A Survey on Trust Computation in the Internet of Things

Internet of Things defines a large number of diverse entities and services which interconnect with each other and individually or cooperatively operate depending on context, conditions and environments, produce a huge personal and sensitive data. In this scenario, the satisfaction of privacy, security and trust plays a critical role in the success of the Internet of Things. Trust here can be considered as a key property to establish trustworthy and seamless connectivity among entities and to guarantee secure services and applications. The aim of this study is to provide a survey on various trust computation strategies and identify future trends in the field. We discuss trust computation methods under several aspects and provide comparison of the approaches based on trust features, performance, advantages, weaknesses and limitations of each strategy. Finally the research discuss on the gap of the trust literature and raise some research directions in trust computation in the Internet of Things

Towards sender accountability on email infrastructure using sender identity and reputation management

Email Infrastructure has grown exponentially, since the early days of ARPANET, to support millions of users. However, the extensive adoption of the original open design has led to security implications. As claimed in recent statistics, about 95% of the emails are unsolicited and place phishing losses at $500 million. Even though, current email-filtering technologies weed out most of the incoming spam, there is a need to hold senders accountable for their email behavior. Without sender accountability, there is no way to hold senders responsible for their online email behavior. Holding senders accountable helps identify senders who propagate spam, and possibly reduce the spam transmitted. Holding a sender accountable for the sender’s online activity requires: first, the sender’s identification; and second, maintenance of its historical email activity. Today, widely deployed sender identity techniques counteract email spoofing by authenticating the sender's email server to the receiver organizations. Unfortunately, these techniques are not as effective as originally intended as: a) the senders create their own identity; b) spam-propagating senders have adopted these technologies. Knowledge of the sender's identity alone does not guarantee its adherence to email best practices. Towards establishing sender accountability, this dissertation proposes RepuScore, a collaborative reputation framework that allows participating receiver organizations to share sender's behavioral patterns. In addition, this dissertation also explores Privilege Messaging (P-Messaging) framework, a fine-granular sender- authorization framework where each sender holds a set of credentials (privileges) to send an email; the receivers verify the attached credentials before accepting the emails. P- Messaging attempts to maintain trust among organizations with the help of a central authority, which periodically verifies the participating organization's adherence to good email practices. To create a long-standing history, participating organizations locally collect information about the senders - from users or existing spam classification mechanisms that are submitted to a central RepuScore authority - to compute a global reputation summary. This dissertation discusses the distributed architecture and the algorithms designed to compute reputation based on the sender's a) spam rate (RepuScore) or b) spam rate and email volume (Volume-Enhanced RepuScore). Additionally, the dissertation shares findings from experiments based on a RepuScore prototype using a) simulation logs; and b) deployed SpamAssassin plug-in since 10/9/2007 at three organizations. Based on the deployment, reputation for about 90,000 sender identities and about 12 million IP addresses as of Feb 2009 have been computed. We note that email classification using RepuScore is 97.8% accurate. Finally, this dissertation discusses future directions for Distributed RepuScore that allows organizations to maintain their personal reputation view to be shared among trusted peers. Distributed RepuScore enables a global reputation view while holding senders accountable at each organization instead of deploying it at a central authority

Preference Uncertainty and Trust in Decision Making

A fuzzy approach for handling uncertain preferences is developed within the paradigm of the Graph Model for Conflict Resolution and new advances in trust modeling and assessment are put forward for permitting decision makers (DMs) to decide with whom to cooperate and trust in order to move from a potential resolution to a more preferred one that is not attainable on an individual basis. The applicability and the usefulness of the fuzzy preference and trust research for giving an enhanced strategic understanding about a dispute and its possible resolution are demonstrated by employing a realworld environmental conflict as well as two generic games that represent a wide range of real life encounters dealing with trust and cooperation dilemmas. The introduction of the uncertain preference representation extends the applicability of the Graph Model for Conflict Resolution to handle conflicts with missing or incomplete preference information. Assessing the presence of trust will help to compensate for the missing information and bridge the gap between a desired outcome and a feared betrayal. These advances in the areas of uncertain preferences and trust have potential applications in engineering decision making, electronic commerce, multiagent systems, international trade and many other areas where conflict is present. In order to model a conflict, it is assumed that the decision makers, options, and the preferences of the decision makers over possible states are known. However, it is often the case that the preferences are not known for certain. This could be due to lack of information, impreciseness, or misinformation intentionally supplied by a competitor. Fuzzy logic is applied to handle this type of information. In particular, it allows a decision maker to express preferences using linguistic terms rather than exact values. It also makes use of data intervals rather than crisp values which could accommodate minor shifts in values without drastically changing the overall results. The four solution concepts of Nash, general metarationality, symmetric metarationality, and sequential stability for determining stability and potential resolutions to a conflict, are extended to accommodate the new fuzzy preference representation. The newly proposed solution concepts are designed to work for two and more than two decision maker cases. Hypothetical and real life conflicts are used to demonstrate the applicability of this newly proposed procedure. Upon reaching a conflict resolution, it might be in the best interests of some of the decision makers to cooperate and form a coalition to move from the current resolution to a better one that is not achievable on an individual basis. This may require moving to an intermediate state or states which may be less preferred by some of the coalition members while being more preferred by others compared to the original or the final state. When the move is irreversible, which is the case in most real life situations, this requires the existence of a minimum level of trust to remove any fears of betrayal. The development of trust modeling and assessment techniques, allows decision makers to decide with whom to cooperate and trust. Illustrative examples are developed to show how this modeling works in practice. The new theoretical developments presented in this research enhance the applicability of the Graph Model for Conflict Resolution. The proposed trust modeling allows a reasonable way of analyzing and predicting the formation of coalitions in conflict analysis and cooperative game theory. It also opens doors for further research and developments in trust modeling in areas such as electronic commerce and multiagent systems

Trust Evaluation in the IoT Environment

Along with the many benefits of IoT, its heterogeneity brings a new challenge to establish a trustworthy environment among the objects due to the absence of proper enforcement mechanisms. Further, it can be observed that often these encounters are addressed only concerning the security and privacy matters involved. However, such common network security measures are not adequate to preserve the integrity of information and services exchanged over the internet. Hence, they remain vulnerable to threats ranging from the risks of data management at the cyber-physical layers, to the potential discrimination at the social layer. Therefore, trust in IoT can be considered as a key property to enforce trust among objects to guarantee trustworthy services. Typically, trust revolves around assurance and confidence that people, data, entities, information, or processes will function or behave in expected ways. However, trust enforcement in an artificial society like IoT is far more difficult, as the things do not have an inherited judgmental ability to assess risks and other influencing factors to evaluate trust as humans do. Hence, it is important to quantify the perception of trust such that it can be understood by the artificial agents. In computer science, trust is considered as a computational value depicted by a relationship between trustor and trustee, described in a specific context, measured by trust metrics, and evaluated by a mechanism. Several mechanisms about trust evaluation can be found in the literature. Among them, most of the work has deviated towards security and privacy issues instead of considering the universal meaning of trust and its dynamic nature. Furthermore, they lack a proper trust evaluation model and management platform that addresses all aspects of trust establishment. Hence, it is almost impossible to bring all these solutions to one place and develop a common platform that resolves end-to-end trust issues in a digital environment. Therefore, this thesis takes an attempt to fill these spaces through the following research work. First, this work proposes concrete definitions to formally identify trust as a computational concept and its characteristics. Next, a well-defined trust evaluation model is proposed to identify, evaluate and create trust relationships among objects for calculating trust. Then a trust management platform is presented identifying the major tasks of trust enforcement process including trust data collection, trust data management, trust information analysis, dissemination of trust information and trust information lifecycle management. Next, the thesis proposes several approaches to assess trust attributes and thereby the trust metrics of the above model for trust evaluation. Further, to minimize dependencies with human interactions in evaluating trust, an adaptive trust evaluation model is presented based on the machine learning techniques. From a standardization point of view, the scope of the current standards on network security and cybersecurity needs to be expanded to take trust issues into consideration. Hence, this thesis has provided several inputs towards standardization on trust, including a computational definition of trust, a trust evaluation model targeting both object and data trust, and platform to manage the trust evaluation process

Evaluation of Trust in the Internet Of Things: Models, Mechanisms And Applications

In the blooming era of the Internet of Things (IoT), trust has become a vital factor for provisioning reliable smart services without human intervention by reducing risk in autonomous decision making. However, the merging of physical objects, cyber components and humans in the IoT infrastructure has introduced new concerns for the evaluation of trust. Consequently, a large number of trust-related challenges have been unsolved yet due to the ambiguity of the concept of trust and the variety of divergent trust models and management mechanisms in different IoT scenarios. In this PhD thesis, my ultimate goal is to propose an efficient and practical trust evaluation mechanisms for any two entities in the IoT. To achieve this goal, the first important objective is to augment the generic trust concept and provide a conceptual model of trust in order to come up with a comprehensive understanding of trust, influencing factors and possible Trust Indicators (TI) in the context of IoT. Following the catalyst, as the second objective, a trust model called REK comprised of the triad Reputation, Experience and Knowledge TIs is proposed which covers multi-dimensional aspects of trust by incorporating heterogeneous information from direct observation, personal experiences to global opinions. The mathematical models and evaluation mechanisms for the three TIs in the REK trust model are proposed. Knowledge TI is as “direct trust” rendering a trustor’s understanding of a trustee in respective scenarios that can be obtained based on limited available information about characteristics of the trustee, environment and the trustor’s perspective using a variety of techniques. Experience and Reputation TIs are originated from social features and extracted based on previous interactions among entities in IoT. The mathematical models and calculation mechanisms for the Experience and Reputation TIs also proposed leveraging sociological behaviours of humans in the real-world; and being inspired by the Google PageRank in the web-ranking area, respectively. The REK Trust Model is also applied in variety of IoT scenarios such as Mobile Crowd-Sensing (MCS), Car Sharing service, Data Sharing and Exchange platform in Smart Cities and in Vehicular Networks; and for empowering Blockchain-based systems. The feasibility and effectiveness of the REK model and associated evaluation mechanisms are proved not only by the theoretical analysis but also by real-world applications deployed in our ongoing TII and Wise-IoT projects

Personalized Reputation Management in P2P Networks

P2P networks have become increasingly popular in the recent years