1 / 20

Reputation Based Trust

Reputation Based Trust. The using of reputation to accomplish trust between users on the Internet. M.Volo šin, R.Gore, Ibe2roč. PF UPJŠ, Košice, Slovakia. Contents. What is Reputation Based Trust Various systems for Reputation Based Trust on Internet Human driven environments

shina
Download Presentation

Reputation Based Trust

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reputation Based Trust The using of reputation to accomplish trust between users on the Internet M.Vološin, R.Gore, Ibe2roč. PF UPJŠ, Košice, Slovakia

  2. Contents • What is Reputation Based Trust • Various systems for Reputation Based Trust on Internet • Human driven environments • Auctions systems • Ebay • Amazon Auctions • Yahoo Auctions (retired from June 2007) • “Expert Sites” like www.Allexperts.com • Reviews sites like www.Epinions.com • Other … • Automated environments • P2P networks • Computing markets and grids (One such system we describe here in detail)

  3. What is Reputation Based Trust? • Anonymity on the Internet Viruses • Why we trust our friends • Name + recorded past activities available and visible for everybody = Reputation Based Trust

  4. Ebay • How to sell goods somebody from Australia? How to make it secure? • Feedback forum on Ebay • Ebay is Auction system • Bussiness on Ebay

  5. Reputation Based Trust in Automated Environments • P2P networks • Distributed computation markets

  6. Distributed Computation Markets • The Servers provides service – complicated time-consuming computations And the Clients pay for this. • How to trust a server that it has least-costly, fastest service, how it advertised? • How to ensure that Server performed all work and didn't give fake results? • Solution: Proof by computation ”ringers” and “threshold witnessing” mechanism

  7. Step 1 – Witness selection • Step 2 – B sends service request • Step 3 – Server selection process • Step 4 – Executing of computation • Step 5 – Returning the execution proofs and computation result • Step 6 – Signing new rating by witnesses

  8. Securing reputation mechanism in computing markets

  9. Witnessing details

  10. Building blocks • Rating Store management • Every participant stores the most recent data for every other participant • Reputation value can be created or changed only if at least c+1 participants agree. • Witness Selection • B select 2c+1 witnesses randomly • creates a multicast channel for the witnesses • sends the (signed) job description: f, the set of input values{x1...xa}, the maximum time B is willing to wait for job completion, the maximum amount B is willing to pay for the computation

  11. Server Selection • The 2c+1 witnesses selects the most suitable service provider (A) • A is added to the witness multicast group. • One of the witnesses multicasts the job description received from B. • Threshold Witnessing • Ringer Generation– • Each witness (Wj) selects one random value xz from the input set specified by B in the job description and computes a ringer rj = H(f(xz)) • Wj sends SWj(H(Id(Wj); sid; rj)), its identifier, sid, the ringer, together with the signed digest and Wj's public key certifcate to A • A waits to receive 2c+1 valid messages • A sends a multicast message to all the witnesses with concatenation of all the signed ringers received • The witnesse, inquire the remaining witnesses for their ringers.

  12. Revealing the Ringers • A performs the computation and reveals the input values xz hidden in the 2c+1 ringers • A creates a single message containing Swj (H(Id(Wj); sid; rj)) and SA(H(Id(A); sid; z)), for j = 1...2c+1. There also are the results of the computation, f(x1),...,f(xA), along with its signed digest. • Each witness Wj verifies the correctness of only its own ringer • If any witness Wj discovers that rj <> H(f(xz)), Wj sends a multicast message to all the other witnesses revealing this fact • The witnesses are able to verify the claim by computing the correct answer to Wj's ringer and compare it with the answer sent back by Alice

  13. Signature Generation • each witness Wj is able to compute A's new rating • Each Wj then generates a verifiable signature share of A's new reputation • Wj sends this value, its certified verification key VKj and A's new rating in clear, to all the other witnesses, using the group's multicast channel • Each witness waits to receive c correct signature shares for the same new reputation of A as the one generated by itself. • each witness is able to generate the signed new rating of A locally • Reputation Distribution • The results of the computation are returned to B and the new reputation of A is distributed (by the first witness is in charge on the broadcast channel to all the participants in the system) • Note that a witness cannot simply send an incorrect reputation since it will be easily detected • Punishing Malicious Witnesses

  14. Securing reputation mechanism in computing markets

  15. Witnessing details

  16. Possible attacks? • Bad-mouthing (incorrect negative feedback) • Ballot-stuffing (un-earned positive feedback) • Lazy behavior • Improvement: adding fake ringers • Sybil Attacks • Mobile Virus Attacks

  17. Conclusions With reputation based trust we can make Internet more secure and usable in more areas of our activities. Thank you.

More Related