Adaptive trust and reputation system as a security service in group communications

Group communications has been facilitating many emerging applications which require packet delivery from one or more sender(s) to multiple receivers. Owing to the multicasting and broadcasting nature, group communications are susceptible to various kinds of attacks. Though a number of proposals have been reported to secure group communications, provisioning security in group communications remains a critical and challenging issue. This work first presents a survey on recent advances in security requirements and services in group communications in wireless and wired networks, and discusses challenges in designing secure group communications in these networks. Effective security services to secure group communications are then proposed. This dissertation also introduces the taxonomy of security services, which can be applied to secure group communications, and evaluates existing secure group communications schemes. This dissertation work analyzes a number of vulnerabilities against trust and reputation systems, and proposes a threat model to predict attack behaviors. This work also considers scenarios in which multiple attacking agents actively and collaboratively attack the whole network as well as a specific individual node. The behaviors may be related to both performance issues and security issues. Finally, this work extensively examines and substantiates the security of the proposed trust and reputation system. This work next discusses the proposed trust and reputation system for an anonymous network, referred to as the Adaptive Trust-based Anonymous Network (ATAN). The distributed and decentralized network management in ATAN does not require a central authority so that ATAN alleviates the problem of a single point of failure. In ATAN, the trust and reputation system aims to enhance anonymity by establishing a trust and reputation relationship between the source and the forwarding members. The trust and reputation relationship of any two nodes is adaptive to new information learned by these two nodes or recommended from other trust nodes. Therefore, packets are anonymously routed from the \u27trusted\u27 source to the destination through \u27trusted\u27 intermediate nodes, thereby improving anonymity of communications. In the performance analysis, the ratio of the ATAN header and data payload is around 0.1, which is relatively small. This dissertation offers analysis on security services on group communications. It illustrates that these security services are needed to incorporate with each other such that group communications can be secure. Furthermore, the adaptive trust and reputation system is proposed to integrate the concept of trust and reputation into communications. Although deploying the trust and reputation system incurs some overheads in terms of storage spaces, bandwidth and computation cycles, it shows a very promising performance that enhance users\u27 confidence in using group communications, and concludes that the trust and reputation system should be deployed as another layer of security services to protect group communications against malicious adversaries and attacks

A Graph-Based Approach to Address Trust and Reputation in Ubiquitous Networks

The increasing popularity of virtual computing environments such as Cloud and Grid computing is helping to drive the realization of ubiquitous and pervasive computing. However, as computing becomes more entrenched in everyday life, the concepts of trust and risk become increasingly important. In this paper, we propose a new graph-based theoretical approach to address trust and reputation in complex ubiquitous networks. We formulate trust as a function of quality of a task and time required to authenticate agent-to-agent relationship based on the Zero-Common Knowledge (ZCK) authentication scheme. This initial representation applies a graph theory concept, accompanied by a mathematical formulation of trust metrics. The approach we propose increases awareness and trustworthiness to agents based on the values estimated for each requested task, we conclude by stating our plans for future work in this area

Rational Trust Modeling

Trust models are widely used in various computer science disciplines. The main purpose of a trust model is to continuously measure trustworthiness of a set of entities based on their behaviors. In this article, the novel notion of "rational trust modeling" is introduced by bridging trust management and game theory. Note that trust models/reputation systems have been used in game theory (e.g., repeated games) for a long time, however, game theory has not been utilized in the process of trust model construction; this is where the novelty of our approach comes from. In our proposed setting, the designer of a trust model assumes that the players who intend to utilize the model are rational/selfish, i.e., they decide to become trustworthy or untrustworthy based on the utility that they can gain. In other words, the players are incentivized (or penalized) by the model itself to act properly. The problem of trust management can be then approached by game theoretical analyses and solution concepts such as Nash equilibrium. Although rationality might be built-in in some existing trust models, we intend to formalize the notion of rational trust modeling from the designer's perspective. This approach will result in two fascinating outcomes. First of all, the designer of a trust model can incentivise trustworthiness in the first place by incorporating proper parameters into the trust function, which can be later utilized among selfish players in strategic trust-based interactions (e.g., e-commerce scenarios). Furthermore, using a rational trust model, we can prevent many well-known attacks on trust models. These two prominent properties also help us to predict behavior of the players in subsequent steps by game theoretical analyses

Software acquisition: a business strategy analysis

The paper argues that there are new insights to be gained from a strategic analysis of requirements engineering. The paper is motivated by a simple question: what does it take to be a world class software acquirer? The question has relevance for requirements engineers because for many organisations market pressures mean that software is commonly acquired rather than developed from scratch. The paper builds on the work of C. H. Fine (1998) who suggests that product, process and supply chain should be designed together, i.e., 3D concurrent engineering. Using a number of reference theories, it proposes a systematic way of carrying out 3D concurrent engineering. The paper concludes that the critical activity in supply chain design is the design of the distribution of skills and the nature of contract

Evaluating trust in electronic commerce : a study based on the information provided on merchants' websites

Lack of trust has been identified as a major problem hampering the growth of Electronic Commerce (EC). It is reported by many studies that a large number of online shoppers abandon their transactions because they do not trust the website when they are asked to provide personal information. To support trust, we developed an information framework model based on research on EC trust. The model is based on the information a consumer expects to find on an EC website and that is shown from the literature to increase his/her trust towards online merchants. An information extraction system is then developed to help the user find this information. In this paper, we present the development of the information extraction system and its evaluation. This is then followed by a study looking at the use of the identified variables on a sample of EC websites

Reputation Agent: Prompting Fair Reviews in Gig Markets

Our study presents a new tool, Reputation Agent, to promote fairer reviews from requesters (employers or customers) on gig markets. Unfair reviews, created when requesters consider factors outside of a worker's control, are known to plague gig workers and can result in lost job opportunities and even termination from the marketplace. Our tool leverages machine learning to implement an intelligent interface that: (1) uses deep learning to automatically detect when an individual has included unfair factors into her review (factors outside the worker's control per the policies of the market); and (2) prompts the individual to reconsider her review if she has incorporated unfair factors. To study the effectiveness of Reputation Agent, we conducted a controlled experiment over different gig markets. Our experiment illustrates that across markets, Reputation Agent, in contrast with traditional approaches, motivates requesters to review gig workers' performance more fairly. We discuss how tools that bring more transparency to employers about the policies of a gig market can help build empathy thus resulting in reasoned discussions around potential injustices towards workers generated by these interfaces. Our vision is that with tools that promote truth and transparency we can bring fairer treatment to gig workers.Comment: 12 pages, 5 figures, The Web Conference 2020, ACM WWW 202

The mechanics of trust: a framework for research and design

With an increasing number of technologies supporting transactions over distance and replacing traditional forms of interaction, designing for trust in mediated interactions has become a key concern for researchers in human computer interaction (HCI). While much of this research focuses on increasing users’ trust, we present a framework that shifts the perspective towards factors that support trustworthy behavior. In a second step, we analyze how the presence of these factors can be signalled. We argue that it is essential to take a systemic perspective for enabling well-placed trust and trustworthy behavior in the long term. For our analysis we draw on relevant research from sociology, economics, and psychology, as well as HCI. We identify contextual properties (motivation based on temporal, social, and institutional embeddedness) and the actor's intrinsic properties (ability, and motivation based on internalized norms and benevolence) that form the basis of trustworthy behavior. Our analysis provides a frame of reference for the design of studies on trust in technology-mediated interactions, as well as a guide for identifying trust requirements in design processes. We demonstrate the application of the framework in three scenarios: call centre interactions, B2C e-commerce, and voice-enabled on-line gaming