The trust management framework for peer-to-peer networks

Popularity of peer-to-peer (P2P) networks exposed a number of security vulnerabilities. Among those is a problem of finding reliable communication partners. In this thesis, we present an integrated trust framework for peer-to-peer networks that quantifies the trustworthiness of a peer via reputation-based trust mechanism and anomaly detection techniques. As opposed to other known techniques in P2P networks, our trust management schema is fully decentralized and does not rely on the co-operation of peers. Furthermore, the reputation computation is based on traffic coming from other peers. We also describe an anomaly detection procedure that analyses peer activity on the network and flags potentially malicious behavior by detecting deviation from peer profile. We present integration of our anomaly detection to trust management scheme and study the performance of reputation-based approach using implementation and performance of trust framework through simulation

An Evaluation Framework for Reputation Management Systems

Reputation management (RM) is employed in distributed and peer-to-peer networks to help users compute a measure of trust in other users based on initial belief, observed behavior, and run-time feedback. These trust values influence how, or with whom, a user will interact. Existing literature on RM focuses primarily on algorithm development, not comparative analysis. To remedy this, we propose an evaluation framework based on the trace-simulator paradigm. Trace file generation emulates a variety of network configurations, and particular attention is given to modeling malicious user behavior. Simulation is trace-based and incremental trust calculation techniques are developed to allow experimentation with networks of substantial size. The described framework is available as open source so that researchers can evaluate the effectiveness of other reputation management techniques and/or extend functionality. This chapter reports on our framework’s design decisions. Our goal being to build a general-purpose simulator, we have the opportunity to characterize the breadth of existing RM systems. Further, we demonstrate our tool using two reputation algorithms (EigenTrust and a modified TNA-SL) under varied network conditions. Our analysis permits us to make claims about the algorithms’ comparative merits. We conclude that such systems, assuming their distribution is secure, are highly effective at managing trust, even against adversarial collectives

Towards sender accountability on email infrastructure using sender identity and reputation management

Email Infrastructure has grown exponentially, since the early days of ARPANET, to support millions of users. However, the extensive adoption of the original open design has led to security implications. As claimed in recent statistics, about 95% of the emails are unsolicited and place phishing losses at $500 million. Even though, current email-filtering technologies weed out most of the incoming spam, there is a need to hold senders accountable for their email behavior. Without sender accountability, there is no way to hold senders responsible for their online email behavior. Holding senders accountable helps identify senders who propagate spam, and possibly reduce the spam transmitted. Holding a sender accountable for the sender’s online activity requires: first, the sender’s identification; and second, maintenance of its historical email activity. Today, widely deployed sender identity techniques counteract email spoofing by authenticating the sender's email server to the receiver organizations. Unfortunately, these techniques are not as effective as originally intended as: a) the senders create their own identity; b) spam-propagating senders have adopted these technologies. Knowledge of the sender's identity alone does not guarantee its adherence to email best practices. Towards establishing sender accountability, this dissertation proposes RepuScore, a collaborative reputation framework that allows participating receiver organizations to share sender's behavioral patterns. In addition, this dissertation also explores Privilege Messaging (P-Messaging) framework, a fine-granular sender- authorization framework where each sender holds a set of credentials (privileges) to send an email; the receivers verify the attached credentials before accepting the emails. P- Messaging attempts to maintain trust among organizations with the help of a central authority, which periodically verifies the participating organization's adherence to good email practices. To create a long-standing history, participating organizations locally collect information about the senders - from users or existing spam classification mechanisms that are submitted to a central RepuScore authority - to compute a global reputation summary. This dissertation discusses the distributed architecture and the algorithms designed to compute reputation based on the sender's a) spam rate (RepuScore) or b) spam rate and email volume (Volume-Enhanced RepuScore). Additionally, the dissertation shares findings from experiments based on a RepuScore prototype using a) simulation logs; and b) deployed SpamAssassin plug-in since 10/9/2007 at three organizations. Based on the deployment, reputation for about 90,000 sender identities and about 12 million IP addresses as of Feb 2009 have been computed. We note that email classification using RepuScore is 97.8% accurate. Finally, this dissertation discusses future directions for Distributed RepuScore that allows organizations to maintain their personal reputation view to be shared among trusted peers. Distributed RepuScore enables a global reputation view while holding senders accountable at each organization instead of deploying it at a central authority

Reputation-based Trust Management in Peer-to-Peer File Sharing Systems

Trust is required in file sharing peer-to-peer (P2P) systems to achieve better cooperation among peers and reduce malicious uploads. In reputation-based P2P systems, reputation is used to build trust among peers based on their past transactions and feedbacks from other peers. In these systems, reputable peers will usually be selected to upload requested files, decreasing significantly malicious uploads in the system. This thesis surveys different reputation management systems with a focus on reputation based P2P systems. We breakdown a typical reputation system into functional components. We discuss each component and present proposed solutions from the literature. Different reputation-based systems are described and analyzed. Each proposed scheme presents a particular perspective in addressing peers’ reputation. This thesis also presents a novel trust management framework and associated schemes for partially decentralized file sharing P2P systems. We address trust according to three identified dimensions: Authentic Behavior, Credibility Behavior and Contribution Behavior. Within our trust management framework, we proposed several algorithms for reputation management. In particular, we proposed algorithms to detect malicious peers that send inauthentic files, and liar peers that send wrong feedbacks. Reputable peers need to be motivated to upload authentic files by increasing the benefits received from the system. In addition, free riders need to contribute positively to the system. These peers are consuming resources without uploading to others. To provide the right incentives for peers, we develop a novel service differentiation scheme based on peers’ contribution rather than peers’ reputation. The proposed scheme protects the system against free-riders and malicious peers and reduces the service provided to them. In this thesis, we also propose a novel recommender framework for partially decentralized file sharing P2P systems. We take advantage from the partial search process used in these systems to explore the relationships between peers. The proposed recommender system does not require any additional effort from the users since implicit rating is used. The recommender system also does not suffer from the problems that affect traditional collaborative filtering schemes like the Cold start, the Data sparseness and the Popularity effect. Over all, our unified approach to trust management and recommendations allows for better system health and increased user satisfaction

Effective Use of Reputation in Peer-to-Peer Environments

Peer-to-peer environments have become popular as a framework for exchange of services. In these environments, certain peers may fail to provide their services. Reputation can be a proper means of discovering low-performing peers, without affecting significantly inherent characteristics of Peer-to-Peer environments, such as anonymity and privacy. However, the accurate calculation of the reputation metrics may not be sufficient to provide the right incentives to peers. In this paper, we show that the straightforward approach for peers to exploit the reputation metrics (i.e. by just selecting as a providing peer the one with the highest reputation) may lead to unexpectedly low efficiency for high-performing peers. We argue and justify experimentally that the calculation of the reputation values has to be complemented by reputation-based policies that define the pairs of peers eligible to interact. We introduce two orthogonal dimensions constituting the reputationbased policies: “provider selection ” and “contention resolution”. We argue and show by means of simulation experiments that both these dimensions have a significant impact to the achieved efficiency of the peers. We also investigate experimentally the achievable efficiency of specific reputation-based policies for the case of short-lived peers of two different fixed-strategy types. Finally, we deal with the efficient computation of the reputation value by means of aggregation of the ratings ’ feedback provided by the peers. We propose that this can be accomplished by aggregating only a small randomly selected subset of this feedback. Simulation experiments indicate that this approach indeed leads to the fast and accurate calculation of the reputation values even if the peer-topeer population is renewed with a high rate. 1