust in a Peer-2-Peer information system. In
Proc. of the CIKM,2001
28
Modeling Approaches

• Managing Trust1
• Complaints-based model
• Not robust to varying personalities of peers
• OpenPrivacy2
• Web-of-trust style network of peer certificates
• Certificate rating, confidence value
• Node distance distrust table

1Source K. Aberer and Z. Despotovic. Managing
trust in a Peer-2-Peer information system. In
Proc. of the CIKM,2001 2 K.Burton. Design of the
openprivacy distributed reputation system.
http//www.openprivacy.org, 2002
29
Modeling Approaches

• EigenTrust1
• A trusts B, B trusts C A trusts C
• Matrix of normalized local trust and global trust
  values

1 Source S. Kamvar, M. Schlosser, and H.
Garcia-Molina. The eigentrust algorithm for
reputation management in P2P networks. In Proc.
of the Intl. WWW conference,2003.
30
Modeling Approaches

• EigenTrust1
• A trusts B, B trusts C A trusts C
• Matrix of normalized local trust and global trust
  values
• PeerTrust2
• Three basic parameters
• Feedback, number of transactions, credibility of
  feedback
• Two adaptive parameters
• Transaction context
• Community context
• Separate trust metric defined for credibility of
  feedback

1 Source S. Kamvar, M. Schlosser, and H.
Garcia-Molina. The eigentrust algorithm for
reputation management in P2P networks, 2003. 2
L. Xiong and L. Liu. Peertrust Supporting
reputation-based trust for P2P electronic
communities. IEEE Trans. On KDE, 2004.
31
Reputation Management Storage
32
Storage Approaches

• DHT-based approach
• Each peer holds trust data for multiple peers,
  and routing table
• PeerTrust, EigenTrust, Managing Trust
• Data integrity redundancy, anonymity, digital
  signatures
• Unstructured storage approach
• Certificates OpenPrivacy, RCertPX1
• Experience Repository XRep
• Data integrity digital signatures

1 Source B. Ooi, C. Liau, and K. Tan. Managing
trust in peer-to-peer systems using
reputation-based techniques. In WAIM, 2003.
33
Reputation Management Communication
34
Communication Approaches

• DHT-based approaches
• PeerTrust, EigenTrust, Managing Trust
• Search and update using query or insert messages
• Exploit communication protocol of base network
• XRep Vote polling via broadcast
• Poll messages implemented on top of Query
  messages
• Specific exchange protocols
• OpenPrivacy Repute exchange protocol (REP)

35
Reputation Management Security
36
Reputation Management Security
37
Security Challenges and Approaches

• The problem of dynamic peer personalities
• Avoid arithmetic summation schemes eBay
• Reputation fading PeerTrust
• The problem of unfair ratings
• Credibility of feedback PeerTrust
• The problem of liar farms
• PRIDE IP-based safeguard

1 Source P. Dewan and P. Dasgupta. Pride
peer-to-peer reputation infrastructure for
decentralized environments. In WWW 2004.3737
38
Security Challenges and Approaches

• The problem of collusion (bad mouthing and ballot
  stuffing)
• EigenTrust Use of pre-trusted peers
• PeerTrust Feedback similarity function
• Storage integrity
• Exchange integrity

39
Reputation Systems
EigenTrust PeerTrust PRIDE
RCert EigenTrust PeerTrust
Storage
Security
Generation
XRep
Communication
Modeling
EigenTrust OpenPrivacy
PeerTrust EigenTrust
Reputation System
Decentralized System
40
State of Current Research

• Not deployed!
• One or two design aspects considered
• Not scalable
• Portability not considered
• Security loopholes

41
Outline

• Background
• Reputation management
• Framework
• Design aspects and related research
• Future directions

42
Future Directions

• To build a reputation system that is
• Scalable and robust
• Generic system not application specific
• Flexible trust model
• Easily deployable

43
Conclusions

• Reputation-based trust mechanisms help establish
  trustworthiness of peers
• Different reputation models to detect and isolate
  malicious behavior in decentralized systems
• State of current research
• Some future directions

44
Questions?!